diff --git a/third_party/yara/YARAForge/RELEASE b/third_party/yara/YARAForge/RELEASE index 66773a4b..bf7f43ca 100644 --- a/third_party/yara/YARAForge/RELEASE +++ b/third_party/yara/YARAForge/RELEASE @@ -1 +1 @@ -20240505 +20240512 diff --git a/third_party/yara/YARAForge/yara-rules-full.yar b/third_party/yara/YARAForge/yara-rules-full.yar index d15e3e5f..2dca59b0 100644 --- a/third_party/yara/YARAForge/yara-rules-full.yar +++ b/third_party/yara/YARAForge/yara-rules-full.yar @@ -12,17 +12,17 @@ * Force Exclude Importance Level: 0 * Minimum Age (in days): 0 * Minimum Score: 40 - * Creation Date: 2024-05-05 - * Number of Rules: 11563 + * Creation Date: 2024-05-12 + * Number of Rules: 11586 * Skipped: 0 (age), 230 (quality), 4 (score), 0 (importance) */ /* * YARA Rule Set * Repository Name: ReversingLabs * Repository: https://github.com/reversinglabs/reversinglabs-yara-rules/ - * Retrieval Date: 2024-05-05 - * Git Commit: d5a78f30a1669a3dc576d45a77eeba9476795155 - * Number of Rules: 1204 + * Retrieval Date: 2024-05-12 + * Git Commit: a5d532bf2cd88e933a6745dd45880ba2c8604d71 + * Number of Rules: 1206 * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance) * * @@ -57,8 +57,8 @@ rule REVERSINGLABS_Win32_Ransomware_Kovter : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Kovter.yara#L1-L141" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Kovter.yara#L1-L141" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "3082e036b54a73ce8397cfa6e8dc2a807c587d9f17286e75af6cdbe622fae1e1" score = 75 quality = 90 @@ -199,8 +199,8 @@ rule REVERSINGLABS_Win32_Ransomware_Kangaroo : TC_DETECTION MALICIOUS MALWARE FI date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Kangaroo.yara#L1-L91" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Kangaroo.yara#L1-L91" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "1078fb3d47ad737548419e5ee66e686f705c02fea27a58c0097446547325772c" score = 75 quality = 90 @@ -283,8 +283,8 @@ rule REVERSINGLABS_Win32_Ransomware_Dearcry : TC_DETECTION MALICIOUS MALWARE FIL date = "2021-03-12" modified = "2021-03-12" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.DearCry.yara#L1-L96" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.DearCry.yara#L1-L96" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "40dde232255018e1bc0aadf2378a7a86a99327d13dda58d8ffc5bb38e164de26" score = 75 quality = 90 @@ -375,8 +375,8 @@ rule REVERSINGLABS_Win32_Ransomware_Lockbit : TC_DETECTION MALICIOUS MALWARE FIL date = "2022-03-31" modified = "2022-03-31" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.LockBit.yara#L1-L282" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.LockBit.yara#L1-L282" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "030222bd659c7e0e03858fa062067b1483aca3b7973cce19a1e7cdbb48d4405c" score = 75 quality = 90 @@ -620,8 +620,8 @@ rule REVERSINGLABS_Win32_Ransomware_Wannacry : TC_DETECTION MALICIOUS MALWARE FI date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.WannaCry.yara#L3-L135" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.WannaCry.yara#L3-L135" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "fed58b533a9f7c3eb1b3e4f8fbe1f519aab94d1c066ae6937c21876693be0eac" score = 75 quality = 90 @@ -746,8 +746,8 @@ rule REVERSINGLABS_Win32_Ransomware_Cincoo : TC_DETECTION MALICIOUS MALWARE FILE date = "2022-06-21" modified = "2022-06-21" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Cincoo.yara#L1-L78" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Cincoo.yara#L1-L78" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "6a7562cae90754ea75a9fb98ce73ebdb9acf1ad7f28f2240abe6cb592d717ca3" score = 75 quality = 90 @@ -818,8 +818,8 @@ rule REVERSINGLABS_Win32_Ransomware_Pay2Key : TC_DETECTION MALICIOUS MALWARE FIL date = "2021-04-14" modified = "2021-04-14" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Pay2Key.yara#L1-L99" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Pay2Key.yara#L1-L99" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "2497504f3afc99523cb29e51652a24f4374316d57d4baf5cde8d22e75a425585" score = 75 quality = 90 @@ -909,8 +909,8 @@ rule REVERSINGLABS_Win32_Ransomware_Dogecrypt : TC_DETECTION MALICIOUS MALWARE F date = "2021-04-28" modified = "2021-04-28" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.DogeCrypt.yara#L1-L114" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.DogeCrypt.yara#L1-L114" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "1c19862884cf1e59d12c84f5ff6f799a4087ddc8bd887e0d2ce7da053642b851" score = 75 quality = 90 @@ -1016,8 +1016,8 @@ rule REVERSINGLABS_Linux_Ransomware_Kraken : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Kraken.yara#L1-L151" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Kraken.yara#L1-L151" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "4a3867aba4dbdce5d008331a3058f57b00db246975fc4d77b79ab49d5f0bbb15" score = 75 quality = 90 @@ -1155,8 +1155,8 @@ rule REVERSINGLABS_Win32_Ransomware_Juicylemon : TC_DETECTION MALICIOUS MALWARE date = "2020-08-17" modified = "2020-08-17" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.JuicyLemon.yara#L1-L116" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.JuicyLemon.yara#L1-L116" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "596d89843793307f4940dbb85b2e7081f02250f6adfdcd01f2d3c5f2b8b90875" score = 75 quality = 90 @@ -1274,8 +1274,8 @@ rule REVERSINGLABS_Win32_Ransomware_Knot : TC_DETECTION MALICIOUS MALWARE FILE date = "2021-03-19" modified = "2021-03-19" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Knot.yara#L1-L118" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Knot.yara#L1-L118" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "a7a3e13139d68314e583ec225a5d56373a551e67d46984dcf9a228a1f7275f14" score = 75 quality = 90 @@ -1384,8 +1384,8 @@ rule REVERSINGLABS_Win32_Ransomware_Hentaioniichan : TC_DETECTION MALICIOUS MALW date = "2021-03-05" modified = "2021-03-05" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.HentaiOniichan.yara#L1-L140" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.HentaiOniichan.yara#L1-L140" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "153526e5a2f05bc8e3f77d83eefce6b4cd962ea093b6f1c0ab8fcabe8d8a7ad9" score = 75 quality = 90 @@ -1512,8 +1512,8 @@ rule REVERSINGLABS_Win32_Ransomware_Clop : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Clop.yara#L1-L109" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Clop.yara#L1-L109" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "0b63db16a4b1cae27a97d0ff9df692a63f1a11120ffac69c05a5c71fbd224007" score = 75 quality = 90 @@ -1613,8 +1613,8 @@ rule REVERSINGLABS_Win32_Ransomware_Redeemer : TC_DETECTION MALICIOUS MALWARE FI date = "2022-01-17" modified = "2022-01-17" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Redeemer.yara#L1-L105" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Redeemer.yara#L1-L105" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "28287f6620a2f7a90057d1f97947e065721119e26398fe659331dc5fe99761de" score = 75 quality = 90 @@ -1710,8 +1710,8 @@ rule REVERSINGLABS_Win32_Ransomware_Howareyou : TC_DETECTION MALICIOUS MALWARE F date = "2021-06-14" modified = "2021-06-14" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.HowAreYou.yara#L1-L205" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.HowAreYou.yara#L1-L205" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "90568365aac61d120886f9efa9822ccc23df79a1a55e522c81db6e77477c4f04" score = 75 quality = 90 @@ -1902,8 +1902,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Wildfire : TC_DETECTION MALICIOUS MA date = "2021-08-12" modified = "2021-08-12" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/ByteCode.MSIL.Ransomware.WildFire.yara#L1-L77" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/ByteCode.MSIL.Ransomware.WildFire.yara#L1-L77" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "d3be2eac7967853aae6e1317d9c22d95a3dc4b3e5bf8acbe97a7bbeabc9eab38" score = 75 quality = 90 @@ -1981,8 +1981,8 @@ rule REVERSINGLABS_Win32_Ransomware_Lechiffre : TC_DETECTION MALICIOUS MALWARE F date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.LeChiffre.yara#L1-L123" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.LeChiffre.yara#L1-L123" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "0b96f5f48700f2cba22da91187b3111946074e9cc58a502f25d7b96059a043cb" score = 75 quality = 90 @@ -2104,8 +2104,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Mcburglar : TC_DETECTION MALICIOUS M date = "2021-09-27" modified = "2021-09-27" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/ByteCode.MSIL.Ransomware.McBurglar.yara#L1-L75" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/ByteCode.MSIL.Ransomware.McBurglar.yara#L1-L75" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "57fefcdc1528fc1c8da36a431cd09774e33ea08a394ac4f8d19a27504e72676d" score = 75 quality = 90 @@ -2168,8 +2168,8 @@ rule REVERSINGLABS_Win32_Ransomware_Velso : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Velso.yara#L1-L230" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Velso.yara#L1-L230" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "602be848a26106a1bd46cfc515578f0628687e6cb352e609a274220a61bcb620" score = 75 quality = 90 @@ -2381,8 +2381,8 @@ rule REVERSINGLABS_Win64_Ransomware_Seth : TC_DETECTION MALICIOUS MALWARE FILE date = "2021-04-02" modified = "2021-04-02" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win64.Ransomware.Seth.yara#L1-L122" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win64.Ransomware.Seth.yara#L1-L122" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "72a9d902eea2381f40d42faa7f1686c4ca54d364af0cbd8711697bbc1a235646" score = 75 quality = 90 @@ -2495,8 +2495,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Policerecords : TC_DETECTION MALICIO date = "2022-08-02" modified = "2022-08-02" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/ByteCode.MSIL.Ransomware.PoliceRecords.yara#L1-L79" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/ByteCode.MSIL.Ransomware.PoliceRecords.yara#L1-L79" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "55cb1a5d030c47abb1a9ca9970fb19b3124128e409bc9515c173c33b2bb49a16" score = 75 quality = 90 @@ -2564,8 +2564,8 @@ rule REVERSINGLABS_Win32_Ransomware_Badbeeteam : TC_DETECTION MALICIOUS MALWARE date = "2020-11-13" modified = "2020-11-13" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Badbeeteam.yara#L1-L137" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Badbeeteam.yara#L1-L137" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "9b5367655c7c70958332d31524833d96d03027aab693393b19f478a80482abd0" score = 75 quality = 90 @@ -2692,8 +2692,8 @@ rule REVERSINGLABS_Win32_Ransomware_Armage : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Armage.yara#L1-L128" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Armage.yara#L1-L128" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "aa8ddcbb0fdcad15e603e000db1d4f86eae7d42efce1c1d21dc3dd57ee9f4319" score = 75 quality = 90 @@ -2811,8 +2811,8 @@ rule REVERSINGLABS_Win32_Ransomware_Gpcode : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Gpcode.yara#L1-L67" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Gpcode.yara#L1-L67" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "329309873977f73a8ebe758018ebc8ba42e15c3c7cbb9a65865631d235f5bb48" score = 75 quality = 90 @@ -2876,8 +2876,8 @@ rule REVERSINGLABS_Win32_Ransomware_Sage : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Sage.yara#L1-L77" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Sage.yara#L1-L77" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "69079b7176050096cdbaaaff30dd0359366b3a6a74e8bc17db348794388f71ba" score = 75 quality = 90 @@ -2947,8 +2947,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Moisha : TC_DETECTION MALICIOUS MALW date = "2022-10-11" modified = "2022-10-11" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/ByteCode.MSIL.Ransomware.Moisha.yara#L1-L86" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/ByteCode.MSIL.Ransomware.Moisha.yara#L1-L86" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "89cefbbb8ec722216721bb43eb14cc33fcd4671585051359a06b62236cbf3a6c" score = 75 quality = 90 @@ -3025,8 +3025,8 @@ rule REVERSINGLABS_Win32_Ransomware_Wsir : TC_DETECTION MALICIOUS MALWARE FILE date = "2022-08-02" modified = "2022-08-02" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.WsIR.yara#L1-L73" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.WsIR.yara#L1-L73" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "c22c01f93945c7721ebfe5e7a09c3bf2b9d0ad95740bc0a76b4e61741f61d82c" score = 75 quality = 90 @@ -3092,8 +3092,8 @@ rule REVERSINGLABS_Win32_Ransomware_Dualshot : TC_DETECTION MALICIOUS MALWARE FI date = "2020-11-20" modified = "2020-11-20" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Dualshot.yara#L1-L112" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Dualshot.yara#L1-L112" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "a401369357901f42ad83227b025d3b14b3acd1f50705da82afbe8e4f85501919" score = 75 quality = 90 @@ -3196,8 +3196,8 @@ rule REVERSINGLABS_Win32_Ransomware_Torrentlocker : TC_DETECTION MALICIOUS MALWA date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.TorrentLocker.yara#L1-L98" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.TorrentLocker.yara#L1-L98" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "f1aa523fa95e142b7e421286d26918e3da4bd3e268fef3f98f00820296291bfc" score = 75 quality = 90 @@ -3292,8 +3292,8 @@ rule REVERSINGLABS_Win32_Ransomware_Lorenz : TC_DETECTION MALICIOUS MALWARE FILE date = "2022-10-24" modified = "2022-10-24" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Lorenz.yara#L1-L252" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Lorenz.yara#L1-L252" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "b8668fcc560d264c37e3fbb52d5a5f1223a282abd9e984b3109efe9ab454be9f" score = 75 quality = 90 @@ -3504,8 +3504,8 @@ rule REVERSINGLABS_Win64_Ransomware_Cactus : TC_DETECTION MALICIOUS MALWARE FILE date = "2023-12-15" modified = "2023-12-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win64.Ransomware.Cactus.yara#L1-L190" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win64.Ransomware.Cactus.yara#L1-L190" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "2953b67e926cb653df0de208b098da3d5c16e6690842ab28fbf8c37cd16f54d7" score = 75 quality = 90 @@ -3679,8 +3679,8 @@ rule REVERSINGLABS_Win64_Ransomware_Antiwar : TC_DETECTION MALICIOUS MALWARE FIL date = "2022-04-21" modified = "2022-04-21" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win64.Ransomware.AntiWar.yara#L1-L146" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win64.Ransomware.AntiWar.yara#L1-L146" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "2d885f35454aaf7cb33f03c30b6681aa16cbe8353003bbae0b1e9fdecb2ff8a7" score = 75 quality = 90 @@ -3813,8 +3813,8 @@ rule REVERSINGLABS_Win32_Ransomware_Atlas : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Atlas.yara#L1-L99" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Atlas.yara#L1-L99" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "1486f931ec096a00d913de0568ddd8aa5a091256445bc28aba90e3e194ebd045" score = 75 quality = 90 @@ -3913,8 +3913,8 @@ rule REVERSINGLABS_Win32_Ransomware_Termite : TC_DETECTION MALICIOUS MALWARE FIL date = "2020-08-31" modified = "2020-08-31" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Termite.yara#L1-L151" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Termite.yara#L1-L151" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "df273de81fc58cb0bacf021ee539ec6dbfa1f1a3e13bd46519ee313595cafb4c" score = 75 quality = 90 @@ -4057,8 +4057,8 @@ rule REVERSINGLABS_Win32_Ransomware_Zoldon : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Zoldon.yara#L1-L107" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Zoldon.yara#L1-L107" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "4821b8506e7ba00987978f2744da1c532e03d73f3275cb15e39cdf87f6018223" score = 75 quality = 90 @@ -4156,8 +4156,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Zerolocker : TC_DETECTION MALICIOUS date = "2021-08-12" modified = "2021-08-12" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/ByteCode.MSIL.Ransomware.ZeroLocker.yara#L1-L70" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/ByteCode.MSIL.Ransomware.ZeroLocker.yara#L1-L70" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "147e4b390bcfaff8f05059c1d9a98b50f544fc32e820406417894fe5046e0f71" score = 75 quality = 90 @@ -4229,8 +4229,8 @@ rule REVERSINGLABS_Win32_Ransomware_Saturn : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-10-19" modified = "2020-10-19" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Saturn.yara#L1-L105" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Saturn.yara#L1-L105" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "efa748346ad8c46e654542d302e81d633a2d12f421636c477431a12a34636132" score = 75 quality = 90 @@ -4329,8 +4329,8 @@ rule REVERSINGLABS_Win32_Ransomware_Good : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Good.yara#L1-L82" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Good.yara#L1-L82" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "6737853a77a6008f9fd2141bb6b13d595f1cb7e832be944596f709e1fcdf8003" score = 75 quality = 90 @@ -4405,8 +4405,8 @@ rule REVERSINGLABS_Win32_Ransomware_Darkside : TC_DETECTION MALICIOUS MALWARE FI date = "2021-05-17" modified = "2021-05-17" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.DarkSide.yara#L1-L94" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.DarkSide.yara#L1-L94" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "128af9a1b143e4b0928dd2b243e69497be906175f44815cc5703f17cce48ec9d" score = 75 quality = 90 @@ -4489,8 +4489,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Cring : TC_DETECTION MALICIOUS MALWA date = "2021-08-12" modified = "2021-08-12" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/ByteCode.MSIL.Ransomware.Cring.yara#L1-L66" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/ByteCode.MSIL.Ransomware.Cring.yara#L1-L66" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "05cf60ad39c9dcc592345f13b63c99b153b9253297a8ad9e52e0439081d8c796" score = 75 quality = 90 @@ -4552,8 +4552,8 @@ rule REVERSINGLABS_Win32_Ransomware_Ransomexx : TC_DETECTION MALICIOUS MALWARE F date = "2020-11-26" modified = "2020-11-26" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Ransomexx.yara#L1-L147" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Ransomexx.yara#L1-L147" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "27b4132b7f16cafc40687e96a552ce59cc24ebf7679575680f170e3beee8a0a9" score = 75 quality = 90 @@ -4689,8 +4689,8 @@ rule REVERSINGLABS_Win32_Ransomware_Hydracrypt : TC_DETECTION MALICIOUS MALWARE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.HydraCrypt.yara#L1-L174" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.HydraCrypt.yara#L1-L174" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "910a6f23f06cecb8d3115ebfed42a66412dbd0d3a519e39f21df81b0c2028f48" score = 75 quality = 90 @@ -4845,8 +4845,8 @@ rule REVERSINGLABS_Win32_Ransomware_IFN643 : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.IFN643.yara#L1-L90" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.IFN643.yara#L1-L90" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "ced234018f1f05601dd3be55eaecd2a1e116ad0b7bb9e0292434f11f19916ebe" score = 75 quality = 90 @@ -4937,8 +4937,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Invert : TC_DETECTION MALICIOUS MALW date = "2021-11-11" modified = "2021-11-11" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/ByteCode.MSIL.Ransomware.Invert.yara#L1-L66" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/ByteCode.MSIL.Ransomware.Invert.yara#L1-L66" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "1608b8bbfc03b18a79752e60f211da7d7703862bc06b2ddf094074ae5efd0d14" score = 75 quality = 90 @@ -4997,8 +4997,8 @@ rule REVERSINGLABS_Win32_Ransomware_Cuba : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Cuba.yara#L1-L126" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Cuba.yara#L1-L126" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "0a8dea6e38a6407897b994ea119bc8b0712a94363b7b3942dcd32c65ee5548d4" score = 75 quality = 90 @@ -5115,8 +5115,8 @@ rule REVERSINGLABS_Win32_Ransomware_Badblock : TC_DETECTION MALICIOUS MALWARE FI date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.BadBlock.yara#L1-L100" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.BadBlock.yara#L1-L100" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "421e6a3772eeec6ef0cbb2427b7e044b450a2b2146cee2ca7d8c3a3a92918557" score = 75 quality = 90 @@ -5213,8 +5213,8 @@ rule REVERSINGLABS_Win32_Ransomware_Horsedeal : TC_DETECTION MALICIOUS MALWARE F date = "2020-10-01" modified = "2020-10-01" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Horsedeal.yara#L1-L106" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Horsedeal.yara#L1-L106" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "fa8c425b08606399b5dc7673f3898e3dba7efb6a62e56db8f500cf5072bb590b" score = 75 quality = 90 @@ -5308,8 +5308,8 @@ rule REVERSINGLABS_Win64_Ransomware_Nokoyawa : TC_DETECTION MALICIOUS MALWARE FI date = "2022-06-06" modified = "2022-06-06" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win64.Ransomware.Nokoyawa.yara#L1-L104" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win64.Ransomware.Nokoyawa.yara#L1-L104" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "85b7d93db06007d0043b1489b532410ccc700cf082b641fff8a09de2ffe9101d" score = 75 quality = 90 @@ -5405,8 +5405,8 @@ rule REVERSINGLABS_Win32_Ransomware_Guscrypter : TC_DETECTION MALICIOUS MALWARE date = "2020-11-26" modified = "2020-11-26" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.GusCrypter.yara#L1-L129" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.GusCrypter.yara#L1-L129" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "cfe6005028c0e5f5d713af2a549574203678bab2ee48acc1727702bcf91522b1" score = 75 quality = 90 @@ -5525,8 +5525,8 @@ rule REVERSINGLABS_Win32_Ransomware_Crypmic : TC_DETECTION MALICIOUS MALWARE FIL date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Crypmic.yara#L1-L56" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Crypmic.yara#L1-L56" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "ee97c4d35cee68e080a4e9e0a21ecd3698da638463881a58f5daaf906ef86f75" score = 75 quality = 90 @@ -5582,8 +5582,8 @@ rule REVERSINGLABS_Win32_Ransomware_Sarbloh : TC_DETECTION MALICIOUS MALWARE FIL date = "2021-05-21" modified = "2021-05-21" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Sarbloh.yara#L1-L88" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Sarbloh.yara#L1-L88" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "7259aa9d1fe657db220ee50f1610e6439ff61673d92f46ebc3b8cadd990f002c" score = 75 quality = 90 @@ -5666,8 +5666,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Namaste : TC_DETECTION MALICIOUS MAL date = "2021-08-12" modified = "2021-08-12" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/ByteCode.MSIL.Ransomware.Namaste.yara#L1-L81" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/ByteCode.MSIL.Ransomware.Namaste.yara#L1-L81" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "5a952276f41b5524bcb82a9ceb076983d2faf2864b3bbd0a06d49bbd5edc1e0e" score = 75 quality = 90 @@ -5742,8 +5742,8 @@ rule REVERSINGLABS_Win32_Ransomware_Cryakl : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Cryakl.yara#L1-L64" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Cryakl.yara#L1-L64" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "51d50ab1ce021e2facbca3a35af372186287a8d69b66651c9804234a409d9932" score = 75 quality = 90 @@ -5807,8 +5807,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Retis : TC_DETECTION MALICIOUS MALWA date = "2021-08-12" modified = "2021-08-12" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/ByteCode.MSIL.Ransomware.Retis.yara#L1-L74" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/ByteCode.MSIL.Ransomware.Retis.yara#L1-L74" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "3e3429041acc5730b009916efbcd35c7cfd2b2877dc1d2cf980f7fb7d399d532" score = 75 quality = 90 @@ -5878,8 +5878,8 @@ rule REVERSINGLABS_Win32_Ransomware_Delphimorix : TC_DETECTION MALICIOUS MALWARE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Delphimorix.yara#L1-L67" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Delphimorix.yara#L1-L67" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "6d401d488d57b2d75e93a1dfd47ece687a5791d1f0a52768300f4af8a8787212" score = 75 quality = 90 @@ -5942,8 +5942,8 @@ rule REVERSINGLABS_Win64_Ransomware_Awesomescott : TC_DETECTION MALICIOUS MALWAR date = "2020-09-16" modified = "2020-09-16" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win64.Ransomware.AwesomeScott.yara#L1-L101" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win64.Ransomware.AwesomeScott.yara#L1-L101" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "ed8096a4abbd015f79f4ec7239cd4070194ad70fa03da6714e499a41f9fb9423" score = 75 quality = 90 @@ -6045,8 +6045,8 @@ rule REVERSINGLABS_Win32_Ransomware_Hermes : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Hermes.yara#L1-L284" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Hermes.yara#L1-L284" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "6db95c422ee2f9dd8a1795031ee8d7d5ed84e16cde47512becc006b6a849e890" score = 75 quality = 90 @@ -6297,8 +6297,8 @@ rule REVERSINGLABS_Win32_Ransomware_Sigrun : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Sigrun.yara#L1-L111" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Sigrun.yara#L1-L111" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "ea29ec64cdfc0c714fe0acdce5878cb1302dd5aa916811121c644948ce275935" score = 75 quality = 90 @@ -6399,8 +6399,8 @@ rule REVERSINGLABS_Win32_Ransomware_Jsworm : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.JSWorm.yara#L1-L93" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.JSWorm.yara#L1-L93" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "8ba5e2f29f5f06e6e6714bbba1129862da8c3a83bf7f296818eddee2593cae38" score = 75 quality = 90 @@ -6493,8 +6493,8 @@ rule REVERSINGLABS_Win32_Ransomware_Bam2021 : TC_DETECTION MALICIOUS MALWARE FIL date = "2021-09-17" modified = "2021-09-17" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Bam2021.yara#L1-L167" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Bam2021.yara#L1-L167" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "5b717510991b78f07806e88f3dfe1c27d6ec1ec21af61a7c4f1edf7c915785d5" score = 75 quality = 90 @@ -6643,8 +6643,8 @@ rule REVERSINGLABS_Win32_Ransomware_Vhdlocker : TC_DETECTION MALICIOUS MALWARE F date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.VHDLocker.yara#L1-L152" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.VHDLocker.yara#L1-L152" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "39d1fbfc79d5ea866498bb1e40d2290469df774ce65b1da04a85c0e4e5b4493c" score = 75 quality = 90 @@ -6785,8 +6785,8 @@ rule REVERSINGLABS_Win32_Ransomware_Magniber : TC_DETECTION MALICIOUS MALWARE FI date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Magniber.yara#L1-L114" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Magniber.yara#L1-L114" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "05b516f9b466489ea3a30e2fe5eb08290e85ece7a63e29e8bbbeb81c87d0a6f1" score = 75 quality = 90 @@ -6895,8 +6895,8 @@ rule REVERSINGLABS_Win32_Ransomware_Henry : TC_DETECTION MALICIOUS MALWARE FILE date = "2021-06-14" modified = "2021-06-14" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Henry.yara#L1-L80" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Henry.yara#L1-L80" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "e6ab2a8a344d40407118e29ff78f5a0144f42a0fbdee19a80b341b59f056d292" score = 75 quality = 90 @@ -6965,8 +6965,8 @@ rule REVERSINGLABS_Win32_Ransomware_Mafia : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Mafia.yara#L1-L142" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Mafia.yara#L1-L142" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "5c17b799f0b4f1f8f72a2e4203a6606f7783ceec2034694f8a21ff65e5afdb26" score = 75 quality = 90 @@ -7097,8 +7097,8 @@ rule REVERSINGLABS_Win64_Ransomware_Hotcoffee : TC_DETECTION MALICIOUS MALWARE F date = "2021-11-25" modified = "2021-11-25" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win64.Ransomware.HotCoffee.yara#L1-L111" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win64.Ransomware.HotCoffee.yara#L1-L111" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "15ae428c37fcc5a09d324fd9be5a8df3a812e6459cb1ce8eec56eabf785b4c05" score = 75 quality = 90 @@ -7197,8 +7197,8 @@ rule REVERSINGLABS_Win64_Ransomware_Wintenzz : TC_DETECTION MALICIOUS MALWARE FI date = "2021-11-02" modified = "2021-11-02" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win64.Ransomware.Wintenzz.yara#L1-L83" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win64.Ransomware.Wintenzz.yara#L1-L83" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "ff4bdf2f6ee185b98d0014b3066806fe7e25ea94f46837948bc5262440bf8a56" score = 75 quality = 90 @@ -7273,8 +7273,8 @@ rule REVERSINGLABS_Win32_Ransomware_Blackmoon : TC_DETECTION MALICIOUS MALWARE F date = "2020-11-11" modified = "2020-11-11" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.BlackMoon.yara#L1-L70" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.BlackMoon.yara#L1-L70" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "428409096a8637978bf2a1efb3238e4ba87715a909693b0cd26c0f689d567a09" score = 75 quality = 90 @@ -7340,8 +7340,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Povlsomware : TC_DETECTION MALICIOUS date = "2021-08-12" modified = "2021-08-12" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/ByteCode.MSIL.Ransomware.Povlsomware.yara#L1-L64" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/ByteCode.MSIL.Ransomware.Povlsomware.yara#L1-L64" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "465dc1b1d7e9eb3091f36efb51029cd3383d05ece054e814b18f379e58c7e457" score = 75 quality = 90 @@ -7398,8 +7398,8 @@ rule REVERSINGLABS_Win32_Ransomware_Satan : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Satan.yara#L1-L152" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Satan.yara#L1-L152" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "0074090c2a6cc483deffdc83dc1c0bfbd150e201c27e54f998dd2c0a7660f917" score = 75 quality = 90 @@ -7542,8 +7542,8 @@ rule REVERSINGLABS_Win64_Ransomware_Whiteblackcrypt : TC_DETECTION MALICIOUS MAL date = "2021-07-05" modified = "2021-07-05" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win64.Ransomware.WhiteBlackCrypt.yara#L1-L91" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win64.Ransomware.WhiteBlackCrypt.yara#L1-L91" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "37b95cc3412f2f2d02d19c4c15b529c4f67453cb195627b5bab2f353e7602354" score = 75 quality = 90 @@ -7626,8 +7626,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Chupacabra : TC_DETECTION MALICIOUS date = "2021-10-12" modified = "2021-10-12" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/ByteCode.MSIL.Ransomware.ChupaCabra.yara#L1-L90" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/ByteCode.MSIL.Ransomware.ChupaCabra.yara#L1-L90" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "7f247778e0bd8057670abf42b2d1011ebae891ffcb21ebad50060f9a7986bf93" score = 75 quality = 90 @@ -7708,8 +7708,8 @@ rule REVERSINGLABS_Win32_Ransomware_MRAC : TC_DETECTION MALICIOUS MALWARE FILE date = "2022-02-21" modified = "2022-02-21" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.MRAC.yara#L1-L69" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.MRAC.yara#L1-L69" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "04e8364dc9c726f4bb2d3035e5b7e8dab4cae124b2f047be6f11b865fab557a7" score = 75 quality = 90 @@ -7771,8 +7771,8 @@ rule REVERSINGLABS_Win32_Ransomware_Hddcryptor : TC_DETECTION MALICIOUS MALWARE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.HDDCryptor.yara#L1-L157" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.HDDCryptor.yara#L1-L157" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "47915f315bb4956507362f56024f5632cb1bcec569ceaf77fe9d7cb9c25d1d8a" score = 75 quality = 90 @@ -7899,8 +7899,8 @@ rule REVERSINGLABS_Win64_Ransomware_Ako : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win64.Ransomware.Ako.yara#L1-L173" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win64.Ransomware.Ako.yara#L1-L173" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "8321a4ace66ae48e3a6896daf02c184fa7767fa6bd10cd83b322ad01698008cf" score = 75 quality = 90 @@ -8062,8 +8062,8 @@ rule REVERSINGLABS_Win64_Ransomware_Hermeticransom : TC_DETECTION MALICIOUS MALW date = "2022-05-13" modified = "2022-05-13" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win64.Ransomware.HermeticRansom.yara#L1-L105" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win64.Ransomware.HermeticRansom.yara#L1-L105" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "123d569a9d9b9d855b3baafd6194f102d82a594fd7a2bba073843a8654a317cb" score = 75 quality = 90 @@ -8160,8 +8160,8 @@ rule REVERSINGLABS_Win32_Ransomware_Skystars : TC_DETECTION MALICIOUS MALWARE FI date = "2020-11-20" modified = "2020-11-20" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Skystars.yara#L1-L97" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Skystars.yara#L1-L97" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "352d22183b0974908ce684725fe85b4714ac5959c3bddf093b54383195881a5a" score = 75 quality = 90 @@ -8250,8 +8250,8 @@ rule REVERSINGLABS_Win32_Ransomware_Regretlocker : TC_DETECTION MALICIOUS MALWAR date = "2021-04-02" modified = "2021-04-02" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.RegretLocker.yara#L1-L206" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.RegretLocker.yara#L1-L206" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "3927dfecacd74f60a169f82b68df5747daa90eaba77f24c5e730ce4c48d426a3" score = 75 quality = 90 @@ -8444,8 +8444,8 @@ rule REVERSINGLABS_Win32_Ransomware_Outsider : TC_DETECTION MALICIOUS MALWARE FI date = "2020-10-23" modified = "2020-10-23" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Outsider.yara#L1-L88" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Outsider.yara#L1-L88" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "80c5a93b5b72b7b66e36f1726486b0c7620588d05bd925510d76f020a40b124c" score = 75 quality = 90 @@ -8525,8 +8525,8 @@ rule REVERSINGLABS_Win32_Ransomware_Retmydata : TC_DETECTION MALICIOUS MALWARE F date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.RetMyData.yara#L1-L79" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.RetMyData.yara#L1-L79" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "54ce38d75e9ab82a77b9c338f75e180e19ac745f149289c7478a4aa3b44d70fd" score = 75 quality = 90 @@ -8598,8 +8598,8 @@ rule REVERSINGLABS_Win32_Ransomware_Techandstrat : TC_DETECTION MALICIOUS MALWAR date = "2021-05-17" modified = "2021-05-17" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.TechandStrat.yara#L1-L106" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.TechandStrat.yara#L1-L106" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "80e201cf91adeee100e05af3ba5227fc61968bb6e0ce602107ba1217a7a62856" score = 75 quality = 90 @@ -8695,8 +8695,8 @@ rule REVERSINGLABS_Win32_Ransomware_Plague17 : TC_DETECTION MALICIOUS MALWARE FI date = "2021-02-19" modified = "2021-02-19" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Plague17.yara#L1-L263" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Plague17.yara#L1-L263" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "e0e518fc83a62d70b83df273c6ba469e6f0fdf9c035126428ec7561e04437b6f" score = 75 quality = 90 @@ -8941,8 +8941,8 @@ rule REVERSINGLABS_Win32_Ransomware_Jemd : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Jemd.yara#L1-L105" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Jemd.yara#L1-L105" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "552e0fc118031e953dee2e7c6bf8234a5a90de8c34b0e2724dfe99f2b28b8c51" score = 75 quality = 90 @@ -9038,8 +9038,8 @@ rule REVERSINGLABS_Win32_Ransomware_FLKR : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.FLKR.yara#L1-L71" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.FLKR.yara#L1-L71" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "4ab00ba82baceec9899556d3a774ec08c83c10930cec194e18e3b4e16ebacb58" score = 75 quality = 90 @@ -9112,8 +9112,8 @@ rule REVERSINGLABS_Win64_Ransomware_Curator : TC_DETECTION MALICIOUS MALWARE FIL date = "2021-04-22" modified = "2021-04-22" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win64.Ransomware.Curator.yara#L1-L94" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win64.Ransomware.Curator.yara#L1-L94" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "8bd29195cea0f1194e27c48ed07c52100abb7dd3de2ef7f51a645d32c3527eb3" score = 75 quality = 90 @@ -9199,8 +9199,8 @@ rule REVERSINGLABS_Win32_Ransomware_Zerocrypt : TC_DETECTION MALICIOUS MALWARE F date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.ZeroCrypt.yara#L1-L94" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.ZeroCrypt.yara#L1-L94" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "947925206ded187eac31c5046d75ab017869ae3f8dc906f2e5536d4db219f108" score = 75 quality = 90 @@ -9296,8 +9296,8 @@ rule REVERSINGLABS_Win32_Ransomware_Winword64 : TC_DETECTION MALICIOUS MALWARE F date = "2021-02-11" modified = "2021-02-11" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.WinWord64.yara#L1-L215" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.WinWord64.yara#L1-L215" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "73d8c4f1b3bed365320b26332f1f1b49404d8e6536f3e25042f5f64e5bc09bd4" score = 75 quality = 90 @@ -9498,8 +9498,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Dusk : TC_DETECTION MALICIOUS MALWAR date = "2021-08-12" modified = "2021-08-12" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/ByteCode.MSIL.Ransomware.Dusk.yara#L1-L73" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/ByteCode.MSIL.Ransomware.Dusk.yara#L1-L73" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "b6b0b3be7c17115dc5f225a13228f8a4811d84ae095c3ceba2d89f569f2d40c7" score = 75 quality = 90 @@ -9564,8 +9564,8 @@ rule REVERSINGLABS_Win32_Ransomware_Hakunamatata : TC_DETECTION MALICIOUS MALWAR date = "2020-11-11" modified = "2020-11-11" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.HakunaMatata.yara#L1-L373" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.HakunaMatata.yara#L1-L373" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "e363ff93fce286d60a3f5ea20ba3ec03564b7a5321c3f6448cc82187f23e8a9f" score = 75 quality = 90 @@ -9925,8 +9925,8 @@ rule REVERSINGLABS_Win32_Ransomware_Ragnarok : TC_DETECTION MALICIOUS MALWARE FI date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Ragnarok.yara#L1-L110" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Ragnarok.yara#L1-L110" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "aaa17ab98b59a5c8c71a2b82a9bf29dd3a1a1719deaf08a3bafa77895bc10311" score = 75 quality = 90 @@ -10029,8 +10029,8 @@ rule REVERSINGLABS_Win32_Ransomware_Cryptowall : TC_DETECTION MALICIOUS MALWARE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.CryptoWall.yara#L3-L312" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.CryptoWall.yara#L3-L312" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "74baa04ee506732e0bb64a77cfd2d2216fcc978f13447ef07862e0116c093c14" score = 75 quality = 88 @@ -10316,8 +10316,8 @@ rule REVERSINGLABS_Win32_Ransomware_Dharma : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Dharma.yara#L1-L108" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Dharma.yara#L1-L108" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "6f33281523b462aaff68bb04f2f6869c3e6cd60cd9306ed80bb0c3e3b699f315" score = 75 quality = 90 @@ -10425,8 +10425,8 @@ rule REVERSINGLABS_Win32_Ransomware_Flamingo : TC_DETECTION MALICIOUS MALWARE FI date = "2021-04-14" modified = "2021-04-14" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Flamingo.yara#L1-L54" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Flamingo.yara#L1-L54" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "446c0d332af01c0fceb0356d5ab273eb55764869cc8343468b75625e5d4d1036" score = 75 quality = 90 @@ -10477,8 +10477,8 @@ rule REVERSINGLABS_Win32_Ransomware_Jamper : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Jamper.yara#L1-L110" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Jamper.yara#L1-L110" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "826f8fa7cc92b279c609a9ab6a87c32940e37b4c2476854af75bbed29cb3eaf2" score = 75 quality = 90 @@ -10580,8 +10580,8 @@ rule REVERSINGLABS_Win32_Ransomware_Sherminator : TC_DETECTION MALICIOUS MALWARE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Sherminator.yara#L1-L157" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Sherminator.yara#L1-L157" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "22ac61b95f6ca4530e81a23fdd05be93e368647ca7100097a94eae3c6ce3b7d1" score = 75 quality = 90 @@ -10726,8 +10726,8 @@ rule REVERSINGLABS_Linux_Ransomware_Redalert : TC_DETECTION MALICIOUS MALWARE FI date = "2022-09-01" modified = "2022-09-01" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Linux.Ransomware.RedAlert.yara#L1-L146" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Linux.Ransomware.RedAlert.yara#L1-L146" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "fe0d10c2ef1dacdb5374f319e470274b91f4f171db49de8c89e8aaa9aa75a45c" score = 75 quality = 90 @@ -10860,8 +10860,8 @@ rule REVERSINGLABS_Win32_Ransomware_Avoslocker : TC_DETECTION MALICIOUS MALWARE date = "2021-10-22" modified = "2021-10-22" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.AvosLocker.yara#L1-L108" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.AvosLocker.yara#L1-L108" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "4d81b801a95a54a35989c4a985d92578971568d1412f625bca911d0fa1eee1fe" score = 75 quality = 90 @@ -10958,8 +10958,8 @@ rule REVERSINGLABS_Win64_Ransomware_Rook : TC_DETECTION MALICIOUS MALWARE FILE date = "2022-01-17" modified = "2022-01-17" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win64.Ransomware.Rook.yara#L1-L122" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win64.Ransomware.Rook.yara#L1-L122" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "dc8b37e55b634de52855dd851dbaaf3e690adfb2e875d0e0c9ef5f4846c6ff30" score = 75 quality = 90 @@ -11068,8 +11068,8 @@ rule REVERSINGLABS_Win32_Ransomware_Tblocker : TC_DETECTION MALICIOUS MALWARE FI date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.TBLocker.yara#L1-L85" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.TBLocker.yara#L1-L85" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "81f0077655ac0e59cd8dc05be602ae500c938668bd57d3cf4a51fbff2a5b6b83" score = 75 quality = 90 @@ -11148,8 +11148,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Ghostencryptor : TC_DETECTION MALICI date = "2021-08-12" modified = "2021-08-12" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/ByteCode.MSIL.Ransomware.GhosTEncryptor.yara#L1-L69" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/ByteCode.MSIL.Ransomware.GhosTEncryptor.yara#L1-L69" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "85c1f6e5acf746388b0a9ddeb1f0ad1d2219fff7358c9a981849863155c13e3c" score = 75 quality = 90 @@ -11209,8 +11209,8 @@ rule REVERSINGLABS_Win32_Ransomware_Desucrypt : TC_DETECTION MALICIOUS MALWARE F date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.DesuCrypt.yara#L1-L93" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.DesuCrypt.yara#L1-L93" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "bd3ba8ea0fc16aad859a73628d0eda180d49298162fe239acf81c7c4e371eaad" score = 75 quality = 90 @@ -11300,8 +11300,8 @@ rule REVERSINGLABS_Win32_Ransomware_5Ss5C : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.5ss5c.yara#L1-L267" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.5ss5c.yara#L1-L267" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "74fcec568906a01dade7091c63cffbe4afa49c4705d9c1f21d10b4eee655a805" score = 75 quality = 90 @@ -11550,8 +11550,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Fantom : TC_DETECTION MALICIOUS MALW date = "2021-08-12" modified = "2021-08-12" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/ByteCode.MSIL.Ransomware.Fantom.yara#L1-L97" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/ByteCode.MSIL.Ransomware.Fantom.yara#L1-L97" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "f2aaa9776b7ca302052b3303d45df24cc151a4efc7ea9f4bb3c1f53d10ded03a" score = 75 quality = 90 @@ -11644,8 +11644,8 @@ rule REVERSINGLABS_Win32_Ransomware_Archiveus : TC_DETECTION MALICIOUS MALWARE F date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Archiveus.yara#L3-L50" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Archiveus.yara#L3-L50" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "2b8a42b98ab3e8b97d2e226e979f342a6a72f21d8f068f59c21ad95764077f8a" score = 75 quality = 90 @@ -11693,8 +11693,8 @@ rule REVERSINGLABS_Win32_Ransomware_Ferrlock : TC_DETECTION MALICIOUS MALWARE FI date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Ferrlock.yara#L1-L131" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Ferrlock.yara#L1-L131" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "b94bc77489dbb74573813631009e605bc848e17995a0a512d08b194ee3020b75" score = 75 quality = 90 @@ -11811,8 +11811,8 @@ rule REVERSINGLABS_Win64_Ransomware_Vovalex : TC_DETECTION MALICIOUS MALWARE FIL date = "2021-03-12" modified = "2021-03-12" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win64.Ransomware.Vovalex.yara#L1-L81" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win64.Ransomware.Vovalex.yara#L1-L81" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "0c0f065224988bcba45b5aba2dceb080479b0bab235d544daabc3cae72e48318" score = 75 quality = 90 @@ -11889,8 +11889,8 @@ rule REVERSINGLABS_Win32_Ransomware_Alcatraz : TC_DETECTION MALICIOUS MALWARE FI date = "2020-07-28" modified = "2020-07-28" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Alcatraz.yara#L1-L91" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Alcatraz.yara#L1-L91" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "ddd35c8da0c08bce17cacfba8bb8a8b8a8c08c3e59261a88a79c63b03d29000f" score = 75 quality = 90 @@ -11983,8 +11983,8 @@ rule REVERSINGLABS_Win32_Ransomware_Shadowcryptor : TC_DETECTION MALICIOUS MALWA date = "2021-02-11" modified = "2021-02-11" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.ShadowCryptor.yara#L1-L89" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.ShadowCryptor.yara#L1-L89" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "875150db9fc36cd992988bba7d0c05487418b901980bf428ebd427c82fbcacd7" score = 75 quality = 90 @@ -12065,8 +12065,8 @@ rule REVERSINGLABS_Win32_Ransomware_Maktub : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Maktub.yara#L1-L116" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Maktub.yara#L1-L116" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "ee3213213e9521f7d19ce6340cd2f98057c22b1188ceefc30c17c18b6ec54e20" score = 75 quality = 90 @@ -12184,8 +12184,8 @@ rule REVERSINGLABS_Linux_Ransomware_Killdisk : TC_DETECTION MALICIOUS MALWARE FI date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Linux.Ransomware.KillDisk.yara#L1-L144" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Linux.Ransomware.KillDisk.yara#L1-L144" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "3ed1fb2b7b24cd4d5100d93ed53a9ab28e1482bd0998a0538d8710a962ee839f" score = 75 quality = 90 @@ -12323,8 +12323,8 @@ rule REVERSINGLABS_Win32_Ransomware_Ako : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Ako.yara#L1-L152" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Ako.yara#L1-L152" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "488e9b528f75fcfaa8dd19859801e6e5a73575c33cd70c98ebaa9ae93025018b" score = 75 quality = 90 @@ -12464,8 +12464,8 @@ rule REVERSINGLABS_Win32_Ransomware_Asn1Encoder : TC_DETECTION MALICIOUS MALWARE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.ASN1Encoder.yara#L1-L136" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.ASN1Encoder.yara#L1-L136" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "000fd846fa5f09af19ead4623bb5a8eb51cdb4c751013569bf070710d3e0d61d" score = 75 quality = 90 @@ -12592,8 +12592,8 @@ rule REVERSINGLABS_Win64_Ransomware_Redroman : TC_DETECTION MALICIOUS MALWARE FI date = "2021-05-10" modified = "2021-05-10" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win64.Ransomware.RedRoman.yara#L1-L82" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win64.Ransomware.RedRoman.yara#L1-L82" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "6fb2ac0e7f7ac095766e27c057e5124406dc493c08d01a7e5381403d794c7240" score = 75 quality = 90 @@ -12671,8 +12671,8 @@ rule REVERSINGLABS_Win32_Ransomware_Cryptofortress : TC_DETECTION MALICIOUS MALW date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.CryptoFortress.yara#L1-L162" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.CryptoFortress.yara#L1-L162" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "474893b63523de5ff9eb8a0c91b0677b99ce65056af7f5d02a73e43fa65453c9" score = 75 quality = 90 @@ -12819,8 +12819,8 @@ rule REVERSINGLABS_Win32_Ransomware_Xorist : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Xorist.yara#L1-L150" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Xorist.yara#L1-L150" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "c428838cdd103f62508a23c9333b08567625291e110aa437324ecf37c62dca36" score = 75 quality = 90 @@ -12952,8 +12952,8 @@ rule REVERSINGLABS_Win32_Ransomware_Ransomplus : TC_DETECTION MALICIOUS MALWARE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.RansomPlus.yara#L1-L95" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.RansomPlus.yara#L1-L95" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "8ab18c6bcb939eac0e74f015dea773141b5086c5fcb4783666eeac1f395bc208" score = 75 quality = 90 @@ -13049,8 +13049,8 @@ rule REVERSINGLABS_Win32_Ransomware_MZP : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.MZP.yara#L1-L147" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.MZP.yara#L1-L147" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "724ae1033bfb8ff494b30e6b3333e6c848375f1b001b75e71c9444c9f9f31251" score = 75 quality = 90 @@ -13180,8 +13180,8 @@ rule REVERSINGLABS_Win32_Ransomware_Killdisk : TC_DETECTION MALICIOUS MALWARE FI date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.KillDisk.yara#L1-L80" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.KillDisk.yara#L1-L80" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "6148e6fc1363ff8995a9100e07139bfa658c72892db4d30a973bad0f2b3e6c3f" score = 75 quality = 90 @@ -13263,8 +13263,8 @@ rule REVERSINGLABS_Linux_Ransomware_Gwisinlocker : TC_DETECTION MALICIOUS MALWAR date = "2022-10-11" modified = "2022-10-11" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Linux.Ransomware.GwisinLocker.yara#L1-L354" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Linux.Ransomware.GwisinLocker.yara#L1-L354" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "c23c0b73bbefbd644ffe1398e1f14eec3a89945cb3c3ccbc6f46c57046b53505" score = 75 quality = 90 @@ -13572,8 +13572,8 @@ rule REVERSINGLABS_Win32_Ransomware_Sevensevenseven : TC_DETECTION MALICIOUS MAL date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.SevenSevenSeven.yara#L1-L148" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.SevenSevenSeven.yara#L1-L148" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "583a8ac746cd749bd3927f10c864a3ac84f82f8bbd8d0ebf117e22b016d7ca94" score = 75 quality = 90 @@ -13697,8 +13697,8 @@ rule REVERSINGLABS_Win32_Ransomware_DMR : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.DMR.yara#L1-L214" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.DMR.yara#L1-L214" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "55e19f3017c2cc8355c27f9a516e611b58b108f15bfed41b88d5662b55677a59" score = 75 quality = 90 @@ -13900,8 +13900,8 @@ rule REVERSINGLABS_Win32_Ransomware_Gandcrab : TC_DETECTION MALICIOUS MALWARE FI date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.GandCrab.yara#L1-L892" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.GandCrab.yara#L1-L892" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "79381635681482fc90defe4e10e97bf16d534837518fc06ae579822e9d77b461" score = 75 quality = 88 @@ -14750,8 +14750,8 @@ rule REVERSINGLABS_Win32_Ransomware_Reveton : TC_DETECTION MALICIOUS MALWARE FIL date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Reveton.yara#L1-L118" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Reveton.yara#L1-L118" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "2d316c558cdb5591788ef89c6e20327882a118f2928f4a31fb5b8b3083931ac5" score = 75 quality = 90 @@ -14862,8 +14862,8 @@ rule REVERSINGLABS_Win32_Ransomware_Sanwai : TC_DETECTION MALICIOUS MALWARE FILE date = "2021-11-11" modified = "2021-11-11" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Sanwai.yara#L1-L71" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Sanwai.yara#L1-L71" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "a7a95b2403fe539dce0d856cc1c04d15440677ea39c0a22e818b42333a64e92c" score = 75 quality = 90 @@ -14927,8 +14927,8 @@ rule REVERSINGLABS_Win32_Ransomware_Mountlocker : TC_DETECTION MALICIOUS MALWARE date = "2021-03-25" modified = "2021-03-25" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.MountLocker.yara#L1-L86" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.MountLocker.yara#L1-L86" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "d203217c229d54802e96e19dc66d38ecb0443d19e0492efe337df471a99559dc" score = 75 quality = 90 @@ -15009,8 +15009,8 @@ rule REVERSINGLABS_Win32_Ransomware_Revil : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Revil.yara#L1-L101" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Revil.yara#L1-L101" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "24a79477eb797d7a7121d1248ebbece833ccd256de55729ff96084135ce8d426" score = 75 quality = 90 @@ -15100,8 +15100,8 @@ rule REVERSINGLABS_Win32_Ransomware_Satana : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Satana.yara#L1-L123" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Satana.yara#L1-L123" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "5deb6ac2e8b64fb6f7af8c41a9b9e695668ca66c96c65f0c7350b11cd4ae0c50" score = 75 quality = 90 @@ -15215,8 +15215,8 @@ rule REVERSINGLABS_Win32_Ransomware_Medusalocker : TC_DETECTION MALICIOUS MALWAR date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.MedusaLocker.yara#L1-L174" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.MedusaLocker.yara#L1-L174" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "73f915d476d1411d2e008d00c5ffa03596e3b62bcdbc4d91dc7226599a066c08" score = 75 quality = 90 @@ -15368,8 +15368,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Khonsari : TC_DETECTION MALICIOUS MA date = "2022-01-27" modified = "2022-01-27" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/ByteCode.MSIL.Ransomware.Khonsari.yara#L1-L68" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/ByteCode.MSIL.Ransomware.Khonsari.yara#L1-L68" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "f1003b7863215bcd8e5cdce8ce40551105fb668ea2b8ac765909f9fa5373e6ca" score = 75 quality = 90 @@ -15430,8 +15430,8 @@ rule REVERSINGLABS_Win64_Ransomware_Solaso : TC_DETECTION MALICIOUS MALWARE FILE date = "2021-11-02" modified = "2021-11-02" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win64.Ransomware.Solaso.yara#L1-L171" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win64.Ransomware.Solaso.yara#L1-L171" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "368a80a9f2e264d17c61d6ed4c22baec838ba0b0bc2e5c79344830bf861aa5a2" score = 75 quality = 90 @@ -15592,8 +15592,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Tarrak : TC_DETECTION MALICIOUS MALW date = "2021-09-06" modified = "2021-09-06" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/ByteCode.MSIL.Ransomware.TaRRaK.yara#L1-L96" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/ByteCode.MSIL.Ransomware.TaRRaK.yara#L1-L96" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "a8c4c4a501d94da94ae4a2e1eb2846e841249659be64dd45f46584885d000635" score = 75 quality = 90 @@ -15674,8 +15674,8 @@ rule REVERSINGLABS_Win32_Ransomware_Wasplocker : TC_DETECTION MALICIOUS MALWARE date = "2022-06-28" modified = "2022-06-28" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.WaspLocker.yara#L1-L76" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.WaspLocker.yara#L1-L76" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "852ec52328fca36d651e3176ac33a57ce26cefecadc2aad27235548e5b9813c1" score = 75 quality = 90 @@ -15744,8 +15744,8 @@ rule REVERSINGLABS_Win32_Ransomware_Blitzkrieg : TC_DETECTION MALICIOUS MALWARE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Blitzkrieg.yara#L1-L127" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Blitzkrieg.yara#L1-L127" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "22dd16c886a1982186fe927e633be9951da7d7e664e877e11fa976696b2bc86f" score = 75 quality = 90 @@ -15861,8 +15861,8 @@ rule REVERSINGLABS_Win32_Ransomware_Teslacrypt : TC_DETECTION MALICIOUS MALWARE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Teslacrypt.yara#L1-L665" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Teslacrypt.yara#L1-L665" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "cc054be68d833d9f29a4ebd1c202922881b0d22a2605edc7def1048dc08f6325" score = 75 quality = 65 @@ -16454,8 +16454,8 @@ rule REVERSINGLABS_Win32_Ransomware_Gomer : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-10-08" modified = "2020-10-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Gomer.yara#L1-L106" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Gomer.yara#L1-L106" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "a53d37fcb877a12a4969a6ea1aaa67fc4106c3fbdd80a4fd39ad5a66a9df47fc" score = 75 quality = 90 @@ -16552,8 +16552,8 @@ rule REVERSINGLABS_Win32_Ransomware_Vegalocker : TC_DETECTION MALICIOUS MALWARE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.VegaLocker.yara#L1-L100" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.VegaLocker.yara#L1-L100" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "8616e72fc435676179e83a304d4111c8f29ebf3cd79ff5b2d229cca8fc97c2a3" score = 75 quality = 90 @@ -16648,8 +16648,8 @@ rule REVERSINGLABS_Win32_Ransomware_Prometey : TC_DETECTION MALICIOUS MALWARE FI date = "2021-06-07" modified = "2021-06-07" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Prometey.yara#L1-L156" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Prometey.yara#L1-L156" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "f14c9605e2d375176b461fd396be66754b0ace7dcaada8ca33ad86f6eda10b73" score = 75 quality = 90 @@ -16794,8 +16794,8 @@ rule REVERSINGLABS_Win32_Ransomware_Monalisa : TC_DETECTION MALICIOUS MALWARE FI date = "2022-05-13" modified = "2022-05-13" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Monalisa.yara#L1-L83" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Monalisa.yara#L1-L83" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "0bcb79dff111ec05ac93bbe9a777546bd6234dc60d9f6982c03cd0bc3b26b038" score = 75 quality = 90 @@ -16867,8 +16867,8 @@ rule REVERSINGLABS_Win32_Ransomware_Ransoc : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Ransoc.yara#L1-L114" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Ransoc.yara#L1-L114" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "1f48f1b713c18b099e863d8a11e872ae84df0ea355f01cba765e8333d8d98575" score = 75 quality = 90 @@ -16983,8 +16983,8 @@ rule REVERSINGLABS_Win32_Ransomware_Buran : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Buran.yara#L1-L91" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Buran.yara#L1-L91" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "5606e0acecd99ccf2feaa995353211302903a09bb2c4ec65903566215e2d5ca4" score = 75 quality = 90 @@ -17067,8 +17067,8 @@ rule REVERSINGLABS_Win32_Ransomware_Montserrat : TC_DETECTION MALICIOUS MALWARE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Montserrat.yara#L1-L118" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Montserrat.yara#L1-L118" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "c8782a8cb2b87e76ff1f804ee8affd01405827d0914ea725bb0e9ddace7dde10" score = 75 quality = 90 @@ -17176,8 +17176,8 @@ rule REVERSINGLABS_Win32_Ransomware_Major : TC_DETECTION MALICIOUS MALWARE FILE date = "2021-01-26" modified = "2021-01-26" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Major.yara#L1-L261" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Major.yara#L1-L261" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "16fb7763e3806fca6937fef7e8b3d8bccd61cb39549061d359d630c7d266c270" score = 75 quality = 90 @@ -17423,8 +17423,8 @@ rule REVERSINGLABS_Win32_Ransomware_Targetcompany : TC_DETECTION MALICIOUS MALWA date = "2021-09-27" modified = "2021-09-27" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.TargetCompany.yara#L1-L141" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.TargetCompany.yara#L1-L141" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "05fa81afa8aa1e3b9955ad24a274ddef4fb32d678902af7aae6d6c67ed3bf0fd" score = 75 quality = 90 @@ -17551,8 +17551,8 @@ rule REVERSINGLABS_Win32_Ransomware_Zhen : TC_DETECTION MALICIOUS MALWARE FILE date = "2021-04-28" modified = "2021-04-28" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Zhen.yara#L1-L176" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Zhen.yara#L1-L176" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "17b24e7baeccd90b8695eb8d21d9ee4a317806ed7713252d315d06bee3f93e65" score = 75 quality = 90 @@ -17716,8 +17716,8 @@ rule REVERSINGLABS_Win32_Ransomware_Sepsis : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Sepsis.yara#L1-L126" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Sepsis.yara#L1-L126" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "171ad074a780b45195c6e02b111b3883c58a4028e635c4d6b8ce27c5e05e35d7" score = 75 quality = 90 @@ -17833,8 +17833,8 @@ rule REVERSINGLABS_Win32_Ransomware_Teslarvng : TC_DETECTION MALICIOUS MALWARE F date = "2020-12-14" modified = "2020-12-14" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Teslarvng.yara#L1-L137" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Teslarvng.yara#L1-L137" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "670621aa196a80fbb694e4b1690d7da60e881c5b826133939e61cd6c2406ea98" score = 75 quality = 90 @@ -17961,8 +17961,8 @@ rule REVERSINGLABS_Win32_Ransomware_Ryuk : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Ryuk.yara#L1-L199" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Ryuk.yara#L1-L199" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "bf93892b281be20917656e242cbb0f3b3694439556b7e5e40a424ba1aa909105" score = 75 quality = 90 @@ -18148,8 +18148,8 @@ rule REVERSINGLABS_Win32_Ransomware_Gibon : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Gibon.yara#L1-L122" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Gibon.yara#L1-L122" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "cace0f35529307487f39aace6ae8989c7b878f82ebe890b256dfac563551a099" score = 75 quality = 90 @@ -18265,8 +18265,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Apis : TC_DETECTION MALICIOUS MALWAR date = "2021-11-25" modified = "2021-11-25" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/ByteCode.MSIL.Ransomware.Apis.yara#L1-L75" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/ByteCode.MSIL.Ransomware.Apis.yara#L1-L75" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "0915469884a268f124da348d6a182eb4a0f69063d4041b46628794ab011227ef" score = 75 quality = 90 @@ -18334,8 +18334,8 @@ rule REVERSINGLABS_Win32_Ransomware_Ladon : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Ladon.yara#L1-L101" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Ladon.yara#L1-L101" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "979e3f3bf6a67bf10b6bfdd2eeb722d8836096076b7e88c6d4aca041a1a9eecb" score = 75 quality = 90 @@ -18428,8 +18428,8 @@ rule REVERSINGLABS_Win32_Ransomware_Koxic : TC_DETECTION MALICIOUS MALWARE FILE date = "2022-04-21" modified = "2022-04-21" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Koxic.yara#L1-L87" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Koxic.yara#L1-L87" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "739faf047b95fd538422a42943fcaad6538549bf4cf33ed91385c61365af4f09" score = 75 quality = 90 @@ -18508,8 +18508,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Eternity : TC_DETECTION MALICIOUS MA date = "2022-07-22" modified = "2022-07-22" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/ByteCode.MSIL.Ransomware.Eternity.yara#L1-L74" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/ByteCode.MSIL.Ransomware.Eternity.yara#L1-L74" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "a2298a26e9bbe2b779eb2afeeda28d4321bc2d26db46bbb377bf86abaf8fa929" score = 75 quality = 90 @@ -18572,8 +18572,8 @@ rule REVERSINGLABS_Win32_Ransomware_Dragon : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-10-30" modified = "2020-10-30" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Dragon.yara#L1-L149" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Dragon.yara#L1-L149" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "7298c5681deaf04abb6a656cefc09b5ee4096ff7a5028caab1d7b107e97be90a" score = 75 quality = 90 @@ -18708,8 +18708,8 @@ rule REVERSINGLABS_Win32_Ransomware_Marlboro : TC_DETECTION MALICIOUS MALWARE FI date = "2020-07-23" modified = "2020-07-23" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Marlboro.yara#L1-L117" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Marlboro.yara#L1-L117" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "d36c3cf52af47e9f638f58aabc19298e8c58831c3083f82e4c194319503eeaaa" score = 75 quality = 90 @@ -18820,8 +18820,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Cobralocker : TC_DETECTION MALICIOUS date = "2021-08-12" modified = "2021-08-12" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Bytecode.MSIL.Ransomware.CobraLocker.yara#L1-L59" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Bytecode.MSIL.Ransomware.CobraLocker.yara#L1-L59" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "95f4c645c7c237d23b5028f824f78a5f9f8f0a4737b391d877582afe08264d7e" score = 75 quality = 90 @@ -18877,8 +18877,8 @@ rule REVERSINGLABS_Win32_Ransomware_PXJ : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.PXJ.yara#L1-L158" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.PXJ.yara#L1-L158" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "e88d27dcd7ad3af459bd7e34fcc827822365441446b0e4e7bbec399c9a948cb7" score = 75 quality = 90 @@ -19027,8 +19027,8 @@ rule REVERSINGLABS_Win32_Ransomware_Bitcrypt : TC_DETECTION MALICIOUS MALWARE FI date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.BitCrypt.yara#L3-L112" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.BitCrypt.yara#L3-L112" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "66cfe16a182e7f20d6358be9569ada5e6c36c94d44781d8c741638e1b174d44e" score = 75 quality = 90 @@ -19134,8 +19134,8 @@ rule REVERSINGLABS_Win32_Ransomware_Telecrypt : TC_DETECTION MALICIOUS MALWARE F date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.TeleCrypt.yara#L1-L109" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.TeleCrypt.yara#L1-L109" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "9d856eae4369cd7ba1d88bd6ef37931e069127e2c05a84a44f5274f681e83fc0" score = 75 quality = 90 @@ -19242,8 +19242,8 @@ rule REVERSINGLABS_Win32_Ransomware_Wastedlocker : TC_DETECTION MALICIOUS MALWAR date = "2020-12-07" modified = "2020-12-07" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Wastedlocker.yara#L1-L86" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Wastedlocker.yara#L1-L86" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "0899d3cc3bcea8eae60689a54f34e57bdc52088c879c8420b8e6d0b1969cb186" score = 75 quality = 90 @@ -19324,8 +19324,8 @@ rule REVERSINGLABS_Win32_Ransomware_Ophionlocker : TC_DETECTION MALICIOUS MALWAR date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.OphionLocker.yara#L1-L105" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.OphionLocker.yara#L1-L105" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "3c54a948a6a45ec5f5bc32fbbdbc8822f402b1332e9109b20b90635464dbe2ac" score = 75 quality = 90 @@ -19429,8 +19429,8 @@ rule REVERSINGLABS_Win32_Ransomware_Zeoticus : TC_DETECTION MALICIOUS MALWARE FI date = "2021-03-19" modified = "2021-03-19" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Zeoticus.yara#L1-L90" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Zeoticus.yara#L1-L90" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "adf42b96139ad98f4253f3eba2c4af1be9545825605e0851185cc15284d9e9a0" score = 75 quality = 90 @@ -19512,8 +19512,8 @@ rule REVERSINGLABS_Win32_Ransomware_FCT : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.FCT.yara#L1-L86" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.FCT.yara#L1-L86" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "b158ad56c92a926f7398a27b3576c259e39c9716ef192fa5944ce3cffdc6d7d0" score = 75 quality = 90 @@ -19594,8 +19594,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Ghostbin : TC_DETECTION MALICIOUS MA date = "2021-09-06" modified = "2021-09-06" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/ByteCode.MSIL.Ransomware.Ghostbin.yara#L1-L61" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/ByteCode.MSIL.Ransomware.Ghostbin.yara#L1-L61" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "3881e1c83ac2a31fdd8a081d3e6e6ea759771dbc183c3af9528930619bcddf9e" score = 75 quality = 90 @@ -19649,8 +19649,8 @@ rule REVERSINGLABS_Win32_Ransomware_Spora : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Spora.yara#L1-L124" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Spora.yara#L1-L124" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "4e18bb42277ce9194bf75fa45d95ea7e2bd51c5d7791d3d6e013fc07626e65b0" score = 75 quality = 90 @@ -19772,8 +19772,8 @@ rule REVERSINGLABS_Win32_Ransomware_Motocos : TC_DETECTION MALICIOUS MALWARE FIL date = "2021-09-17" modified = "2021-09-17" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Motocos.yara#L1-L75" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Motocos.yara#L1-L75" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "34b99847f029a291808f08ba6e6ae62a54e6fed5acc928fe4828054801786881" score = 75 quality = 90 @@ -19841,8 +19841,8 @@ rule REVERSINGLABS_Win32_Ransomware_Bandarchor : TC_DETECTION MALICIOUS MALWARE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.BandarChor.yara#L1-L97" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.BandarChor.yara#L1-L97" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "1c0c33ef7de089fc7ed6b364c7693499d1a93f79a48d6f2a5c375e47aea176bc" score = 75 quality = 90 @@ -19936,8 +19936,8 @@ rule REVERSINGLABS_Win32_Ransomware_Cryptojoker : TC_DETECTION MALICIOUS MALWARE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.CryptoJoker.yara#L1-L140" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.CryptoJoker.yara#L1-L140" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "42ee1e63ada1ae986f43a1300eda0b1fa7b54c26be31ef5637bb321defffbe40" score = 75 quality = 90 @@ -20073,8 +20073,8 @@ rule REVERSINGLABS_Win32_Ransomware_Ouroboros : TC_DETECTION MALICIOUS MALWARE F date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Ouroboros.yara#L1-L175" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Ouroboros.yara#L1-L175" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "b573f303318452010ff46f21a02b6290820f9a27bf4c51b72f6ed15263b5f433" score = 75 quality = 90 @@ -20232,8 +20232,8 @@ rule REVERSINGLABS_Win32_Ransomware_Marsjoke : TC_DETECTION MALICIOUS MALWARE FI date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.MarsJoke.yara#L1-L157" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.MarsJoke.yara#L1-L157" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "298b2fd99793a15b3537853289e1337648d3fa84f12038e6f6831741404b7c5c" score = 75 quality = 90 @@ -20392,8 +20392,8 @@ rule REVERSINGLABS_Win32_Ransomware_Afrodita : TC_DETECTION MALICIOUS MALWARE FI date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Afrodita.yara#L1-L119" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Afrodita.yara#L1-L119" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "ce7cc445d4c1f59c25b9505fc1f7f9dd0d286ab80510e2977b50ff15433aea60" score = 75 quality = 90 @@ -20498,8 +20498,8 @@ rule REVERSINGLABS_Win64_Ransomware_Blackbasta : TC_DETECTION MALICIOUS MALWARE date = "2022-12-13" modified = "2022-12-13" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win64.Ransomware.BlackBasta.yara#L1-L293" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win64.Ransomware.BlackBasta.yara#L1-L293" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "79c81a4470e9eabbd714b1a91621c7b2bbe42d5371ba2c799529662d5f5c479a" score = 75 quality = 90 @@ -20745,8 +20745,8 @@ rule REVERSINGLABS_Win32_Ransomware_Nemty : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Nemty.yara#L1-L205" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Nemty.yara#L1-L205" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "dc8cfdcdea8ecb2018b1b04bb1b645f6dbdc6c07357719100677c75945edef40" score = 75 quality = 90 @@ -20930,8 +20930,8 @@ rule REVERSINGLABS_Win32_Ransomware_Gpgqwerty : TC_DETECTION MALICIOUS MALWARE F date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.GPGQwerty.yara#L1-L83" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.GPGQwerty.yara#L1-L83" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "e59adadd66b4d242ac7337ce4b3c3ec6c60724f4cf5b86305f1e31b88745928c" score = 75 quality = 90 @@ -21010,8 +21010,8 @@ rule REVERSINGLABS_Win32_Ransomware_Cryptobit : TC_DETECTION MALICIOUS MALWARE F date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.CryptoBit.yara#L1-L113" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.CryptoBit.yara#L1-L113" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "ccc8a0f1c5e11211649992d0f2b309968c97b49f1c7359e62d622f364e117429" score = 75 quality = 90 @@ -21115,8 +21115,8 @@ rule REVERSINGLABS_Win32_Ransomware_Sifrelendi : TC_DETECTION MALICIOUS MALWARE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Sifrelendi.yara#L1-L67" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Sifrelendi.yara#L1-L67" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "430d3877c10c86fcb19b5624dd8886d61e54ccd0453678329309b49712c6d5c6" score = 75 quality = 90 @@ -21180,8 +21180,8 @@ rule REVERSINGLABS_Win32_Ransomware_Encoded01 : TC_DETECTION MALICIOUS MALWARE F date = "2021-12-16" modified = "2021-12-16" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Encoded01.yara#L1-L141" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Encoded01.yara#L1-L141" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "f6f872290f15f4c564911bb099824c47cb13164457e1bcdb02dee441bc2d6b6a" score = 75 quality = 90 @@ -21309,8 +21309,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Hog : TC_DETECTION MALICIOUS MALWARE date = "2021-10-12" modified = "2021-10-12" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/ByteCode.MSIL.Ransomware.Hog.yara#L1-L70" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/ByteCode.MSIL.Ransomware.Hog.yara#L1-L70" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "c5cbc79fee9083ed3befa6b0d348f2d38064bb9012b8f0ca11afd7137243866d" score = 75 quality = 90 @@ -21372,8 +21372,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_EAF : TC_DETECTION MALICIOUS MALWARE date = "2022-07-22" modified = "2022-07-22" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/ByteCode.MSIL.Ransomware.EAF.yara#L1-L89" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/ByteCode.MSIL.Ransomware.EAF.yara#L1-L89" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "3d10c852f95e8aa9bcd3543b96650b98ac57bcd2aa2b374e0badb63b5a4c0396" score = 75 quality = 90 @@ -21455,8 +21455,8 @@ rule REVERSINGLABS_Win32_Ransomware_Cryptolocker : TC_DETECTION MALICIOUS MALWAR date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.CryptoLocker.yara#L3-L154" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.CryptoLocker.yara#L3-L154" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "08430b0c5689840d592bdda5dbc2ed06e0d0fa1e2c0f19aff4316580c6a0b23d" score = 75 quality = 90 @@ -21595,8 +21595,8 @@ rule REVERSINGLABS_Win32_Ransomware_Erica : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Erica.yara#L1-L76" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Erica.yara#L1-L76" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "93512091943f3a3b395c38fa3b0f5ecdbbf1cdf967ccfea4d7145c940076e046" score = 75 quality = 90 @@ -21668,8 +21668,8 @@ rule REVERSINGLABS_Win32_Ransomware_Farattack : TC_DETECTION MALICIOUS MALWARE F date = "2022-06-21" modified = "2022-06-21" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.FarAttack.yara#L1-L93" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.FarAttack.yara#L1-L93" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "af22b8110c2b545f083b443c7a1fa7e7639324e9188eefadfe1fe70ebb1bb7fb" score = 75 quality = 90 @@ -21754,8 +21754,8 @@ rule REVERSINGLABS_Win64_Ransomware_DST : TC_DETECTION MALICIOUS MALWARE FILE date = "2021-12-06" modified = "2021-12-06" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win64.Ransomware.DST.yara#L1-L170" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win64.Ransomware.DST.yara#L1-L170" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "b658093232a2265d425e3b38758268c116bbac51fa5eed372b5b4f00de4c6880" score = 75 quality = 90 @@ -21913,8 +21913,8 @@ rule REVERSINGLABS_Win32_Ransomware_Fuxsocy : TC_DETECTION MALICIOUS MALWARE FIL date = "2021-03-01" modified = "2021-03-01" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.FuxSocy.yara#L1-L114" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.FuxSocy.yara#L1-L114" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "8b3c04eb5d60fcc82e47cb8e78da0a98642666546d6799baef24b56926e3aceb" score = 75 quality = 90 @@ -22022,8 +22022,8 @@ rule REVERSINGLABS_Win32_Ransomware_Zeppelin : TC_DETECTION MALICIOUS MALWARE FI date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Zeppelin.yara#L1-L109" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Zeppelin.yara#L1-L109" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "8fb07e49d2ff9d497fb36a5d901748315ae519f5ef845d1a5ec6341d0eb1f68c" score = 75 quality = 90 @@ -22120,8 +22120,8 @@ rule REVERSINGLABS_Win32_Ransomware_Matsnu : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Matsnu.yara#L1-L116" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Matsnu.yara#L1-L116" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "76ef1b4a292f27ccd904e80f0279a7a327f7399a21f2266ef3ea959e5339ffac" score = 75 quality = 90 @@ -22237,8 +22237,8 @@ rule REVERSINGLABS_Win32_Ransomware_NB65 : TC_DETECTION MALICIOUS MALWARE FILE date = "2022-06-01" modified = "2022-06-01" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.NB65.yara#L1-L68" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.NB65.yara#L1-L68" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "f8a0e265fc72a9f017b37ce4b6dbb878285a5d298ab1b8c69f9fde7159426981" score = 75 quality = 90 @@ -22299,8 +22299,8 @@ rule REVERSINGLABS_Win32_Ransomware_Bkransomware : TC_DETECTION MALICIOUS MALWAR date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.BKRansomware.yara#L1-L79" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.BKRansomware.yara#L1-L79" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "3118098f05a13bd161af0cb1ec322878b371ff70b9f3815a04115a214c0965a2" score = 75 quality = 90 @@ -22375,8 +22375,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Pacman : TC_DETECTION MALICIOUS MALW date = "2021-08-12" modified = "2021-08-12" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/ByteCode.MSIL.Ransomware.Pacman.yara#L1-L68" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/ByteCode.MSIL.Ransomware.Pacman.yara#L1-L68" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "0634303a4db2631edb40a9435444f3bdc4bc6eb745c7e43a54478e54e7507403" score = 75 quality = 90 @@ -22446,8 +22446,8 @@ rule REVERSINGLABS_Win32_Ransomware_Ragnarlocker : TC_DETECTION MALICIOUS MALWAR date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.RagnarLocker.yara#L1-L108" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.RagnarLocker.yara#L1-L108" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "398f0e5e003f87edf90cdea718be6b10470df317214d00db4dc6c4cccc5b6748" score = 75 quality = 90 @@ -22548,8 +22548,8 @@ rule REVERSINGLABS_Win32_Ransomware_Globeimposter : TC_DETECTION MALICIOUS MALWA date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.GlobeImposter.yara#L1-L171" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.GlobeImposter.yara#L1-L171" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "4345a767f270428f3b509fdad5a96bf9b494b190d3a836c4bf53dfd75da5bacb" score = 75 quality = 90 @@ -22700,8 +22700,8 @@ rule REVERSINGLABS_Win32_Ransomware_Antefrigus : TC_DETECTION MALICIOUS MALWARE date = "2021-03-05" modified = "2021-03-05" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.AnteFrigus.yara#L1-L210" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.AnteFrigus.yara#L1-L210" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "b84c01da0ee97a4eb8bf099c71094f994feb4c7185ad75b8b2ccda5eee283a92" score = 75 quality = 90 @@ -22897,8 +22897,8 @@ rule REVERSINGLABS_Win32_Ransomware_Denizkizi : TC_DETECTION MALICIOUS MALWARE F date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.DenizKizi.yara#L1-L88" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.DenizKizi.yara#L1-L88" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "fbeb01263d6f68141e094ba8fb1c1a54c601ab24292f5c6b0eb8cb0c49f46afc" score = 75 quality = 90 @@ -22979,8 +22979,8 @@ rule REVERSINGLABS_Win32_Ransomware_Blackcat : TC_DETECTION MALICIOUS MALWARE FI date = "2022-02-14" modified = "2022-02-14" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.BlackCat.yara#L1-L109" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.BlackCat.yara#L1-L109" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "24932baa625aedd14b5776ba3209c9ee330e84538c5267eeb5e09e352f655835" score = 75 quality = 90 @@ -23076,8 +23076,8 @@ rule REVERSINGLABS_Win32_Ransomware_Princesslocker : TC_DETECTION MALICIOUS MALW date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.PrincessLocker.yara#L1-L92" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.PrincessLocker.yara#L1-L92" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "5be4ca3bd0b0afed1d2f3a59e2951d74a8de94c5a4d5a2c6cc29add49eab9ec0" score = 75 quality = 90 @@ -23171,8 +23171,8 @@ rule REVERSINGLABS_Win32_Ransomware_Thanatos : TC_DETECTION MALICIOUS MALWARE FI date = "2020-11-13" modified = "2020-11-13" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Thanatos.yara#L1-L85" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Thanatos.yara#L1-L85" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "a51fa9cf1a08e4cd252a8b385be3bfde909585e2a799baaede977e40ecff5313" score = 75 quality = 90 @@ -23253,8 +23253,8 @@ rule REVERSINGLABS_Win32_Ransomware_Sifreli : TC_DETECTION MALICIOUS MALWARE FIL date = "2020-10-08" modified = "2020-10-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Sifreli.yara#L1-L119" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Sifreli.yara#L1-L119" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "48f6cc678bea81afece0ae203fb27b61e2c6e4f7188a3bd260190f568c9a8a06" score = 75 quality = 90 @@ -23362,8 +23362,8 @@ rule REVERSINGLABS_Win32_Ransomware_Fenixlocker : TC_DETECTION MALICIOUS MALWARE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.FenixLocker.yara#L1-L143" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.FenixLocker.yara#L1-L143" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "72712616df2c73c5c17696a7c5cb93f767910acf5f49cda27373fccfa29c5a4d" score = 75 quality = 90 @@ -23505,8 +23505,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Harpoonlocker : TC_DETECTION MALICIO date = "2022-01-27" modified = "2022-01-27" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/ByteCode.MSIL.Ransomware.HarpoonLocker.yara#L1-L96" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/ByteCode.MSIL.Ransomware.HarpoonLocker.yara#L1-L96" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "20587f9dce5981934498d9979843a090224ba649def8b694adf7799b7060cc25" score = 75 quality = 90 @@ -23596,8 +23596,8 @@ rule REVERSINGLABS_Win32_Ransomware_Dirtydecrypt : TC_DETECTION MALICIOUS MALWAR date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.DirtyDecrypt.yara#L3-L112" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.DirtyDecrypt.yara#L3-L112" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "eb6a1c376b0739848b523e741d0d1ebdbc87056d51931fb94c744aa094d6479f" score = 75 quality = 90 @@ -23702,8 +23702,8 @@ rule REVERSINGLABS_Win32_Ransomware_Networm : TC_DETECTION MALICIOUS MALWARE FIL date = "2021-07-05" modified = "2021-07-05" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Networm.yara#L1-L103" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Networm.yara#L1-L103" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "ff9bcb9868522f9d4abf2ab9f94d5b7c9b009e5c6d0cf832c7d052f18e048b31" score = 75 quality = 90 @@ -23797,8 +23797,8 @@ rule REVERSINGLABS_Win32_Ransomware_Kawaiilocker : TC_DETECTION MALICIOUS MALWAR date = "2020-08-17" modified = "2020-08-17" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.KawaiiLocker.yara#L1-L135" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.KawaiiLocker.yara#L1-L135" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "d86b41ef1c43da55869ad26facd5efdf232277f0e33483690a69a04c4ba8f7da" score = 75 quality = 90 @@ -23934,8 +23934,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Venom : TC_DETECTION MALICIOUS MALWA date = "2022-06-06" modified = "2022-06-06" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/ByteCode.MSIL.Ransomware.Venom.yara#L1-L68" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/ByteCode.MSIL.Ransomware.Venom.yara#L1-L68" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "5817ece6a1cc304835f7fc243c4cfdc3c7cacd2251a9ac294a6662b58d2552e8" score = 75 quality = 90 @@ -23996,8 +23996,8 @@ rule REVERSINGLABS_Win32_Ransomware_Babuk : TC_DETECTION MALICIOUS MALWARE FILE date = "2021-01-26" modified = "2021-01-26" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Babuk.yara#L1-L117" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Babuk.yara#L1-L117" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "70327b3f9d0b0505ade7ee6de6d7facf56820c7e8477bd172f738f374311144f" score = 75 quality = 90 @@ -24105,8 +24105,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Timecrypt : TC_DETECTION MALICIOUS M date = "2021-12-06" modified = "2021-12-06" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/ByteCode.MSIL.Ransomware.TimeCrypt.yara#L1-L69" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/ByteCode.MSIL.Ransomware.TimeCrypt.yara#L1-L69" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "6849d6d5010d7bcb4052c10d5bd7cc29320ffc986f36289b272a1e9a8d14fab9" score = 75 quality = 90 @@ -24164,8 +24164,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Thanos : TC_DETECTION MALICIOUS MALW date = "2021-08-12" modified = "2021-08-12" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/ByteCode.MSIL.Ransomware.Thanos.yara#L1-L106" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/ByteCode.MSIL.Ransomware.Thanos.yara#L1-L106" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "f6bc0c2188a04d2fb2a82a6b6d6cdf7763c32047bec725fe07f01415edf0b4cd" score = 75 quality = 90 @@ -24262,8 +24262,8 @@ rule REVERSINGLABS_Win64_Ransomware_Seedlocker : TC_DETECTION MALICIOUS MALWARE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win64.Ransomware.SeedLocker.yara#L1-L91" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win64.Ransomware.SeedLocker.yara#L1-L91" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "a478efcfb03e3eeebe72d9a71629456cf061c3c779fbdde99539854caf8c7c33" score = 75 quality = 90 @@ -24355,8 +24355,8 @@ rule REVERSINGLABS_Win32_Ransomware_Nanolocker : TC_DETECTION MALICIOUS MALWARE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.NanoLocker.yara#L1-L79" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.NanoLocker.yara#L1-L79" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "7fdb021f22d97bf8a00fd856ef913695a0d6fbaad1138b5a5cc2cc8768b130be" score = 75 quality = 90 @@ -24435,8 +24435,8 @@ rule REVERSINGLABS_Win32_Ransomware_District : TC_DETECTION MALICIOUS MALWARE FI date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.District.yara#L1-L194" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.District.yara#L1-L194" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "9ce395636fd7719f503726df82998e1ac72e9e80fd7a4534bd2251ac9283af38" score = 75 quality = 90 @@ -24613,8 +24613,8 @@ rule REVERSINGLABS_Win64_Ransomware_Albabat : TC_DETECTION MALICIOUS MALWARE FIL date = "2024-03-18" modified = "2024-03-18" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win64.Ransomware.Albabat.yara#L1-L139" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win64.Ransomware.Albabat.yara#L1-L139" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "38ec8388b9006f6ab9a397858b89f4bfd7def2ffcf525cfc736abae49bc6034a" score = 75 quality = 90 @@ -24740,8 +24740,8 @@ rule REVERSINGLABS_Win32_Ransomware_Garrantydecrypt : TC_DETECTION MALICIOUS MAL date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.GarrantyDecrypt.yara#L1-L79" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.GarrantyDecrypt.yara#L1-L79" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "7194c1e0e15a89f2c691a7d586b9db68295cc52a5f042d0f7eb558c326430444" score = 75 quality = 90 @@ -24822,8 +24822,8 @@ rule REVERSINGLABS_Win32_Ransomware_Blackbasta : TC_DETECTION MALICIOUS MALWARE date = "2022-12-13" modified = "2022-12-13" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.BlackBasta.yara#L1-L531" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.BlackBasta.yara#L1-L531" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "c68671e51489af00e9e0cf28373e5ec01bda042653dbcca8843357eede41f27f" score = 75 quality = 88 @@ -25226,8 +25226,8 @@ rule REVERSINGLABS_Win32_Ransomware_Crysis : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Crysis.yara#L1-L108" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Crysis.yara#L1-L108" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "3c9250206f94ac65c1fc24e83cf8cdd76d10066086ef1f34ec14791d237c0263" score = 75 quality = 90 @@ -25330,8 +25330,8 @@ rule REVERSINGLABS_Win32_Ransomware_Defray : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Defray.yara#L1-L157" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Defray.yara#L1-L157" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "82d883c77f49e50edbc7af05a108d4d54a46dca7661e4d0cd8aeffa19cb8df98" score = 75 quality = 90 @@ -25471,8 +25471,8 @@ rule REVERSINGLABS_Win32_Ransomware_Meow : TC_DETECTION MALICIOUS MALWARE FILE date = "2022-10-24" modified = "2022-10-24" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Meow.yara#L1-L84" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Meow.yara#L1-L84" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "b00753d2b150a815279297ddf40d70051d25de1c32bb90f5b706ea7fd36bb871" score = 75 quality = 90 @@ -25548,8 +25548,8 @@ rule REVERSINGLABS_Win32_Ransomware_Infodot : TC_DETECTION MALICIOUS MALWARE FIL date = "2021-02-16" modified = "2021-02-16" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.InfoDot.yara#L1-L115" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.InfoDot.yara#L1-L115" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "24a1c25c1d70c21323417ae0892c613361c4bfc829737ef86b6fa7616ae668c6" score = 75 quality = 90 @@ -25658,8 +25658,8 @@ rule REVERSINGLABS_Win32_Ransomware_Paradise : TC_DETECTION MALICIOUS MALWARE FI date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Paradise.yara#L1-L81" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Paradise.yara#L1-L81" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "fc029bee999ec72416ac91d8386d4d270070035ad078bcab1dec11eea032c10b" score = 75 quality = 90 @@ -25741,8 +25741,8 @@ rule REVERSINGLABS_Win32_Ransomware_Jormungand : TC_DETECTION MALICIOUS MALWARE date = "2021-10-22" modified = "2021-10-22" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Jormungand.yara#L1-L135" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Jormungand.yara#L1-L135" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "049eb4533b37d8d72e50dd1e803a897758386643770d47b3e7690f58e44d5236" score = 75 quality = 90 @@ -25861,12 +25861,12 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Oct : TC_DETECTION MALICIOUS MALWARE description = "Yara rule that detects Oct ransomware." author = "ReversingLabs" id = "e811a0ba-52df-5e88-ab71-df91d5cb584a" - date = "2024-10-05" - date = "2024-10-05" + date = "2024-10-12" + date = "2024-10-12" modified = "2021-08-12" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/ByteCode.MSIL.Ransomware.Oct.yara#L1-L68" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/ByteCode.MSIL.Ransomware.Oct.yara#L1-L68" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "3973794d6bf26eaa752cfc70a217c059a190c63a0dd92b06de7c0893d92d9e88" score = 75 quality = 90 @@ -25926,8 +25926,8 @@ rule REVERSINGLABS_Win32_Ransomware_Avaddon : TC_DETECTION MALICIOUS MALWARE FIL date = "2020-10-19" modified = "2020-10-19" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Avaddon.yara#L1-L148" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Avaddon.yara#L1-L148" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "1b2c449d5bad02dd06cb4a980fcca1feaf02b1d8127096bb39deecbc544272a6" score = 75 quality = 90 @@ -26061,8 +26061,8 @@ rule REVERSINGLABS_Win32_Ransomware_Petya : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Petya.yara#L3-L58" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Petya.yara#L3-L58" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "d2adafcb21b627d614eab79e64e2b96ad09fae796d0670452a19490d8781ce99" score = 75 quality = 90 @@ -26118,8 +26118,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Timetime : TC_DETECTION MALICIOUS MA date = "2022-02-21" modified = "2022-02-21" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/ByteCode.MSIL.Ransomware.TimeTime.yara#L1-L75" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/ByteCode.MSIL.Ransomware.TimeTime.yara#L1-L75" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "43867dd793bc84e6f39ca2de1aff4047a742b295dc4df94cd337bd2ef89e4a62" score = 75 quality = 90 @@ -26183,8 +26183,8 @@ rule REVERSINGLABS_Win32_Ransomware_Bananacrypt : TC_DETECTION MALICIOUS MALWARE date = "2020-09-14" modified = "2020-09-14" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.BananaCrypt.yara#L1-L103" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.BananaCrypt.yara#L1-L103" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "6bde4430e438947b0d7f10c4de11216929ec03af81b3d74f8b7bb8ed134d08d2" score = 75 quality = 90 @@ -26281,8 +26281,8 @@ rule REVERSINGLABS_Win32_Ransomware_Dmalocker : TC_DETECTION MALICIOUS MALWARE F date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.DMALocker.yara#L1-L149" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.DMALocker.yara#L1-L149" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "107dbc4cacd9d451e9c6fe8aa91cd612f70ac767ee70f74f3a77d1e5548b054f" score = 75 quality = 90 @@ -26422,8 +26422,8 @@ rule REVERSINGLABS_Win32_Ransomware_Crypren : TC_DETECTION MALICIOUS MALWARE FIL date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Crypren.yara#L1-L144" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Crypren.yara#L1-L144" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "7047d48782762e42544063fde6f2be62eb19f22853ea84abb5bce67c962da172" score = 75 quality = 90 @@ -26554,8 +26554,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Wormlocker : TC_DETECTION MALICIOUS date = "2021-08-12" modified = "2021-08-12" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/ByteCode.MSIL.Ransomware.WormLocker.yara#L1-L69" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/ByteCode.MSIL.Ransomware.WormLocker.yara#L1-L69" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "87a4f805de78d7e7dffb176302407453108ca01552c682aeee38f8d0201263c9" score = 75 quality = 90 @@ -26616,8 +26616,8 @@ rule REVERSINGLABS_Win64_Ransomware_Pandora : TC_DETECTION MALICIOUS MALWARE FIL date = "2022-06-01" modified = "2022-06-01" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win64.Ransomware.Pandora.yara#L1-L95" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win64.Ransomware.Pandora.yara#L1-L95" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "6576bde36ae9a9bc2e9dd878db788c608083b84d96d31e6898f48a264c6b7f1a" score = 75 quality = 90 @@ -26701,12 +26701,12 @@ rule REVERSINGLABS_Win32_Ransomware_ONI : TC_DETECTION MALICIOUS MALWARE FILE description = "Yara rule that detects Oni ransomware." author = "ReversingLabs" id = "9190aee2-1119-546e-82ca-a7aba44a9d7f" - date = "2024-05-05" - date = "2024-05-05" + date = "2024-05-12" + date = "2024-05-12" modified = "2020-12-07" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Oni.yara#L1-L82" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Oni.yara#L1-L82" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "685abf5a5edba5bae19faaf6521ce617370cdab1404fe84d846e82a60182dfff" score = 75 quality = 90 @@ -26780,8 +26780,8 @@ rule REVERSINGLABS_Win32_Ransomware_Chichi : TC_DETECTION MALICIOUS MALWARE FILE date = "2022-02-14" modified = "2022-02-14" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.ChiChi.yara#L1-L66" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.ChiChi.yara#L1-L66" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "863a30e4c708e13ea0f4c6ad42a919de463926508783d6552c0cec746730baa5" score = 75 quality = 90 @@ -26840,8 +26840,8 @@ rule REVERSINGLABS_Win32_Ransomware_Loocipher : TC_DETECTION MALICIOUS MALWARE F date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.LooCipher.yara#L1-L87" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.LooCipher.yara#L1-L87" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "aa0598d63b5fad6aea0945a0aa2030d3d6e2cd9f1fea16f3dd17cdceb68323e3" score = 75 quality = 90 @@ -26921,8 +26921,8 @@ rule REVERSINGLABS_Win32_Ransomware_Braincrypt : TC_DETECTION MALICIOUS MALWARE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.BrainCrypt.yara#L1-L121" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.BrainCrypt.yara#L1-L121" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "85866d6ffa136bf3ed27bbab55ae5430af4a1363930ebacab0df9ad24f8734cb" score = 75 quality = 90 @@ -27041,8 +27041,8 @@ rule REVERSINGLABS_Win32_Ransomware_Conti : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-12-14" modified = "2020-12-14" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Conti.yara#L1-L74" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Conti.yara#L1-L74" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "4f2b96c8eaf8d112a7bb60647db49616935a336396c705d39d5bb51dfd90c60b" score = 75 quality = 90 @@ -27112,8 +27112,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Janelle : TC_DETECTION MALICIOUS MAL date = "2021-12-16" modified = "2021-12-16" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/ByteCode.MSIL.Ransomware.Janelle.yara#L1-L96" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/ByteCode.MSIL.Ransomware.Janelle.yara#L1-L96" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "49f1eac82930606183ab9cf1d5c6c42534d58735876134793e9712e78eb5a4c7" score = 75 quality = 90 @@ -27201,8 +27201,8 @@ rule REVERSINGLABS_Win32_Ransomware_Lolkek : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-10-23" modified = "2020-10-23" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Lolkek.yara#L1-L106" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Lolkek.yara#L1-L106" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "d18545b25a33bba1a6e01ab37768bd4f15fb125dcb8cbe7909d9a8bbe08e63fa" score = 75 quality = 90 @@ -27299,8 +27299,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Goodwill : TC_DETECTION MALICIOUS MA date = "2022-06-28" modified = "2022-06-28" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/ByteCode.MSIL.Ransomware.GoodWill.yara#L1-L89" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/ByteCode.MSIL.Ransomware.GoodWill.yara#L1-L89" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "94e2950f415ba737fe5ca9d32a3d850dd5744e547c4ca094ad28545e19033cb2" score = 75 quality = 90 @@ -27377,8 +27377,8 @@ rule REVERSINGLABS_Win32_Ransomware_Makop : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-10-30" modified = "2020-10-30" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Makop.yara#L1-L99" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Makop.yara#L1-L99" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "0ff4739d32b4a775d07a5f22d551ed67025681d4986e4404c9a01ad4078468f3" score = 75 quality = 90 @@ -27469,8 +27469,8 @@ rule REVERSINGLABS_Win32_Ransomware_Acepy : TC_DETECTION MALICIOUS MALWARE FILE date = "2022-08-04" modified = "2022-08-04" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Acepy.yara#L1-L69" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Acepy.yara#L1-L69" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "92c543a0b8c3c884f83647119d32c7b46f5fe839694bb8a8de0146c5c77bc587" score = 75 quality = 90 @@ -27530,8 +27530,8 @@ rule REVERSINGLABS_Win32_Ransomware_Balaclava : TC_DETECTION MALICIOUS MALWARE F date = "2020-10-01" modified = "2020-10-01" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Balaclava.yara#L1-L113" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Balaclava.yara#L1-L113" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "01b43e6ea7ceebdbdda7e1f7c5bd2439a460b8aed4a1837755fa3679e9893ff3" score = 75 quality = 90 @@ -27635,8 +27635,8 @@ rule REVERSINGLABS_Win32_Ransomware_Notpetya : TC_DETECTION MALICIOUS MALWARE FI date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.NotPetya.yara#L1-L73" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.NotPetya.yara#L1-L73" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "328f0e527fee2145879ee13c003d375db832f7f3eacf7a1eb303393c1c8b5a36" score = 75 quality = 90 @@ -27709,8 +27709,8 @@ rule REVERSINGLABS_Win32_Ransomware_HDMR : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.HDMR.yara#L1-L161" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.HDMR.yara#L1-L161" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "035c6596db8dc14a663679c1f7e682b85963927cc034b01e390cc22fdee3334a" score = 75 quality = 90 @@ -27859,8 +27859,8 @@ rule REVERSINGLABS_Win32_Ransomware_Serpent : TC_DETECTION MALICIOUS MALWARE FIL date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Serpent.yara#L1-L122" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Serpent.yara#L1-L122" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "5e1917e8d23a5edc65ac423f3d18cc78c3848bd6c1ccc67d052eb37172857081" score = 75 quality = 90 @@ -27983,8 +27983,8 @@ rule REVERSINGLABS_Linux_Ransomware_Luckyjoe : TC_DETECTION MALICIOUS MALWARE FI date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Linux.Ransomware.LuckyJoe.yara#L1-L146" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Linux.Ransomware.LuckyJoe.yara#L1-L146" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "1e7df2c45bee072af233cf8f355a84ec931fe96afa3fbdcd225dded1b75ea961" score = 75 quality = 90 @@ -28119,8 +28119,8 @@ rule REVERSINGLABS_Win32_Ransomware_Bluelocker : TC_DETECTION MALICIOUS MALWARE date = "2022-08-04" modified = "2022-08-04" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.BlueLocker.yara#L1-L130" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.BlueLocker.yara#L1-L130" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "fbe5f246f4554e63b5da6a0aca169e8221a84fce18fd437ae7ad9b068e9ca576" score = 75 quality = 90 @@ -28240,8 +28240,8 @@ rule REVERSINGLABS_Win32_Ransomware_Rokku : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Rokku.yara#L1-L147" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Rokku.yara#L1-L147" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "fefb342f8a9afac3b40c343b830f334225ff4198d55504846aa855acf5dfc9ba" score = 75 quality = 90 @@ -28378,8 +28378,8 @@ rule REVERSINGLABS_Win32_Ransomware_Nefilim : TC_DETECTION MALICIOUS MALWARE FIL date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/ransomware/Win32.Ransomware.Nefilim.yara#L1-L150" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/ransomware/Win32.Ransomware.Nefilim.yara#L1-L150" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "fae0350e51aee2777475d2222848b30fd39fa39ceea260132b0c7fbc536b3a86" score = 75 quality = 90 @@ -28514,8 +28514,8 @@ rule REVERSINGLABS_Win32_Infostealer_Stealc : TC_DETECTION MALICIOUS MALWARE FIL date = "2023-06-07" modified = "2023-06-07" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/infostealer/Win32.Infostealer.StealC.yara#L1-L57" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/infostealer/Win32.Infostealer.StealC.yara#L1-L57" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "bea1cf370150387eb185deff726e10e660e7eb571c20d22878def08b36f457bf" score = 75 quality = 90 @@ -28565,8 +28565,8 @@ rule REVERSINGLABS_Win32_Infostealer_Projecthookpos : TC_DETECTION MALICIOUS MAL date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/infostealer/Win32.Infostealer.ProjectHookPOS.yara#L1-L98" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/infostealer/Win32.Infostealer.ProjectHookPOS.yara#L1-L98" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "b7534c9e905256aaf80f04b746a92c50689437b288f7e393ef13fde1740c4a4e" score = 75 quality = 90 @@ -28660,8 +28660,8 @@ rule REVERSINGLABS_Win32_Infostealer_Lumarstealer : TC_DETECTION MALICIOUS MALWA date = "2023-12-07" modified = "2023-12-07" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/infostealer/Win32.Infostealer.LumarStealer.yara#L1-L190" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/infostealer/Win32.Infostealer.LumarStealer.yara#L1-L190" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "0bc9e12396b1e85f69b965e9ea50960c59c50aba40317fb4de8f6abd092ec7d2" score = 75 quality = 90 @@ -28835,8 +28835,8 @@ rule REVERSINGLABS_Win32_Infostealer_Multigrainpos : TC_DETECTION MALICIOUS MALW date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/infostealer/Win32.Infostealer.MultigrainPOS.yara#L1-L88" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/infostealer/Win32.Infostealer.MultigrainPOS.yara#L1-L88" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "9808c95b850a54677c4132057b8372cabf0159920b7e0e6834a83f0d39c088fa" score = 75 quality = 90 @@ -28921,8 +28921,8 @@ rule REVERSINGLABS_Cert_Blocklist_05E2E6A4Cd09Ea54D665B075Fe22A256 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L27-L43" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L27-L43" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "43da21d9c7ae9bfcc7fe4ee69f9d46cbce1954785d56c1d424b36deb8afe592e" score = 75 quality = 90 @@ -28946,8 +28946,8 @@ rule REVERSINGLABS_Cert_Blocklist_77019A082385E4B73F569569C9F87Bb8 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L45-L61" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L45-L61" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "8613986005bdd30d92e633fa2058be5c43f1c530b9dc6d80ec953f12f6d66ce7" score = 75 quality = 90 @@ -28971,8 +28971,8 @@ rule REVERSINGLABS_Cert_Blocklist_4F2Ef29Ca5F96E5777B82C62F34Fd3A6 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L63-L79" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L63-L79" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "e8f27c4a72f416a16acabb1de606fdde7dc694256809fdb952a25313dda0d34e" score = 75 quality = 90 @@ -28996,8 +28996,8 @@ rule REVERSINGLABS_Cert_Blocklist_7Cc1Db2Ad0A290A4Bfe7A5F336D6800C : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L81-L97" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L81-L97" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "c9f91edb525a02041bc20dff25ec58323f8fabd4d2a2eca63238ecb10ccef2a6" score = 75 quality = 90 @@ -29021,8 +29021,8 @@ rule REVERSINGLABS_Cert_Blocklist_13C8351Aece71C731158980F575F4133 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L99-L115" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L99-L115" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "f96723845adc8030b72c119311103d5c2cf136e79de226d31141d8b925ce8e75" score = 75 quality = 90 @@ -29046,8 +29046,8 @@ rule REVERSINGLABS_Cert_Blocklist_4531954F6265304055F66Ce4F624F95B : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L117-L133" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L117-L133" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "58d3a2a5e3f6730f329bddb171ad6332794fa95848825b892c3b8324f503ae89" score = 75 quality = 90 @@ -29071,8 +29071,8 @@ rule REVERSINGLABS_Cert_Blocklist_0E808F231515Bc519Eea1A73Cdf3266F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L135-L151" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L135-L151" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "05e466e304ed7a8f5c1c93aac4a4b7019d6fb1e07aeb45d078b657f838d1f3bd" score = 75 quality = 90 @@ -29096,8 +29096,8 @@ rule REVERSINGLABS_Cert_Blocklist_36Be4Ad457F062Fa77D87595B8Ccc8Cf : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L153-L169" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L153-L169" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "d19a6f22a1e702a4da69c867195722adf8f1dd84539f2c584af428fe4b1caf79" score = 75 quality = 90 @@ -29121,8 +29121,8 @@ rule REVERSINGLABS_Cert_Blocklist_75A38507Bf403B152125B8F5Ce1B97Ad : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L171-L187" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L171-L187" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "af21cee3ee92268c3aa0106a245e5a00c5ba892fca3e4fd2dc55e302ed5d470a" score = 75 quality = 90 @@ -29146,8 +29146,8 @@ rule REVERSINGLABS_Cert_Blocklist_4Effa8B216E24B16202940C1Bc2Fa8A5 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L189-L205" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L189-L205" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "b5282fc85bbbee50c5307fff923e9e477fed8c011288e2ebd61c4b3ee801bc62" score = 75 quality = 90 @@ -29171,8 +29171,8 @@ rule REVERSINGLABS_Cert_Blocklist_57D7153A89Bbf4729Be87F3C927043Aa : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L207-L223" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L207-L223" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "a8de7951bd25c8a9346ef341d8bf9c9147f9fa6913e952be40fb43d3d7a370c1" score = 75 quality = 90 @@ -29196,8 +29196,8 @@ rule REVERSINGLABS_Cert_Blocklist_028E1Deccf93D38Ecf396118Dfe908B4 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L225-L241" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L225-L241" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "b07c797652ef19c7e0b23c3eddbbbf2700160d743d71a0005b950160474638d8" score = 75 quality = 90 @@ -29221,8 +29221,8 @@ rule REVERSINGLABS_Cert_Blocklist_40575Df73Eaa1B6140C7Ef62C08Bf216 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L243-L259" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L243-L259" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "7da8e98f38413e5cbb18e3c7771c530afb766dd9fbeb8fdd2264617aff24f920" score = 75 quality = 90 @@ -29246,8 +29246,8 @@ rule REVERSINGLABS_Cert_Blocklist_049Ce8C47F1F0E650Cb086F0Cfa7Ca53 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L261-L277" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L261-L277" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "9ae4a236e1252afc1db6fae4e388a53ebde7e724cc07c213d4bfc176cf0a0096" score = 75 quality = 90 @@ -29271,8 +29271,8 @@ rule REVERSINGLABS_Cert_Blocklist_29F42680E653Cf8Fafd0E935553F7E86 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L279-L295" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L279-L295" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "6c726e4c2933a6472d256a18ea5265660ff035d05036ab9cae3409ab5a7c7598" score = 75 quality = 90 @@ -29296,8 +29296,8 @@ rule REVERSINGLABS_Cert_Blocklist_0C15 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L297-L313" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L297-L313" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "1ee88813270dddeeedd90edbce9be2ce74303a6799ee64b0e9bfaea7377d3b2d" score = 75 quality = 90 @@ -29321,8 +29321,8 @@ rule REVERSINGLABS_Cert_Blocklist_0C0F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L315-L331" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L315-L331" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "0f8fda07dc362b7e04892446f1abe1e5f5717ee715824a2c1f6550096c366701" score = 75 quality = 90 @@ -29346,8 +29346,8 @@ rule REVERSINGLABS_Cert_Blocklist_06A164Ec5978497741Ee6Cec9966871B : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L333-L349" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L333-L349" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "8a27015d94a3bd8543a8ca9202831ffc9c9e65f61bf26ed6825c3e746b6af0d4" score = 75 quality = 90 @@ -29371,8 +29371,8 @@ rule REVERSINGLABS_Cert_Blocklist_1121Ed568764E75Be35574448Feadefcd3Bc : INFO FI date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L351-L367" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L351-L367" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "3316a2536920c5aa9dd627cec7678e6fe33c722b4830dd740009c20dd013c9ab" score = 75 quality = 90 @@ -29396,8 +29396,8 @@ rule REVERSINGLABS_Cert_Blocklist_6Ed2450Ceac0F72E73Fda1727E66E654 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L369-L385" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L369-L385" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "0e5af7795c825367d441c8abc2aa835fa83083eb8ee1f723c7d2dacff1ca88ff" score = 75 quality = 90 @@ -29421,8 +29421,8 @@ rule REVERSINGLABS_Cert_Blocklist_32665079C5A5854A6833623Ca77Ff5Ac : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L387-L403" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L387-L403" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "6b734ca733c5fbadcb490ffd4c19c951e0fc17dd9b660eca948b126038c42cdb" score = 75 quality = 90 @@ -29446,8 +29446,8 @@ rule REVERSINGLABS_Cert_Blocklist_01A90094C83412C00Cf98Dd2Eb0D7042 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L405-L421" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L405-L421" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "5a3de0e6de5cda39e40988f9e2324cbee3e059aff5ceaf7fd819de8bf7215808" score = 75 quality = 90 @@ -29471,8 +29471,8 @@ rule REVERSINGLABS_Cert_Blocklist_55Efe24B9674855Baf16E67716479C71 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L423-L439" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L423-L439" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "2cf7a76ae3c3a698564013ff545c74d0319face5aa19416c93bf10f45f84f8c9" score = 75 quality = 90 @@ -29496,8 +29496,8 @@ rule REVERSINGLABS_Cert_Blocklist_094Bf19D509D3074913995160B195B6C : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L441-L457" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L441-L457" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "3c1ed012716f36876d9375838befb9821b87cafc6aca57a0f18392f80f5ba325" score = 75 quality = 90 @@ -29521,8 +29521,8 @@ rule REVERSINGLABS_Cert_Blocklist_0A77Cf3Ba49B64E6Cbe5Fb4A6A6Aacc6 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L459-L475" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L459-L475" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "3bebc4a36b57526505167d8f075d468e4775d66c81ce08644c506d9be94efba0" score = 75 quality = 90 @@ -29546,8 +29546,8 @@ rule REVERSINGLABS_Cert_Blocklist_1F4C22Da1107D20C1Eda04569D58E573 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L477-L493" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L477-L493" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "fe19c4b21c3b70ec571461ca6d9c370a971c01f2d68e3c3916aa1fa0f13b20f8" score = 75 quality = 90 @@ -29571,8 +29571,8 @@ rule REVERSINGLABS_Cert_Blocklist_4Fe68D48634893D18De040D8F1C289D2 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L495-L511" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L495-L511" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "41feebc8800a084ac369b5c5721b1362d371bd503b67823986bad2839157a4b0" score = 75 quality = 90 @@ -29596,8 +29596,8 @@ rule REVERSINGLABS_Cert_Blocklist_6767Def972D6Ea702D8C8A53Af1832D3 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L513-L529" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L513-L529" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "aa7f997449b4b8dcf488cfb7f45ee98ca540d39fb861f5b01ff4bb4aa1875b72" score = 75 quality = 90 @@ -29621,8 +29621,8 @@ rule REVERSINGLABS_Cert_Blocklist_06477E3425F1448995Ced539789E6842 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L531-L547" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L531-L547" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "c0bc7808bb6bcc8273a887203c1b47d1a49fcb7719863e6bc97b5c7404a254f7" score = 75 quality = 90 @@ -29646,8 +29646,8 @@ rule REVERSINGLABS_Cert_Blocklist_0450A7C1C36951Da09C8Ad0E7F716Ff2 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L549-L565" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L549-L565" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "cb594607ceef1b8d79145ad3905fb2c38d2ed3f3e6c8a0a793fc2dc9d0a21855" score = 75 quality = 90 @@ -29671,8 +29671,8 @@ rule REVERSINGLABS_Cert_Blocklist_0F9Fbdab9B39645Cf3211F87Abb5Ddb7 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L567-L583" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L567-L583" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "ba5885c7769b5ead261815880033b0df50dc4f7684fdb37398ab01bfebda0e37" score = 75 quality = 90 @@ -29696,8 +29696,8 @@ rule REVERSINGLABS_Cert_Blocklist_4211D2E4F0E87127319302C55B85Bcf2 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L585-L601" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L585-L601" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "edf9bbface7fe943dfa4f5a6e8469802ccdbd3de9d3e6b8fabebb024c21bb9a9" score = 75 quality = 90 @@ -29721,8 +29721,8 @@ rule REVERSINGLABS_Cert_Blocklist_07B44Cdbfffb78De05F4261672A67312 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L603-L619" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L603-L619" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "c88a8543782fc49d8aa68f3fc8052bd3316d10118dfb2ef2eef5006de657b6f1" score = 75 quality = 90 @@ -29746,8 +29746,8 @@ rule REVERSINGLABS_Cert_Blocklist_4F8B9A1Ba5E60C754Dbb40Ddee7905E2 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L621-L637" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L621-L637" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "2a0d07d47cd41db5dc170a29607b6c1f2e3b7c0785f83b211f68f9cb9368e350" score = 75 quality = 90 @@ -29771,8 +29771,8 @@ rule REVERSINGLABS_Cert_Blocklist_0A389B95Ee736Dd13Bc0Ed743Fd74D2F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L639-L655" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L639-L655" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "8b83e4aa47cea7cadf4b4a9f4e044478a62f4233e082fb52f9ed906d80a552aa" score = 75 quality = 90 @@ -29796,8 +29796,8 @@ rule REVERSINGLABS_Cert_Blocklist_1A3Faaeb3A8B93B2394Fec36345996E6 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L657-L673" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L657-L673" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "a3bd9aaba8dbdb340b5d3013684584524eb08b11339985ba6ca0291b8c8bc692" score = 75 quality = 90 @@ -29821,8 +29821,8 @@ rule REVERSINGLABS_Cert_Blocklist_1A35Acce5B0C77206B1C3Dc2A6A2417C : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L675-L691" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L675-L691" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "ce161fdd511e0efa042516ead09c6ab5f8dcf54f2087cdccbfed8e7cdfbd25b2" score = 75 quality = 90 @@ -29846,8 +29846,8 @@ rule REVERSINGLABS_Cert_Blocklist_6Eb40Ea11Eaac847B050De9B59E25Bdc : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L693-L709" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L693-L709" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "d0e7ab78fb42c9a8f19cba8e6a8b15d584651a23f1088e1f311589d46145e963" score = 75 quality = 90 @@ -29871,8 +29871,8 @@ rule REVERSINGLABS_Cert_Blocklist_6724340Ddbc7252F7Fb714B812A5C04D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L711-L727" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L711-L727" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "bc72c2ca5f81198684233e23260831da5b9ef4e7ac5a25abbdb303eecc38bd53" score = 75 quality = 90 @@ -29896,8 +29896,8 @@ rule REVERSINGLABS_Cert_Blocklist_0813Ee9B7B9D7C46001D6Bc8784Df1Dd : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L729-L745" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L729-L745" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "1a25a2f25fa8d5075113cbafb73e80e741268d6b2f9e629fd54ffca9e82409b0" score = 75 quality = 90 @@ -29921,8 +29921,8 @@ rule REVERSINGLABS_Cert_Blocklist_530591C61B5E1212F659138B7Cea0A97 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L747-L763" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L747-L763" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "0ef01e542d145475713bbd373bdcdae5f25bfd823a60e7d40fe9a6b6039c83e0" score = 75 quality = 90 @@ -29946,8 +29946,8 @@ rule REVERSINGLABS_Cert_Blocklist_07270Ff9 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L765-L781" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L765-L781" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "8f0da7c330464184fa1d5bf8d51dd8ad2e8637710a36972dcab03629cb57e910" score = 75 quality = 90 @@ -29971,8 +29971,8 @@ rule REVERSINGLABS_Cert_Blocklist_0727100D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L783-L799" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L783-L799" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "a09f4004ed002b90d67a3baddde74832e6c7b70e8b330347ef169460750aa344" score = 75 quality = 90 @@ -29996,8 +29996,8 @@ rule REVERSINGLABS_Cert_Blocklist_07271003 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L801-L817" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L801-L817" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "14c201b4fdda5b3553732a173a3d6705129c54f2a50d26997d63a77be8504285" score = 75 quality = 90 @@ -30021,8 +30021,8 @@ rule REVERSINGLABS_Cert_Blocklist_013134Bf : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L819-L835" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L819-L835" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "1ade100c310c22bce25bcc6687855bd4eb6364b64cf31514b2548509a16e4a36" score = 75 quality = 90 @@ -30046,8 +30046,8 @@ rule REVERSINGLABS_Cert_Blocklist_01314476 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L837-L853" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L837-L853" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "6f2f3f3ae009fbb9ebe589fc6b640be89c4a7b734eda515f182c7e9c9ffb4779" score = 75 quality = 90 @@ -30071,8 +30071,8 @@ rule REVERSINGLABS_Cert_Blocklist_013169B0 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L855-L871" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L855-L871" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "354421ebad7fd0b73c9ba63630c91d481901ca9ec39be3c6b66843221e4b5aad" score = 75 quality = 90 @@ -30096,8 +30096,8 @@ rule REVERSINGLABS_Cert_Blocklist_0C76Da9C910C4E2C9Efe15D058933C4C : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L873-L889" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L873-L889" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "883e93bff42161ba68f69fb17f7e78377d7f3cb6b6cdf72cffb4166466f8bc7b" score = 75 quality = 90 @@ -30121,8 +30121,8 @@ rule REVERSINGLABS_Cert_Blocklist_469C2Caf : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L891-L907" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L891-L907" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "2490dbd74a5d3eede494d284f96af835c270d2fb0752b887aadbaf92bf34e6d4" score = 75 quality = 90 @@ -30146,8 +30146,8 @@ rule REVERSINGLABS_Cert_Blocklist_469C3Cc9 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L909-L925" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L909-L925" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "7327b7cbeb616bc46c82975aed6b3ea1caafa74fd431e2d98ca55b00851e22c8" score = 75 quality = 90 @@ -30171,8 +30171,8 @@ rule REVERSINGLABS_Cert_Blocklist_0A82Bd1E144E8814D75B1A5527Bebf3E : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L927-L943" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L927-L943" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "2534e58ce1e5adbb10dbacb664d40cc32faec341bdb93b926cc85b666cc7b77e" score = 75 quality = 90 @@ -30196,8 +30196,8 @@ rule REVERSINGLABS_Cert_Blocklist_469C2Cb0 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L945-L961" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L945-L961" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "67ff84475cbe231f97daa3ce623689e7936db8e56be562778f8a4c1ebf7bf316" score = 75 quality = 90 @@ -30221,8 +30221,8 @@ rule REVERSINGLABS_Cert_Blocklist_4C0E636A : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L963-L979" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L963-L979" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "20169cf9ce3f271a22d1376bcf0ff0914f43937738c9ed61fd8e40179405136b" score = 75 quality = 90 @@ -30246,8 +30246,8 @@ rule REVERSINGLABS_Cert_Blocklist_072714A9 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L981-L997" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L981-L997" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "8bea4cfb60056446043ef90a7d01ecc52d82d9e7005a145a4daa61a522ecd2ae" score = 75 quality = 90 @@ -30271,8 +30271,8 @@ rule REVERSINGLABS_Cert_Blocklist_00D8F35F4Eb7872B2Dab0692E315382Fb0 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L999-L1017" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L999-L1017" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "463757c59c32859163ea80e694e1f39239c857124aad3895f22f83b47645910c" score = 75 quality = 90 @@ -30296,8 +30296,8 @@ rule REVERSINGLABS_Cert_Blocklist_750E40Ff97F047Edf556C7084Eb1Abfd : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L1019-L1035" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L1019-L1035" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "21c2468905514e1725a206814b0c61c576cf7f97f184bac857bca9283f49a957" score = 75 quality = 90 @@ -30321,8 +30321,8 @@ rule REVERSINGLABS_Cert_Blocklist_1B5190F73724399C9254Cd424637996A : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L1037-L1053" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L1037-L1053" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "08f287ccda93e03a7e796d5625ab35ef0de782d07e5db4e2264f612fc5ebaa21" score = 75 quality = 90 @@ -30346,8 +30346,8 @@ rule REVERSINGLABS_Cert_Blocklist_00Ebaa11D62E2481081820 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L1055-L1072" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L1055-L1072" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "2fafc6775ec88b5a1000afbc7234fbef6b03e9eaf866dae660dd2d749996cb5c" score = 75 quality = 90 @@ -30371,8 +30371,8 @@ rule REVERSINGLABS_Cert_Blocklist_3Aab11Dee52F1B19D056 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L1074-L1089" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L1074-L1089" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "1f1215143dc828596e6d7eeff99983755b17eaeb3ab9d7643abdbb48e9957c78" score = 75 quality = 90 @@ -30396,8 +30396,8 @@ rule REVERSINGLABS_Cert_Blocklist_6102B01900000000002F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L1091-L1106" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L1091-L1106" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "6c42daa8b8730541bb422ac860ec4b0830e00fdb732e4bb503054dbcae1ff6d4" score = 75 quality = 90 @@ -30421,8 +30421,8 @@ rule REVERSINGLABS_Cert_Blocklist_01E2B4F759811C64379Fca0Be76D2Dce : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L1108-L1124" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L1108-L1124" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "0dff7a9f2e152c20427ea231449b942a040e964cb7dad90271d2865290535326" score = 75 quality = 90 @@ -30446,8 +30446,8 @@ rule REVERSINGLABS_Cert_Blocklist_03E5A010B05C9287F823C2585F547B80 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L1126-L1142" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L1126-L1142" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "1d57b640ee313ad4d53dc64ce4df3e4ed57976e7750cfd80d62bf9982d964d26" score = 75 quality = 90 @@ -30471,8 +30471,8 @@ rule REVERSINGLABS_Cert_Blocklist_0Fe7Df6C4B9A33B83D04E23E98A77Cce : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L1144-L1160" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L1144-L1160" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "da5ed07def8d0c04ea58aacd90f9fa5588f868f6d0057b9148587f2f0b381f25" score = 75 quality = 90 @@ -30496,8 +30496,8 @@ rule REVERSINGLABS_Cert_Blocklist_065569A3E261409128A40Affa90D6D10 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L1162-L1178" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L1162-L1178" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "f8d68758704e41325e95ec69334aaf7fabe08a6d5557e0a81bac2f02d3ab5977" score = 75 quality = 90 @@ -30521,8 +30521,8 @@ rule REVERSINGLABS_Cert_Blocklist_0979616733E062C544Df0Abd315E3B92 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L1180-L1196" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L1180-L1196" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "034b233d6b6dd82ad9fa1ec99db1effa3daaa5bb478d448133c479ac728117ad" score = 75 quality = 90 @@ -30546,8 +30546,8 @@ rule REVERSINGLABS_Cert_Blocklist_7D3250B27E0547C77307030491B42802 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L1198-L1214" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L1198-L1214" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "65f036921dfb9cbce3275aefb7111711e50874440096b2e3c3b55190cfc14ddb" score = 75 quality = 90 @@ -30571,8 +30571,8 @@ rule REVERSINGLABS_Cert_Blocklist_00D1836Bd37C331A67 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L1216-L1234" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L1216-L1234" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "8af1d10085c5be8924eb6e4ea3a9b8e936c7706d8ec43d42f24a9a293c7f9d27" score = 75 quality = 90 @@ -30596,8 +30596,8 @@ rule REVERSINGLABS_Cert_Blocklist_2Ca028D1A4De0Eb743135Edecf74D7Af : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L1236-L1252" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L1236-L1252" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "60b6351194e23153d425eaa0c25f840080a29abb5eb1bbcd41bb76a3d4130edd" score = 75 quality = 90 @@ -30621,8 +30621,8 @@ rule REVERSINGLABS_Cert_Blocklist_Dbb14Dcf973Eada14Ece7Ea79C895C11 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L1254-L1270" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L1254-L1270" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "c73c83f5cb6d840b887e1aa41e96a29529f975434ac27a5aa57f2e14b342f63d" score = 75 quality = 90 @@ -30646,8 +30646,8 @@ rule REVERSINGLABS_Cert_Blocklist_F8C2239De3977B8D4A3Dcbedc9031A51 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L1272-L1288" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L1272-L1288" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "aa4f39790bc58b0a50e05e7670abad654d7f3d73e500bd5f054fece4a979ebfa" score = 75 quality = 90 @@ -30671,8 +30671,8 @@ rule REVERSINGLABS_Cert_Blocklist_Caad8222705D3Fb3430E114A31C8C6A4 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L1290-L1306" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L1290-L1306" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "35c4f46322da4f5b9f938c1098c8e57effc8abfc03db865190c343df7b8990ea" score = 75 quality = 90 @@ -30696,8 +30696,8 @@ rule REVERSINGLABS_Cert_Blocklist_B191812516E6618D49E6Ccf5E63Dc343 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L1308-L1324" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L1308-L1324" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "40c03e683b4b8e8a23ca84da7dfd3bd998d3708b27b7df7a22f25fb364c3a69b" score = 75 quality = 90 @@ -30721,8 +30721,8 @@ rule REVERSINGLABS_Cert_Blocklist_4Ba7Fb8Ee1Deff8F4A1525E1E0580057 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L1326-L1342" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L1326-L1342" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "324157b9fec2653cb8874c7a1a5b6e39b121992cd52856b8c4a2a8b7cee86a69" score = 75 quality = 90 @@ -30746,8 +30746,8 @@ rule REVERSINGLABS_Cert_Blocklist_2Df9F7Eb6Cdc5Ca243B33122E3941E25 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L1344-L1360" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L1344-L1360" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "703eccd5573fe42f03ec82887660d50e942156d840394746c90ba87d82507803" score = 75 quality = 90 @@ -30771,8 +30771,8 @@ rule REVERSINGLABS_Cert_Blocklist_58A541D50F9E2Fab4380C6A2Ed433B82 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L1362-L1378" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L1362-L1378" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "69ddc58b6fec159d6eded8c78237a6a0626b1aedb58b0c9867b758fd09db46ad" score = 75 quality = 90 @@ -30796,8 +30796,8 @@ rule REVERSINGLABS_Cert_Blocklist_5F273626859Ae4Bc4Becbbeb71E2Ab2D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L1380-L1396" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L1380-L1396" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "c8be504f075041508f299b1df03d9cb9e58d9a89f49b7a926676033d18b108ba" score = 75 quality = 90 @@ -30821,8 +30821,8 @@ rule REVERSINGLABS_Cert_Blocklist_B1Ad46Ce4Db160B348C24F66C9663178 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L1398-L1414" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L1398-L1414" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "59ce2b7a2e881853d07446b3dda74b296f2be09651364d0e131552cf76dab751" score = 75 quality = 90 @@ -30846,8 +30846,8 @@ rule REVERSINGLABS_Cert_Blocklist_256541E204619033F8B09F9Eb7C88Ef8 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L1416-L1432" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L1416-L1432" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "e33cedf1dd24ac73f77461de0cef25cad57909be2a69469fec450ead7da85c65" score = 75 quality = 90 @@ -30871,8 +30871,8 @@ rule REVERSINGLABS_Cert_Blocklist_00E8Cc18Cf100B6B27443Ef26319398734 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L1434-L1452" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L1434-L1452" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "68e9df056109cae41d981090c7a98ddc192a445647d7475569ddbe4118e570c5" score = 75 quality = 90 @@ -30896,8 +30896,8 @@ rule REVERSINGLABS_Cert_Blocklist_62Af28A7657Ba8Ab10Fa8E2D47250C69 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L1454-L1470" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L1454-L1470" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "c3c034cb4e2c65e2269fbfd9c045eb294badde60389ae62ed694ea4d61c5eb35" score = 75 quality = 90 @@ -30921,8 +30921,8 @@ rule REVERSINGLABS_Cert_Blocklist_04C8Eca7243208A110Dea926C7Ad89Ce : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L1472-L1488" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L1472-L1488" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "0012436e83704397026a8b2e500e5d61915e0f4c8ad4100176e200a975562e8f" score = 75 quality = 90 @@ -30946,8 +30946,8 @@ rule REVERSINGLABS_Cert_Blocklist_157C3A4A6Bcf35Cf8453E6B6C0072E1D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L1490-L1506" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L1490-L1506" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "2a68051ab6d0b967f08e44d91b9f13d75587ea0f16e2a5536ccf5898445e1a58" score = 75 quality = 90 @@ -30971,8 +30971,8 @@ rule REVERSINGLABS_Cert_Blocklist_04422F12037Bc2032521Dbb6Ae02Ea0E : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L1508-L1524" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L1508-L1524" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "381d749d24121d6634656fd33adcda5c3e500ee77a6333f525f351a2ee589e2c" score = 75 quality = 90 @@ -30996,8 +30996,8 @@ rule REVERSINGLABS_Cert_Blocklist_65Eae6C98111Dc40Bf4F962Bf27227F2 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L1526-L1542" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L1526-L1542" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "20c0f4e9783586e68ff363fe6a72398f6ea27aef5d25f98872d1203ce1a0c9bd" score = 75 quality = 90 @@ -31021,8 +31021,8 @@ rule REVERSINGLABS_Cert_Blocklist_12D5A4B29Fe6156D4195Fba55Ae0D9A9 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L1544-L1560" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L1544-L1560" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "860550745f6dbcd7dd0925d9b8f04e8e08e8b7c06343a4c070e131a815c42e12" score = 75 quality = 90 @@ -31046,8 +31046,8 @@ rule REVERSINGLABS_Cert_Blocklist_0087D60D1E2B9374Eb7A735Dce4Bbdae56 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L1562-L1580" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L1562-L1580" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "d6e0d22e926a237f1cc6b71c6f8ce01e497723032c9efba1e6af7327a786b608" score = 75 quality = 90 @@ -31071,8 +31071,8 @@ rule REVERSINGLABS_Cert_Blocklist_0860C8A7Ed18C3F030A32722Fd2B220C : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L1582-L1598" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L1582-L1598" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "3c777fb157a6669bfdf3143e77f69265e09458a2b42b75b72680eb043da71e85" score = 75 quality = 90 @@ -31096,8 +31096,8 @@ rule REVERSINGLABS_Cert_Blocklist_2Fdadd0740572270203F8138692C4A83 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L1600-L1616" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L1600-L1616" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "18ce7ed721a454c5bb3cd6ab26df703b1e08b94b8c518055feffa38ad42afa50" score = 75 quality = 90 @@ -31121,8 +31121,8 @@ rule REVERSINGLABS_Cert_Blocklist_4Fc13D6220C629043A26F81B1Cad72D8 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L1618-L1634" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L1618-L1634" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "5572c278f6c9be62b2bba09ea610fd170438c6893ee5283ff4a5b3bb2852b07b" score = 75 quality = 90 @@ -31146,8 +31146,8 @@ rule REVERSINGLABS_Cert_Blocklist_3457A918C6D3701B2Eaca6A92474A7Cc : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L1636-L1652" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L1636-L1652" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "70d4bece52a86bfe8958f6d4195b833cea609596e3b68bb90087c262501bd462" score = 75 quality = 90 @@ -31171,8 +31171,8 @@ rule REVERSINGLABS_Cert_Blocklist_621Ed8265B0Ad872D9F4B4Ed6D560513 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L1654-L1670" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L1654-L1670" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "c133d6eea5d27e597d0a656c7c930a5ca84adb46aa2fec66381b6b5c759e22aa" score = 75 quality = 90 @@ -31196,8 +31196,8 @@ rule REVERSINGLABS_Cert_Blocklist_56E22B992B4C7F1Afeac1D63B492Bf54 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L1672-L1688" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L1672-L1688" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "ef058c0ec352260fa3db0fc74331d1da3c9eb8d161cef7635632fd7c569198c6" score = 75 quality = 90 @@ -31221,8 +31221,8 @@ rule REVERSINGLABS_Cert_Blocklist_3Bc3Bae4118D46F3Fdd9Beeeab749Fee : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L1690-L1706" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L1690-L1706" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "fcbda27f8bf4dca8aa32103bb344380c82f0c701c25766df94c182ef94805a12" score = 75 quality = 90 @@ -31246,8 +31246,8 @@ rule REVERSINGLABS_Cert_Blocklist_0F0449F7691E5B4C8E74E71Cae822179 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L1708-L1724" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L1708-L1724" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "f8d3593b357f27240a4399e877ae9044f783bb944ad47ec9fe8bbecc63be864c" score = 75 quality = 90 @@ -31271,8 +31271,8 @@ rule REVERSINGLABS_Cert_Blocklist_43Db4448D870D7Bdc275F36A01Fba36F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L1726-L1742" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L1726-L1742" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "951e35e2c3f1bd90a33f8b76b6ede5686ee9b9c97a4c71df5b9dff15956209c5" score = 75 quality = 90 @@ -31296,8 +31296,8 @@ rule REVERSINGLABS_Cert_Blocklist_2880A7F7Ff2D334Aa08744A8754Fab2C : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L1744-L1760" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L1744-L1760" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "03c7e1251c44e8824ae3b648a95cf34f4c56db65d76806306a062a343981d87f" score = 75 quality = 90 @@ -31321,8 +31321,8 @@ rule REVERSINGLABS_Cert_Blocklist_0492F5C18E26Fa0Cd7E15067674Aff1C : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L1762-L1778" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L1762-L1778" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "d47d59d7680000d6c35181be2d9b034c2ecb7ca754a39c8e11750ddd7246b47c" score = 75 quality = 90 @@ -31346,8 +31346,8 @@ rule REVERSINGLABS_Cert_Blocklist_6Aa668Cd6A9De1Fdd476Ea8225326937 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L1780-L1796" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L1780-L1796" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "706e16995af40a6c9176dcbca07fb406f2efe4d47dbd9629d1a6b1ab1d09b045" score = 75 quality = 90 @@ -31371,8 +31371,8 @@ rule REVERSINGLABS_Cert_Blocklist_1Cb06Dccb482255728671Ea12Ac41620 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L1798-L1814" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L1798-L1814" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "e0867ffe2ddd28282fe78b27b3b12ebac525b33a27dd242bc6f55bcd2e066a18" score = 75 quality = 90 @@ -31396,8 +31396,8 @@ rule REVERSINGLABS_Cert_Blocklist_370C2467C41D6019Bbecd72E00C5D73D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L1816-L1832" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L1816-L1832" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "2b99522b75ee83d85b30146cb292b5a8a46dc300fb43dd9d39d9ca96c9d32d9b" score = 75 quality = 90 @@ -31421,8 +31421,8 @@ rule REVERSINGLABS_Cert_Blocklist_5067339614C5Cc219C489D40420F3Bf9 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L1834-L1850" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L1834-L1850" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "1716087285a093a3467583f79d7ae9bee641997227e6d4f95047905aedcc97c6" score = 75 quality = 90 @@ -31446,8 +31446,8 @@ rule REVERSINGLABS_Cert_Blocklist_6E32531Ae83992F0573120A5E78De271 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L1852-L1868" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L1852-L1868" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "2b6d54ea8395c3666906b2e60c30b970c2c1b6f55ded874cbcc22dc79391fb34" score = 75 quality = 90 @@ -31471,8 +31471,8 @@ rule REVERSINGLABS_Cert_Blocklist_6967A89Bcf6Efef160Aaeebbff376C0A : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L1870-L1886" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L1870-L1886" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "deb7465e453aa5838f81e15e270abc958a65e1a6051a88a5910244edbe874451" score = 75 quality = 90 @@ -31496,8 +31496,8 @@ rule REVERSINGLABS_Cert_Blocklist_7473D95405D2B0B3A8F28785Ce6E74Ca : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L1888-L1904" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L1888-L1904" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "e15b990b13617017ca2d1f8caf03d8ff3785ca9b860bf11f81af5dadf17a9be5" score = 75 quality = 90 @@ -31521,8 +31521,8 @@ rule REVERSINGLABS_Cert_Blocklist_04F380F97579F1702A85E0169Bbdfd78 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L1906-L1922" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L1906-L1922" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "73dc6e36fdaf5c80b33f20f2a9157805ce1d0218f3898104de16522ee9cfd51b" score = 75 quality = 90 @@ -31546,8 +31546,8 @@ rule REVERSINGLABS_Cert_Blocklist_04D6B8Cc6Dce353Fcf3Ae8A532Be7255 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L1924-L1940" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L1924-L1940" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "a316ad7f554428d02a850fb3bb04f349d30ecd2ccd4597e7a63461bf5e866e6f" score = 75 quality = 90 @@ -31571,8 +31571,8 @@ rule REVERSINGLABS_Cert_Blocklist_191322A00200F793 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L1942-L1958" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L1942-L1958" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "1b816785f86189817c124636e50a0f369ec85cfd898223c4ba43758a877f1cf3" score = 75 quality = 90 @@ -31596,8 +31596,8 @@ rule REVERSINGLABS_Cert_Blocklist_451C9D0B413E6E8Df175 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L1960-L1976" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L1960-L1976" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "7c94d87f79c9add4d7bf2a63d0774449319aa56cbc631dd9b0f19ed9bb9837d4" score = 75 quality = 90 @@ -31621,8 +31621,8 @@ rule REVERSINGLABS_Cert_Blocklist_03943858218F35Adb7073A6027555621 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L1978-L1994" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L1978-L1994" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "93369d51b73591559494a48fafa5e4f7d46301ecaa379d8de70a70ac4d2d2728" score = 75 quality = 90 @@ -31646,8 +31646,8 @@ rule REVERSINGLABS_Cert_Blocklist_09813Ee7318452C28A1F6426D1Cee12D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L1996-L2012" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L1996-L2012" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "89eb019192f822f9fe070403161d81e425fb8acdbc80e55fa516b5607eb8f8c7" score = 75 quality = 90 @@ -31671,8 +31671,8 @@ rule REVERSINGLABS_Cert_Blocklist_476Bf24A4B1E9F4Bc2A61B152115E1Fe : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L2014-L2030" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L2014-L2030" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "0ec0f44d2a7a53ad5653334378b631abde1834ebfcf72efcdcce353c6b9ae17d" score = 75 quality = 90 @@ -31696,8 +31696,8 @@ rule REVERSINGLABS_Cert_Blocklist_7Bd55818C5971B63Dc45Cf57Cbeb950B : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L2032-L2048" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L2032-L2048" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "5aa41a2d6a86a30559b36818602e1bdf2bfd38b799a4869c26c150052d6d788c" score = 75 quality = 90 @@ -31721,8 +31721,8 @@ rule REVERSINGLABS_Cert_Blocklist_4C0B2E9D2Ef909D15270D4Dd7Fa5A4A5 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L2050-L2066" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L2050-L2066" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "9c74eb025bb413503b97ffdba6f19eadecf3789ce3a5d5419f84e32e25c9b5b1" score = 75 quality = 90 @@ -31746,8 +31746,8 @@ rule REVERSINGLABS_Cert_Blocklist_5E3D76Dc7E273E2F313Fc0775847A2A2 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L2068-L2084" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L2068-L2084" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "b943057fc3e97cfccadb4b8f61289a93b659aacf2a40217fcf519d4882e70708" score = 75 quality = 90 @@ -31771,8 +31771,8 @@ rule REVERSINGLABS_Cert_Blocklist_47D5D5372Bcb1562B4C9F4C2Bdf13587 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L2086-L2102" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L2086-L2102" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "fb4994647a2ed95c73625d90315c9b6deb6fb3b81b4aa6e847b0193f0a76650c" score = 75 quality = 90 @@ -31796,8 +31796,8 @@ rule REVERSINGLABS_Cert_Blocklist_3Ac10E68F1Ce519E84Ddcd28B11Fa542 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L2104-L2120" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L2104-L2120" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "dac3b6b7609ec1e82afe4f9c6c14e2d32b6f5d8d49c59d6c605f2a94d71bc107" score = 75 quality = 90 @@ -31821,8 +31821,8 @@ rule REVERSINGLABS_Cert_Blocklist_31062E483E0106B18C982F0053185C36 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L2122-L2138" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L2122-L2138" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "e45fc5b4d1b9f5cd35c56aad381e26e30675a9d99747cd318f3c77ea2af0e14a" score = 75 quality = 90 @@ -31846,8 +31846,8 @@ rule REVERSINGLABS_Cert_Blocklist_20D0Ee42Fc901E6B3A8Fefe8C1E6087A : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L2140-L2156" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L2140-L2156" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "2225302de1e8fe9f2ad064e19b2b1d9faf90c7cafbebff6ddd0921bf57c5f9e6" score = 75 quality = 90 @@ -31871,8 +31871,8 @@ rule REVERSINGLABS_Cert_Blocklist_127251B32B9A50Bd : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L2158-L2174" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L2158-L2174" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "8552ce9e9ab8d6b1025ab3c6e7b2485ef855236114c426475fde0b5f2e231ec9" score = 75 quality = 90 @@ -31896,8 +31896,8 @@ rule REVERSINGLABS_Cert_Blocklist_48Cad4E6966E22D6 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L2176-L2192" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L2176-L2192" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "7733b8a97d9f3538db04309a2e3f9df6cb64930b0b6f7f241c3e629be2dd7804" score = 75 quality = 90 @@ -31921,8 +31921,8 @@ rule REVERSINGLABS_Cert_Blocklist_5E15205F180442Cc6C3C0F03E1A33D9F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L2194-L2210" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L2194-L2210" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "1ca238b5da4ff9940425c99f55542c931ccdf0ea3b0a2acbf00ffbbb54171ae0" score = 75 quality = 90 @@ -31946,8 +31946,8 @@ rule REVERSINGLABS_Cert_Blocklist_4C8E3B1613F73542F7106F272094Eb23 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L2212-L2228" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L2212-L2228" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "15c21b783409d904a0b4971dbdcbd0740083d13f3c633ee77c87df46d3aca748" score = 75 quality = 90 @@ -31971,8 +31971,8 @@ rule REVERSINGLABS_Cert_Blocklist_2Ce2Bd0Ad3Cfde9Ea73Eec7Ca30400Da : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L2230-L2246" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L2230-L2246" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "a879ecd957acd29e8a5bad6c97cd10453ab857949680b522735bd77eb561d2ee" score = 75 quality = 90 @@ -31996,8 +31996,8 @@ rule REVERSINGLABS_Cert_Blocklist_0Fbc30Db127A536C34D7A0Fa81B48193 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L2248-L2264" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L2248-L2264" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "6b109b5636aa297a6e07f9d9213f7f07a7767b58442d03dc2f34f8a9b3eaba2b" score = 75 quality = 90 @@ -32021,8 +32021,8 @@ rule REVERSINGLABS_Cert_Blocklist_08448Bd6Ee9105Ae31228Ea5Fe496F63 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L2266-L2282" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L2266-L2282" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "9bc044b4fdf381274a2c31bc997dcdfd553595d92de7b33dc472353a00011711" score = 75 quality = 90 @@ -32046,8 +32046,8 @@ rule REVERSINGLABS_Cert_Blocklist_02F17566Ef568Dc06C9A379Ea2F4Faea : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L2284-L2300" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L2284-L2300" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "e3ec8a6de817354862880301e78a999f45f02c2fa8512bba6d27c9776f1a3417" score = 75 quality = 90 @@ -32071,8 +32071,8 @@ rule REVERSINGLABS_Cert_Blocklist_7D824Ba1F7F730319C50D64C9A7Ed507 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L2302-L2318" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L2302-L2318" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "407611603974c910d9a6a0ed71ecdf54ddcc59abb0f48c60846e61d6d4191933" score = 75 quality = 90 @@ -32096,8 +32096,8 @@ rule REVERSINGLABS_Cert_Blocklist_77A64759F12766E363D779998C71Bdc9 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L2320-L2336" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L2320-L2336" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "2bf3d99ddec6b76da1ca60a9285767a5b34b84455db58195fc5d8fd8a22c9f8a" score = 75 quality = 90 @@ -32121,8 +32121,8 @@ rule REVERSINGLABS_Cert_Blocklist_0B0D17Ec1449B4B2D38Fcb0F20Fbcd3A : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L2338-L2354" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L2338-L2354" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "3121f2c49d0d4c396023924521f2c980045b6f07d082e49447429e9cd640e0ef" score = 75 quality = 90 @@ -32146,8 +32146,8 @@ rule REVERSINGLABS_Cert_Blocklist_Fe9404Dc73Cf1C2Ba1450B8398305557 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L2356-L2374" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L2356-L2374" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "c0132d71de1384f6e534dd154eba88c4a51c43b7dfe984f3064ba4feffa4dd5a" score = 75 quality = 90 @@ -32171,8 +32171,8 @@ rule REVERSINGLABS_Cert_Blocklist_1Cb2D523A6Bf7A066642C578De1C9Be4 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L2376-L2392" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L2376-L2392" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "5a786b9ade5a59b8a1e0bbef1eb3dcb65404dcee19d572dc60f9ec9f45e4755b" score = 75 quality = 90 @@ -32196,8 +32196,8 @@ rule REVERSINGLABS_Cert_Blocklist_3A6Ccabb1C62F3Be3Eb03869Fa43Dc4A : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L2394-L2410" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L2394-L2410" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "ccb603c8a5f4fb63876e78d763f80a97098c23aa10673c7b04a48026268f57d3" score = 75 quality = 90 @@ -32221,8 +32221,8 @@ rule REVERSINGLABS_Cert_Blocklist_864196F01971Dbec7002B48642A7013A : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L2412-L2430" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L2412-L2430" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "a3173bb08e673caaa64ab22854840a135e891044b165bbc67733c951ec6aa991" score = 75 quality = 90 @@ -32246,8 +32246,8 @@ rule REVERSINGLABS_Cert_Blocklist_4Fda1E121B61Adeca936A6Aebe079303 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L2432-L2448" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L2432-L2448" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "70a04c83e79c98024bacf1688bb46d80c9b8491e25dd32d6d92bf3cf61c62e48" score = 75 quality = 90 @@ -32271,8 +32271,8 @@ rule REVERSINGLABS_Cert_Blocklist_03866Deb183Abfbf4Ff458D4De7Bd73A : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L2450-L2466" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L2450-L2466" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "90d09d0d2d01500e0670277d0e8de574feecf7443cf4d077912b1166a9c14c43" score = 75 quality = 90 @@ -32296,8 +32296,8 @@ rule REVERSINGLABS_Cert_Blocklist_1Be41B34127Ca9E6270830D2070Db426 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L2468-L2484" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L2468-L2484" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "b66c4b9264be70d53838442a3112c4bacbdf2dda90840d71c3eb949e630b3f17" score = 75 quality = 90 @@ -32321,8 +32321,8 @@ rule REVERSINGLABS_Cert_Blocklist_9B108B8A1Daa0D5581F59Fcee0447901 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L2486-L2504" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L2486-L2504" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "696e3da511f74f9cfb10b96130a36ae9f48c22f1e0deb76092db1262980ab3ac" score = 75 quality = 90 @@ -32346,8 +32346,8 @@ rule REVERSINGLABS_Cert_Blocklist_5F8203C430Fc7Db4E61F6684F6829Ffc : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L2506-L2522" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L2506-L2522" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "cd22d1beea12d1f6c50f69e76074c2582ce5567887056c43d4d6c87d33fce1bf" score = 75 quality = 90 @@ -32371,8 +32371,8 @@ rule REVERSINGLABS_Cert_Blocklist_6B6Daef5Be29F20Ddce4B0F5E9Fa6Ea5 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L2524-L2540" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L2524-L2540" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "edd2f302d2fac65f6a93372a24c3f80757f2b175af661032917366e9629c5491" score = 75 quality = 90 @@ -32396,8 +32396,8 @@ rule REVERSINGLABS_Cert_Blocklist_57D6Dff1Ef96F01B9430666B2733Cc87 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L2542-L2558" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L2542-L2558" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "40d22137e9c5345859c5f000166da2a3117bcfcc19b4c5e81083cad80dfa6ee4" score = 75 quality = 90 @@ -32421,8 +32421,8 @@ rule REVERSINGLABS_Cert_Blocklist_0166B65038D61E5435B48204Cae4795A : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L2560-L2576" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L2560-L2576" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "4e289eda4d5381250bcd6e36daade6f1e1803b6d16578d7eaee4454cef6981d0" score = 75 quality = 90 @@ -32446,8 +32446,8 @@ rule REVERSINGLABS_Cert_Blocklist_784F226B45C3Bd8E4089243D747D1F59 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L2578-L2594" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L2578-L2594" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "df8ca35a07ec6815d1efb68fa6fbf8f80c57032ecb99d0b038da0604ceffe8cf" score = 75 quality = 90 @@ -32471,8 +32471,8 @@ rule REVERSINGLABS_Cert_Blocklist_11690F05604445Fae0De539Eeeeec584 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L2596-L2612" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L2596-L2612" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "b66257f562f698559910eb9576f8fdf0ce3a750cc0a96a27e2ec1a18872ad13f" score = 75 quality = 90 @@ -32496,8 +32496,8 @@ rule REVERSINGLABS_Cert_Blocklist_Aa146Bff4B832Bdbfe30B84580356763 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L2614-L2632" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L2614-L2632" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "37abe7a4fd773fd34f5d7dbe725ba4edcfb8ebb501dc41f386b8b0629161051f" score = 75 quality = 90 @@ -32521,8 +32521,8 @@ rule REVERSINGLABS_Cert_Blocklist_E86F46B60142092Aae81B8F6Fa3D9C7C : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L2634-L2652" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L2634-L2652" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "6de16a44bc84fbf8f1d3d82526e1d7f8fd4ae3da6deaa471c77d2c8df47a14b0" score = 75 quality = 90 @@ -32546,8 +32546,8 @@ rule REVERSINGLABS_Cert_Blocklist_1A0Fd2A4Ef4C2A36Ab9C5E8F792A35E2 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L2654-L2670" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L2654-L2670" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "8e768415998a6a92961986cb0a9d310514d928be93b3e5a9aaa9ec71bf5886ad" score = 75 quality = 90 @@ -32571,8 +32571,8 @@ rule REVERSINGLABS_Cert_Blocklist_53Bb753B79A99E61A6E822Ac52460C70 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L2672-L2688" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L2672-L2688" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "24ff4f46fa6e85c25e130459f9b8d6907cf6cd51098e0cf45ec11d54d7de509b" score = 75 quality = 90 @@ -32596,8 +32596,8 @@ rule REVERSINGLABS_Cert_Blocklist_83F68Fc6834Bf8Bd2C801A2D1F1Acc76 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L2690-L2708" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L2690-L2708" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "35552242f9f0a56b45e30e6f376877446f33e24690ff5d7b03dc776fab178afd" score = 75 quality = 90 @@ -32621,8 +32621,8 @@ rule REVERSINGLABS_Cert_Blocklist_F385E765Acfb95605C9B35Ca4C32F80E : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L2710-L2728" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L2710-L2728" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "c73c8f1913d3423a52f5e77751813460ae9200eb3cb1cc6e2ec30f37f0da8152" score = 75 quality = 90 @@ -32646,8 +32646,8 @@ rule REVERSINGLABS_Cert_Blocklist_F62C9C4Efc81Caf0D5A2608009D48018 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L2730-L2748" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L2730-L2748" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "08fcff795297c0608b1a1d71465279cbf76d4dff06de2a2262a58debbb2f9e0d" score = 75 quality = 90 @@ -32671,8 +32671,8 @@ rule REVERSINGLABS_Cert_Blocklist_Cc8D902Da36587C9B2113Cd76C3C3F8D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L2750-L2768" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L2750-L2768" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "25e524d23ccc1c06f602a086369ffd44b8c97b76c29f068764081339556b3465" score = 75 quality = 90 @@ -32696,8 +32696,8 @@ rule REVERSINGLABS_Cert_Blocklist_328Bdcc0F679C4649147Fbb3Eb0E9Bc6 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L2770-L2786" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L2770-L2786" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "6d9e1f25ca252ca9dda7714c52a2e57fd3b5dca08cd2a45c9dec18a31d3bb342" score = 75 quality = 90 @@ -32721,8 +32721,8 @@ rule REVERSINGLABS_Cert_Blocklist_5F78149Eb4F75Eb17404A8143Aaeaed7 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L2788-L2804" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L2788-L2804" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "0c7c9e8d2a9304e0407b8a1a29977312a9ba766a4052c6b874855fa187c85585" score = 75 quality = 90 @@ -32746,8 +32746,8 @@ rule REVERSINGLABS_Cert_Blocklist_629D120Dd84F9C1688D4Da40366Fab7A : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L2806-L2822" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L2806-L2822" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "187f6ef0de869500526d1b0d5c6f6762b0a939e06781e633a602834687c64023" score = 75 quality = 90 @@ -32771,8 +32771,8 @@ rule REVERSINGLABS_Cert_Blocklist_039E5D0E3297F574Db99E1D9503853D9 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L2824-L2840" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L2824-L2840" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "2f150f60b7dce583fc68705f0b29a7c8684f1b69020275b2ec1ac6beeaa63952" score = 75 quality = 90 @@ -32796,8 +32796,8 @@ rule REVERSINGLABS_Cert_Blocklist_Bc32Bbe5Bbb4F06F490C50651Cd5Da50 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L2842-L2860" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L2842-L2860" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "104be481b7d4b1cb3c43c72314afc3641983838b5177c34a88d6da0d0e7b89c9" score = 75 quality = 90 @@ -32821,8 +32821,8 @@ rule REVERSINGLABS_Cert_Blocklist_3E1656Dfcaacfed7C2D2564355698Aa3 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L2862-L2878" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L2862-L2878" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "ba7cca8d71f571644cabd3d491cddefffd05ca7a838f262a343a01e4a09bb72a" score = 75 quality = 90 @@ -32846,8 +32846,8 @@ rule REVERSINGLABS_Cert_Blocklist_4Bf1D68E926E2Dd8966008C44F95Ea1C : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L2880-L2896" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L2880-L2896" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "44b5aae8380e3590ebb6e2365e89b3827432e8330e5290dc8f8603a00bcf62f6" score = 75 quality = 90 @@ -32871,8 +32871,8 @@ rule REVERSINGLABS_Cert_Blocklist_149C12083C145E28155510Cfc19Db0Fe : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L2898-L2914" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L2898-L2914" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "f616fc470e223d65ac4c984394a38d566265ab37829ff566012de0a1527396c2" score = 75 quality = 90 @@ -32896,8 +32896,8 @@ rule REVERSINGLABS_Cert_Blocklist_77E0117E8B2B8Faa84Bed961019D5Ef8 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L2916-L2932" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L2916-L2932" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "bea94b9da8c176f22a66fe7a4545dcc3a38f727a75a0bc7920d9aece8e24b9b7" score = 75 quality = 90 @@ -32921,8 +32921,8 @@ rule REVERSINGLABS_Cert_Blocklist_4F3Feb4Baf377Aea90A463C5Dee63884 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L2934-L2950" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L2934-L2950" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "56c37e758db33aa40e9a2c1c5a4eb14c2c370f614e838d86bf20c64f79e2a746" score = 75 quality = 90 @@ -32946,8 +32946,8 @@ rule REVERSINGLABS_Cert_Blocklist_3D2580E89526F7852B570654Efd9A8Bf : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L2952-L2968" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L2952-L2968" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "0f46fcfc8ee06756646899450daa254d3e5261bdc5c2339f20d01971608fff7b" score = 75 quality = 90 @@ -32971,8 +32971,8 @@ rule REVERSINGLABS_Cert_Blocklist_0Fffe432A53Ff03B9223F88Be1B83D9D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L2970-L2986" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L2970-L2986" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "e7dbe6b95877f9473661ccf26fa6e5142147609adfe0a9bb8b493875325710af" score = 75 quality = 90 @@ -32996,8 +32996,8 @@ rule REVERSINGLABS_Cert_Blocklist_832E161Aea5206D815F973E5A1Feb3E7 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L2988-L3006" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L2988-L3006" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "da908de031c78aa012809988e44dea564d32b88b65a2010925c1af85d578a68a" score = 75 quality = 90 @@ -33021,8 +33021,8 @@ rule REVERSINGLABS_Cert_Blocklist_09Aecea45Bfd40Ce7D62D7D711916D7D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L3008-L3024" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L3008-L3024" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "d1c6bfb10a244ba866c8aabdff6055388afa8096fd4bd77bb21f781794333e9b" score = 75 quality = 90 @@ -33046,8 +33046,8 @@ rule REVERSINGLABS_Cert_Blocklist_4Ff4Eda5Fa641E70162713426401F438 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L3026-L3042" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L3026-L3042" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "58f5e163d9807520497ba55e42c048020f6b7653ed71f3954e7ffb490f4de0e4" score = 75 quality = 90 @@ -33071,8 +33071,8 @@ rule REVERSINGLABS_Cert_Blocklist_067Dffc5E3026Eb4C62971C98Ac8A900 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L3044-L3060" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L3044-L3060" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "2b7c4cded14afd8ba3feabb6debaa1317917b811b44e22aa8a0b3ea00d689141" score = 75 quality = 90 @@ -33096,8 +33096,8 @@ rule REVERSINGLABS_Cert_Blocklist_B1Da219688E51Fd0Bfac2C891D56Cbb8 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L3062-L3080" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L3062-L3080" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "03549214940a8689213bd2eb891da1c1991627c81c8b7f26860141c397409d46" score = 75 quality = 90 @@ -33121,8 +33121,8 @@ rule REVERSINGLABS_Cert_Blocklist_7289B0F9Bd641E3E352Dc3183F8De6Be : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L3082-L3098" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L3082-L3098" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "42b068e85b3aff5e6dd5ec4979f546dc5338ebf8719d86c0641ffb8353959af9" score = 75 quality = 90 @@ -33146,8 +33146,8 @@ rule REVERSINGLABS_Cert_Blocklist_Fd7B7A8678A67181A54Bc7499Eba44Da : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L3100-L3118" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L3100-L3118" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "f1e26ea26890043be2c8b9c35ba2e6758b60fe173f00bf4c77cc5289ce0d5600" score = 75 quality = 90 @@ -33171,8 +33171,8 @@ rule REVERSINGLABS_Cert_Blocklist_Ebbdd6Cdeda40Ca64513280Ecd625C54 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L3120-L3138" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L3120-L3138" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "1d419f2fe2a9bf744bdde48adc50e0bc48746f1576f96570385a2a1c9ba92d21" score = 75 quality = 90 @@ -33196,8 +33196,8 @@ rule REVERSINGLABS_Cert_Blocklist_61Da676C1Dcfcf188276E2C70D68082E : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L3140-L3156" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L3140-L3156" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "4f8af4a5c9812e6559218e387e32bc02cb0adcd40d9d4963fefc929f6101ae9a" score = 75 quality = 90 @@ -33221,8 +33221,8 @@ rule REVERSINGLABS_Cert_Blocklist_767436921B2698Bd18400A24B01341B6 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L3158-L3174" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L3158-L3174" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "759bbbc5929463ad68d5dcd28b30401b9ff680f522172ed8d5d7dd3772e07587" score = 75 quality = 90 @@ -33246,8 +33246,8 @@ rule REVERSINGLABS_Cert_Blocklist_3E795531B3265510F935187Eca59920A : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L3176-L3192" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L3176-L3192" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "d597e88314f9f20283b40058dd74167d0d72f7518277a57f26c15e44b670b386" score = 75 quality = 90 @@ -33271,8 +33271,8 @@ rule REVERSINGLABS_Cert_Blocklist_8F40B1485309A064A28B96Bfa3F55F36 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L3194-L3212" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L3194-L3212" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "58dd47bfd2acd698bc27fb03eb51e4b8598ef6c71f7193e3cc4eea63982855f0" score = 75 quality = 90 @@ -33296,8 +33296,8 @@ rule REVERSINGLABS_Cert_Blocklist_B2120Facadbb92Cc0A176759604C6A0F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L3214-L3232" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L3214-L3232" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "08462b1bd3d45824aeea901a4db19365c28d8b8b0f594657df7a59250111729b" score = 75 quality = 90 @@ -33321,8 +33321,8 @@ rule REVERSINGLABS_Cert_Blocklist_4F407Eb50803845Cc43937823E1344C0 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L3234-L3250" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L3234-L3250" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "4d5a2b0619be902d8a437f204ae1b87222c73d3186930809b1f694bad429aea8" score = 75 quality = 90 @@ -33346,8 +33346,8 @@ rule REVERSINGLABS_Cert_Blocklist_6922Bb5De88E4127E1Ac6969E6A199F5 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L3252-L3268" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L3252-L3268" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "39dbaa232ea9125934b3682d780e3821d12e771f2b844d027d99a432fe249d9f" score = 75 quality = 90 @@ -33371,8 +33371,8 @@ rule REVERSINGLABS_Cert_Blocklist_73065Efa163B7901Fa1Ccb0A54E80540 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L3270-L3286" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L3270-L3286" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "e420c37c04aa676c266a4c2c228063239815c173a83c39d426c5a674648f1934" score = 75 quality = 90 @@ -33396,8 +33396,8 @@ rule REVERSINGLABS_Cert_Blocklist_4842Afad00904Ed8C98811E652Ccb3B7 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L3288-L3304" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L3288-L3304" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "2b5c7c13369c7b89f1ea5474de3644a12bf6412cb3fa8ade5b66de280fb10cbf" score = 75 quality = 90 @@ -33421,8 +33421,8 @@ rule REVERSINGLABS_Cert_Blocklist_5A59A686B4A904D0Fca07153Ea6Db6Cc : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L3306-L3322" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L3306-L3322" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "7597b2ba870ec58ac0786a97fb92956406fe019c81f6176cc1a581988d3a9632" score = 75 quality = 90 @@ -33446,8 +33446,8 @@ rule REVERSINGLABS_Cert_Blocklist_0B6D8152F4A06Ba781C6677Eea5Ab74B : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L3324-L3340" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L3324-L3340" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "bd20cf8e4cab2117361dbe05ae2efe813e7f55667b1f3825cd893313d98dcb5f" score = 75 quality = 90 @@ -33471,8 +33471,8 @@ rule REVERSINGLABS_Cert_Blocklist_3Ad60Cea73E1Dd1A3E6C02D9B339C380 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L3342-L3358" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L3342-L3358" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "fb83cf25be19e7cccd2c8369c3a37a90af72cb2f76db3619b8311d2a851335a8" score = 75 quality = 90 @@ -33496,8 +33496,8 @@ rule REVERSINGLABS_Cert_Blocklist_7Df2Dfed47C6Fd6542131847Cffbc102 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L3360-L3376" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L3360-L3376" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "fc6adbfd45ff6ac465aecb3db862421f02170e977fc044017f3ddc306a9f7a37" score = 75 quality = 90 @@ -33521,8 +33521,8 @@ rule REVERSINGLABS_Cert_Blocklist_74Fedf0F8398060Fa8378C6D174465C8 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L3378-L3394" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L3378-L3394" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "406821c7990f05fdad91704f6418304f53dd4800bc4b41912177a1695858fade" score = 75 quality = 90 @@ -33546,8 +33546,8 @@ rule REVERSINGLABS_Cert_Blocklist_3Bd6A5Bba28E7C1Ca44880159Dace237 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L3396-L3412" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L3396-L3412" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "f885c782148947d09133a3cc65319e02204c21d6c6d911b360840f25f37601dc" score = 75 quality = 90 @@ -33571,8 +33571,8 @@ rule REVERSINGLABS_Cert_Blocklist_C04F8F1E00C69E96A51Bf14Aab1C6Ae0 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L3414-L3432" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L3414-L3432" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "c2b5ffa305b761b57dd91c0acea0d8f82bec6b7d3608be10a20ea63621f3f3e8" score = 75 quality = 90 @@ -33596,8 +33596,8 @@ rule REVERSINGLABS_Cert_Blocklist_23F537Ce13C6Cccdfd3F8Ce81Fb981Cb : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L3434-L3450" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L3434-L3450" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "d347bce3eddd0cac276a7504955f0342ae44fd93d238e514af5b1fdc208b68fc" score = 75 quality = 90 @@ -33621,8 +33621,8 @@ rule REVERSINGLABS_Cert_Blocklist_73Ecfdbb99Aec176Ddfcf7958D120E1A : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L3452-L3468" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L3452-L3468" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "d911156707cef97acf79c096b5d4a4db166ddf05237168f1ecffb0c0a2ebd8fa" score = 75 quality = 90 @@ -33646,8 +33646,8 @@ rule REVERSINGLABS_Cert_Blocklist_675129Bb174A5B05E330Cc09F8Bbd70A : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L3470-L3486" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L3470-L3486" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "d989ea5233e8a64bffa0e29645c3458ef1f5173158ced7814c3b473b92ef49f4" score = 75 quality = 90 @@ -33671,8 +33671,8 @@ rule REVERSINGLABS_Cert_Blocklist_De13Fe2Dbb8F890287E1780Aff6Ffd22 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L3488-L3504" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L3488-L3504" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "ebd983bcfa1e5d54af9d9e07d80d05f4752040eab92e63cd986db789fa07026f" score = 75 quality = 90 @@ -33696,8 +33696,8 @@ rule REVERSINGLABS_Cert_Blocklist_Da000D18949C247D4Ddfc2585Cc8Bd0F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L3506-L3524" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L3506-L3524" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "3453f13e633a2c233f78d0389c655bb5304e567407b3e0c5c47e5e7127c345ca" score = 75 quality = 90 @@ -33721,8 +33721,8 @@ rule REVERSINGLABS_Cert_Blocklist_06E842D3Ea6249D783D6B55E29C060C7 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L3526-L3542" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L3526-L3542" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "9f71de0119527c8580f9e47e3fba07242814c5a537d727d4541fd7a802b0cb86" score = 75 quality = 90 @@ -33746,8 +33746,8 @@ rule REVERSINGLABS_Cert_Blocklist_06473C3C19D9E1A9429B58B6Faec2967 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L3544-L3560" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L3544-L3560" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "f9ca49ce65d213dce803806956c0ce1da0c4068bea173daae9cb06dab0a86268" score = 75 quality = 90 @@ -33771,8 +33771,8 @@ rule REVERSINGLABS_Cert_Blocklist_39F56251Df2088223Cc03494084E6081 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L3562-L3578" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L3562-L3578" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "c87850f91758a5bb3bdf6f6d7de9a3f53077d64cebdde541ac0742d3cea4f4e0" score = 75 quality = 90 @@ -33796,8 +33796,8 @@ rule REVERSINGLABS_Cert_Blocklist_1362E56D34Dc7B501E17Fa1Ac3C3E3D9 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L3580-L3596" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L3580-L3596" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "0415c5a49076bab23dfc29ef2d6168b93d6bfde07a89ccb0368d2c967422407a" score = 75 quality = 90 @@ -33821,8 +33821,8 @@ rule REVERSINGLABS_Cert_Blocklist_4B83593Fc78D92Cfaa9Bdf3F97383964 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L3598-L3614" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L3598-L3614" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "775e41fc102cbaeb9374984380b0e073de2a0075b9a200f8ab644bd1369ba015" score = 75 quality = 90 @@ -33846,8 +33846,8 @@ rule REVERSINGLABS_Cert_Blocklist_C7505E7464E00Ec1Dccd8D1B466D15Ff : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L3616-L3634" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L3616-L3634" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "7c5c84cb9071eff6a1bd7062506b807466bb4a432d1ed073961898c6c08cc4bd" score = 75 quality = 90 @@ -33871,8 +33871,8 @@ rule REVERSINGLABS_Cert_Blocklist_Cbf91988Fb83511De1B3A7A520712E9C : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L3636-L3654" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L3636-L3654" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "5862a8ec43d2e545f36b815ada2bb31c4384a8161c6956a31f3bd517532923fd" score = 75 quality = 90 @@ -33896,8 +33896,8 @@ rule REVERSINGLABS_Cert_Blocklist_Ce3675Ae4Abfe688870Bcacb63060F4F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L3656-L3674" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L3656-L3674" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "0c6f2ef55bef283a3f915fd8c1ced27c3c665f7f490caeea0f180c2d7fa2b2b5" score = 75 quality = 90 @@ -33921,8 +33921,8 @@ rule REVERSINGLABS_Cert_Blocklist_9813229Efe0046D23542Cc7569D5A403 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L3676-L3694" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L3676-L3694" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "0d8f0df83572b8d31f29cb76f44d524fd1ae0467d2d99af959e45694524d18e8" score = 75 quality = 90 @@ -33946,8 +33946,8 @@ rule REVERSINGLABS_Cert_Blocklist_86E5A9B9E89E5075C475006D0Ca03832 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L3696-L3714" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L3696-L3714" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "5ba0b0f1b104eb11023590b8ef2b9cc747372bc9310a754694d45d3b3ce293e9" score = 75 quality = 90 @@ -33971,8 +33971,8 @@ rule REVERSINGLABS_Cert_Blocklist_075Dca9Ca84B93E8A89B775128F90302 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L3716-L3732" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L3716-L3732" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "32af21e71fb3475c50de4cd8a24fa0aec1ee67bc01c1a3720c12f9ce822833c3" score = 75 quality = 90 @@ -33996,8 +33996,8 @@ rule REVERSINGLABS_Cert_Blocklist_0Ddce8Cdc91B5B649Bb4B45Ffbba6C6C : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L3734-L3750" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L3734-L3750" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "622e6ed08ca26908539519f37cf493f8030100bd5e88cb05e851b7d56b0f4c0d" score = 75 quality = 90 @@ -34021,8 +34021,8 @@ rule REVERSINGLABS_Cert_Blocklist_9Bd614D5869Bb66C96B67E154D517384 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L3752-L3770" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L3752-L3770" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "d9eea38a1340797cef129b12cf2bb46c444e6f312db7356260f0ac0d9e63183d" score = 75 quality = 90 @@ -34046,8 +34046,8 @@ rule REVERSINGLABS_Cert_Blocklist_540Cea639D5D48669B7F2F64 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L3772-L3788" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L3772-L3788" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "3d3774f10ff9949ea13a7892662438b84b3eb895fc986092649fa9b192170d48" score = 75 quality = 90 @@ -34071,8 +34071,8 @@ rule REVERSINGLABS_Cert_Blocklist_03A7748A4355020A652466B5E02E07De : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L3790-L3806" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L3790-L3806" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "6dc6d0fd2b702939847981ff31c2d8103227ccd0c19f999849ff89c64a90f92f" score = 75 quality = 90 @@ -34096,8 +34096,8 @@ rule REVERSINGLABS_Cert_Blocklist_B881A72D4117Bbc38B81D3C65C792C1A : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L3808-L3826" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L3808-L3826" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "bad2a06090f077ebc635d21446b47c9f115fe477567afb3d5994043f5a7883b1" score = 75 quality = 90 @@ -34121,8 +34121,8 @@ rule REVERSINGLABS_Cert_Blocklist_08653Ef2Ed9E6Ebb56Ffa7E93F963235 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L3828-L3844" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L3828-L3844" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "5ae8d2fb03cd0f945c2f5eb86de4e5da4fbb1cdf233d8a808157304538ced872" score = 75 quality = 90 @@ -34146,8 +34146,8 @@ rule REVERSINGLABS_Cert_Blocklist_9C4816D900A6Ecdbe54Adf72B19Ebcf5 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L3846-L3864" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L3846-L3864" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "92e8130f444417d5bc3788721280338bbed33e3362104de0cf27bc7c1fc30d0e" score = 75 quality = 90 @@ -34171,8 +34171,8 @@ rule REVERSINGLABS_Cert_Blocklist_269174F9Fe7C6Ed4E1D19B26C3F5B35F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L3866-L3882" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L3866-L3882" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "95c9720d6311c2fe7026b6cac092d59967479e6c9382eac1d26f7745efa92860" score = 75 quality = 90 @@ -34196,8 +34196,8 @@ rule REVERSINGLABS_Cert_Blocklist_523Fb4036368Dc26192D68827F2D889B : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L3884-L3900" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L3884-L3900" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "f1886a046305637d335c493972560de56d8186bf99183aed5e2040b2e530fc22" score = 75 quality = 90 @@ -34221,8 +34221,8 @@ rule REVERSINGLABS_Cert_Blocklist_84F842F6D33Cd2F25B88Dd1710E21137 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L3902-L3920" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L3902-L3920" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "5aad8e95d1306626b63d767fce4706104330dd776b75c09cc404227863564307" score = 75 quality = 90 @@ -34246,8 +34246,8 @@ rule REVERSINGLABS_Cert_Blocklist_4Fbcaa289Ba925B4E247809B6B028202 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L3922-L3938" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L3922-L3938" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "c41a4f9ccda54b9735313edf9042b831e6eaca149c089f74a823cee6719e1064" score = 75 quality = 90 @@ -34271,8 +34271,8 @@ rule REVERSINGLABS_Cert_Blocklist_1F2E8Effbb08C7Dbcc7A7F2D835457B5 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L3940-L3956" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L3940-L3956" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "0b446641617d435c3d312592957e19c3d391b0149eafcf9ac2da51e8d9080eb4" score = 75 quality = 90 @@ -34296,8 +34296,8 @@ rule REVERSINGLABS_Cert_Blocklist_Aeba4C39306Fdd022849867801645814 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L3958-L3976" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L3958-L3976" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "82c149f1d8ef93a0df2035690c5cdca935236687bc36a35a84c3d6610eb6902c" score = 75 quality = 90 @@ -34321,8 +34321,8 @@ rule REVERSINGLABS_Cert_Blocklist_028D50Ae0C554B49148E82Db5B1C2699 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L3978-L3994" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L3978-L3994" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "e3cc0066cad56d78a3f42e092befa3b0855b2ed33c8465c5ecbb19fec082d35e" score = 75 quality = 90 @@ -34346,8 +34346,8 @@ rule REVERSINGLABS_Cert_Blocklist_684F478C7259Dde0Cfe2260112Ca9846 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L3996-L4012" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L3996-L4012" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "59654ba1df27029a04ef3b1a1bb54f6c15b727f2013923a11a729752b8829743" score = 75 quality = 90 @@ -34371,8 +34371,8 @@ rule REVERSINGLABS_Cert_Blocklist_0B7C32208A954A483Dd102E1Be094867 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L4014-L4030" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L4014-L4030" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "49e2208a7d2b5684283c1dfc9856f864d16b50f951f58e0252c97419819a46ec" score = 75 quality = 90 @@ -34396,8 +34396,8 @@ rule REVERSINGLABS_Cert_Blocklist_3E72Daf2B9A4449E946009E5084A8E76 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L4032-L4048" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L4032-L4048" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "f1a7bf6c18e0ebf8aef53feb7d7789ce87c96e00962c64e07a37d968702d2fa5" score = 75 quality = 90 @@ -34421,8 +34421,8 @@ rule REVERSINGLABS_Cert_Blocklist_11Edd343E21C36Ac985555D85C16135F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L4050-L4066" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L4050-L4066" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "17feeed4be074a30572eb12fc81dc15d1b06f2d3f7b4b4fb4443391c62ac4d9b" score = 75 quality = 90 @@ -34446,8 +34446,8 @@ rule REVERSINGLABS_Cert_Blocklist_093Fe63D1A5F68F14Ecaac871A03F7A3 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L4068-L4084" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L4068-L4084" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "333c58a9af2d94604b637ab0a7280b6688a89ff73e30a93a8daed040fab7f620" score = 75 quality = 90 @@ -34471,8 +34471,8 @@ rule REVERSINGLABS_Cert_Blocklist_Bb26B7B6634D5Db548C437B5085B01C1 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L4086-L4104" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L4086-L4104" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "58d574b196f84416eb04000205cd8f4817618003f2948bb0eb7d951c282ef6ff" score = 75 quality = 90 @@ -34496,8 +34496,8 @@ rule REVERSINGLABS_Cert_Blocklist_29128A56E7B3Bfb230742591Ac8B4718 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L4106-L4122" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L4106-L4122" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "5a89fec015e56ddddaed75be91a87288dcd27841937d26e3416187913c4f0b85" score = 75 quality = 90 @@ -34521,8 +34521,8 @@ rule REVERSINGLABS_Cert_Blocklist_7Bfbfdfef43608730Ee14779Ee3Ee2Cb : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L4124-L4140" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L4124-L4140" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "f8f233b78e9d3558b0cd7978e3c5fa32645a3bb706c6fdec7f1e4195cf513f10" score = 75 quality = 90 @@ -34546,8 +34546,8 @@ rule REVERSINGLABS_Cert_Blocklist_62205361A758B00572D417Cba014F007 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L4142-L4158" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L4142-L4158" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "ebf28921c81191bcf6130baf6532122bb320cc916e38ab225f0acdcb57ea00f3" score = 75 quality = 90 @@ -34571,8 +34571,8 @@ rule REVERSINGLABS_Cert_Blocklist_4B47D18Dbea57Abd1563Ddf89F87A6C2 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L4160-L4176" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L4160-L4176" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "2e464f4e9bfe0c9510a78552acffb241d2435ea9bf3f5f2501353d7f8f280d78" score = 75 quality = 90 @@ -34596,8 +34596,8 @@ rule REVERSINGLABS_Cert_Blocklist_Be41E2C7Bb2493044B9241Abb732599D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L4178-L4196" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L4178-L4196" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "eb5d94b80fd030d14dc26878895c61761825f3c77209ca0280e88dcd1800f9c2" score = 75 quality = 90 @@ -34621,8 +34621,8 @@ rule REVERSINGLABS_Cert_Blocklist_15C5Af15Afecf1C900Cbab0Ca9165629 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L4198-L4214" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L4198-L4214" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "5c54f32dbac271b2b60ec40bd052b5566a512cd2bcb4255057b21262806882d2" score = 75 quality = 90 @@ -34646,8 +34646,8 @@ rule REVERSINGLABS_Cert_Blocklist_476De2F108D20B43Ba3Bae6F331Af8F1 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L4216-L4232" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L4216-L4232" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "e5edf3e15b2139ba6cd85f2cfea63b53f7fa36a3fd7224a4a9ccbe5de6eb6f1d" score = 75 quality = 90 @@ -34671,8 +34671,8 @@ rule REVERSINGLABS_Cert_Blocklist_08Ddcc67F8Cad6929607E4Cda29B3503 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L4234-L4250" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L4234-L4250" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "4cd975312ca825b51f34f5c89184a56526877436224c1e7407d715b28ebfd9d5" score = 75 quality = 90 @@ -34696,8 +34696,8 @@ rule REVERSINGLABS_Cert_Blocklist_052242Ace583Adf2A3B96Adcb04D0812 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L4252-L4268" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L4252-L4268" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "e1593a2bf375912e411d5f19d9e232c6b87f0897bb6f1c0b0539380b34b05af5" score = 75 quality = 90 @@ -34721,8 +34721,8 @@ rule REVERSINGLABS_Cert_Blocklist_Bebef5C533Ce92Efc402Fab8605C43Ec : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L4270-L4288" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L4270-L4288" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "daa57ad622799467c60693060e6c9eea18bdf0bb26f178e8b03453aab486ccf4" score = 75 quality = 90 @@ -34746,8 +34746,8 @@ rule REVERSINGLABS_Cert_Blocklist_1D3F39F481Fe067F8A9289Bb49E05A04 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L4290-L4306" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L4290-L4306" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "2fdf8b59d302d2ce81a1e9a5715138adc1ec45bd86871c4c2e46412407e329f9" score = 75 quality = 90 @@ -34771,8 +34771,8 @@ rule REVERSINGLABS_Cert_Blocklist_7Be35D025E65Cc7A4Ee01F72 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L4308-L4324" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L4308-L4324" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "dad7ab834a67d36c0b63e45922aea566dc0aaf922be2b74161616b3caea83fdc" score = 75 quality = 90 @@ -34796,8 +34796,8 @@ rule REVERSINGLABS_Cert_Blocklist_351Fe2Efdc0Ac56A0C822Cf8 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L4326-L4342" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L4326-L4342" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "46b87c3531e01ba150f056ec3270564426363ef8c58256eeedbcab247c7625e4" score = 75 quality = 90 @@ -34821,8 +34821,8 @@ rule REVERSINGLABS_Cert_Blocklist_9Cfbb4C69008821Aaacecde97Ee149Ab : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L4344-L4362" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L4344-L4362" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "d74b13eeb5d0a57c5dd3257480230c504a68a8422e77a46bb2e101abb2c7f282" score = 75 quality = 90 @@ -34846,8 +34846,8 @@ rule REVERSINGLABS_Cert_Blocklist_C04F5D17Af872Cb2C37E3367Fe761D0D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L4364-L4382" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L4364-L4382" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "4a4d60aa3722a710fe23d5e11c55a28bfe721bb4e797b041d58f62a994487799" score = 75 quality = 90 @@ -34871,8 +34871,8 @@ rule REVERSINGLABS_Cert_Blocklist_02C5351936Abe405Ac760228A40387E8 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L4384-L4400" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L4384-L4400" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "5a990f8d1a3f467cdafa0f625bc162745d9201e15ce43fdc93cd6b1730572e89" score = 75 quality = 90 @@ -34896,8 +34896,8 @@ rule REVERSINGLABS_Cert_Blocklist_1Ecd829Adcc55D9D6Afe30Dc371Ebda6 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L4402-L4420" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L4402-L4420" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "02955f4df7deccab52cdd82fd04d5012db7440f85c87d750fa9f81ff85e2dab0" score = 75 quality = 90 @@ -34921,8 +34921,8 @@ rule REVERSINGLABS_Cert_Blocklist_B0167124Ca59149E64D292Eb4B142014 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L4422-L4440" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L4422-L4440" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "10d980d4a71dab4679376f5a6d6a6999e0b59af4f25587a7b8d1ef52a7808cc9" score = 75 quality = 90 @@ -34946,8 +34946,8 @@ rule REVERSINGLABS_Cert_Blocklist_112613B7B5F696Cf377680F6463Fcc8C : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L4442-L4458" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L4442-L4458" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "50fd35617e059a5fe9d9e0fdb4b880c20e406357bbb2d037f9e6e9db47b8e49f" score = 75 quality = 90 @@ -34971,8 +34971,8 @@ rule REVERSINGLABS_Cert_Blocklist_B3F906E5E6B2Cf61C5E51Be79B4E8777 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L4460-L4478" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L4460-L4478" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "037e154854c1128fb73d2221c2b7d7211d977492378614fcf4fde959207e34b3" score = 75 quality = 90 @@ -34996,8 +34996,8 @@ rule REVERSINGLABS_Cert_Blocklist_566Ac16A57B132D3F64Dced14De790Ee : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L4480-L4496" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L4480-L4496" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "48f4d334614f6c413907d51f4d6312554b13c4f5a3c03070ceba48baa13a8247" score = 75 quality = 90 @@ -35021,8 +35021,8 @@ rule REVERSINGLABS_Cert_Blocklist_D2Caf7908Aaebfa1A8F3E2136Fece024 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L4498-L4516" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L4498-L4516" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "cf4d17274ef36d61e78578d34634bf6e5fb0fb857a9a92184916b0f3b8484568" score = 75 quality = 90 @@ -35046,8 +35046,8 @@ rule REVERSINGLABS_Cert_Blocklist_E04A344B397F752A45B128A594A3D6B5 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L4518-L4536" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L4518-L4536" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "0489577c6050f0c5d1dad5bda8c4f3c895902b932cd0324087712ccb83f14680" score = 75 quality = 90 @@ -35071,8 +35071,8 @@ rule REVERSINGLABS_Cert_Blocklist_3Bcaed3Ef678F2F9Bf38D09E149B8D70 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L4538-L4554" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L4538-L4554" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "dbf85cbd1d92823287749dac312f95576900753f60a694347b31b1e3aaa288a8" score = 75 quality = 90 @@ -35096,8 +35096,8 @@ rule REVERSINGLABS_Cert_Blocklist_56D576A062491Ea0A5877Ced418203A1 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L4556-L4572" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L4556-L4572" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "19bd6834b432f3dc8786b449241082b359275559a112a8ef4a51efe185b256dc" score = 75 quality = 90 @@ -35121,8 +35121,8 @@ rule REVERSINGLABS_Cert_Blocklist_0Fcba260Df7Da602Ecf4D4D6Fc89D5Dd : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L4574-L4590" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L4574-L4590" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "4e9a3e516342820248ebf9b3605b8ce2dbf1d9b4255a5b74f7369dd2f1cdd9d8" score = 75 quality = 90 @@ -35146,8 +35146,8 @@ rule REVERSINGLABS_Cert_Blocklist_4152169F22454Ed604D03555B7Afb175 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L4592-L4608" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L4592-L4608" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "fbb2124b934c270739f564317526d5b23b996364372426485d7c994a83293866" score = 75 quality = 90 @@ -35171,8 +35171,8 @@ rule REVERSINGLABS_Cert_Blocklist_01C88Ccbd219500139D1Af138A9E898E : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L4610-L4626" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L4610-L4626" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "d1acb0a7d6e20158797e77c066be42548cee9293fa94f24f936a95977ac16d91" score = 75 quality = 90 @@ -35196,8 +35196,8 @@ rule REVERSINGLABS_Cert_Blocklist_41D05676E0D31908Be4Dead3486Aeae3 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L4628-L4644" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L4628-L4644" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "c4905f02c74df6d05b3f9a6fe2c4f5f32a02bb10da4db929314be043be76d703" score = 75 quality = 90 @@ -35221,8 +35221,8 @@ rule REVERSINGLABS_Cert_Blocklist_8Cff807Edaf368A60E4106906D8Df319 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L4646-L4664" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L4646-L4664" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "6fc98519faf218d90bb4e01821e6014e009c0b525cfd3c906a64ef82bc20beda" score = 75 quality = 90 @@ -35246,8 +35246,8 @@ rule REVERSINGLABS_Cert_Blocklist_A3E62Be1572293Ad618F58A8Aa32857F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L4666-L4684" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L4666-L4684" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "f849898465bc651f19f6f1b54315c061466d8c5860ecf1a07f54c8c8292f6a95" score = 75 quality = 90 @@ -35271,8 +35271,8 @@ rule REVERSINGLABS_Cert_Blocklist_672D4428450Afcc24Fc60969A5063A3E : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L4686-L4702" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L4686-L4702" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "8f5927e96109184bad7de4513994fd1021fe1cc5977e60fa72d808df95cb4516" score = 75 quality = 90 @@ -35296,8 +35296,8 @@ rule REVERSINGLABS_Cert_Blocklist_Df479E14A70C7970A4De3Dd3E4Bb0318 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L4704-L4722" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L4704-L4722" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "35b1f04cf5d5d1d89db537bf75737e3af5945e594f4d4231e9ae3e7fba52fc0d" score = 75 quality = 90 @@ -35321,8 +35321,8 @@ rule REVERSINGLABS_Cert_Blocklist_2924785Fd7990B2D510675176Dae2Bed : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L4724-L4740" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L4724-L4740" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "e308ca5f24ed5811e947289caf9aa820a16b08ea183c7aa9826f8a726fb5c3cf" score = 75 quality = 90 @@ -35346,8 +35346,8 @@ rule REVERSINGLABS_Cert_Blocklist_F4D2Def53Bccb0Dd2B7D54E4853A2Fc5 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L4742-L4760" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L4742-L4760" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "9991f44b8e984bd79269c44999481258d94bec9c21b154b63c6c30ae52344b3c" score = 75 quality = 90 @@ -35371,8 +35371,8 @@ rule REVERSINGLABS_Cert_Blocklist_03Bf9Ef4Cf037A2385649026C3Da9D3E : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L4762-L4778" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L4762-L4778" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "14196bad586b1349e6e8a1eb5621ce0d8d346ff8021c8ef80804de1533fd40d9" score = 75 quality = 90 @@ -35396,8 +35396,8 @@ rule REVERSINGLABS_Cert_Blocklist_790177A54209D55560A55Db97C5900D6 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L4780-L4796" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L4780-L4796" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "07c8e21fe604b481beebae784eb49e32bebee70e749581a55313bfbc757752e2" score = 75 quality = 90 @@ -35421,8 +35421,8 @@ rule REVERSINGLABS_Cert_Blocklist_048F7B5F67D8E2B3030F75Eb7Be2713D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L4798-L4814" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L4798-L4814" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "6d1b47f3c9d7b90a5470f83a848adeebff2cf9341a1eb41ca8b45d08b469b17f" score = 75 quality = 90 @@ -35446,8 +35446,8 @@ rule REVERSINGLABS_Cert_Blocklist_082023879112289Bf351D297Cc8Efcfc : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L4816-L4832" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L4816-L4832" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "58bec160445765ce45a26bf9d96ba6cfe61eee31e0953009d40a7ec64920c677" score = 75 quality = 90 @@ -35471,8 +35471,8 @@ rule REVERSINGLABS_Cert_Blocklist_0D53690631Dd186C56Be9026Eb931Ae2 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L4834-L4850" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L4834-L4850" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "3d0a80c062800f935fa3837755e8a91245e01a4e2450a05fecab5564cb62c15c" score = 75 quality = 90 @@ -35496,8 +35496,8 @@ rule REVERSINGLABS_Cert_Blocklist_32119925A6Ce4710Aecc4006C28E749F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L4852-L4868" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L4852-L4868" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "ca812cdfbb7ca984fae1e16159eb0eeb1e65767fcc6aa07eeb84966853146f9d" score = 75 quality = 90 @@ -35521,8 +35521,8 @@ rule REVERSINGLABS_Cert_Blocklist_2C90Eaf4De3Afc03Ba924C719435C2A3 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L4870-L4888" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L4870-L4888" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "5bb78a5e39f9d023cf63edabdc83d4965fc79f6f04f9fea9bcf2a53223fbd4ca" score = 75 quality = 90 @@ -35546,8 +35546,8 @@ rule REVERSINGLABS_Cert_Blocklist_Aff762E907F0644E76Ed8A7485Fb12A1 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L4890-L4908" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L4890-L4908" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "ad05389e0eb30cb894b03842d213b8c956f66357a913c73d8d8b79f8336bf980" score = 75 quality = 90 @@ -35571,8 +35571,8 @@ rule REVERSINGLABS_Cert_Blocklist_D8530214Ca0F512946496B5164C61201 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L4910-L4928" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L4910-L4928" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "377962915586c9f5a5737c24b698c96efc2e819e52ee16109c405f9af2d57e7f" score = 75 quality = 90 @@ -35596,8 +35596,8 @@ rule REVERSINGLABS_Cert_Blocklist_661Ba8F3C9D1B348413484E9A49502F7 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L4930-L4948" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L4930-L4948" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "4840b311c1e2c0ae14bb2cf6fa8d96ab1a434ceac861db540697f3aed1a6833f" score = 75 quality = 90 @@ -35621,8 +35621,8 @@ rule REVERSINGLABS_Cert_Blocklist_51Aead5A9Ab2D841B449Fa82De3A8A00 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L4950-L4966" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L4950-L4966" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "e53095aab9d6c2745125e8cd933334ebc2e51a9725714d31a46baa74b8e42ed9" score = 75 quality = 90 @@ -35646,8 +35646,8 @@ rule REVERSINGLABS_Cert_Blocklist_03B630F9645531F8868Dae8Ac0F8Cfe6 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L4968-L4984" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L4968-L4984" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "6d2f4346760bf52a438c4c996e92a2641bebfd536248776383d7c8394e094e6a" score = 75 quality = 90 @@ -35671,8 +35671,8 @@ rule REVERSINGLABS_Cert_Blocklist_6F8373Cf89F1B49138F4328118487F9E : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L4986-L5002" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L4986-L5002" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "f926c2f73d47d463721a0cad48d9866192df55d71867941a40cba7e0b7725102" score = 75 quality = 90 @@ -35696,8 +35696,8 @@ rule REVERSINGLABS_Cert_Blocklist_E38259Cf24Cc702Ce441B683Ad578911 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L5004-L5022" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L5004-L5022" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "2428df14a18f4aed1a3db85c1fb43a847fae8a922c6dc948f3bc514dc4cae09c" score = 75 quality = 90 @@ -35721,8 +35721,8 @@ rule REVERSINGLABS_Cert_Blocklist_Bdc81Bc76090Dae0Eee2E1Eb744A4F9A : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L5024-L5042" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L5024-L5042" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "4fc3e57bedb6fb7c96e6a1ee2ad2aec3860716ac714d52ea58b86be4bbda4660" score = 75 quality = 90 @@ -35746,8 +35746,8 @@ rule REVERSINGLABS_Cert_Blocklist_B2E730B0526F36Faf7D093D48D6D9997 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L5044-L5062" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L5044-L5062" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "f74cc94428d7739abf6ee76f6cbd53aa47cea815a014de0d786fe53b15f66201" score = 75 quality = 90 @@ -35771,8 +35771,8 @@ rule REVERSINGLABS_Cert_Blocklist_7156Ec47Ef01Ab8359Ef4304E5Af1A05 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L5064-L5080" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L5064-L5080" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "7bb093287dd309ce12859eca9a9fc98095b3d52ec860626fe6e743bace262fde" score = 75 quality = 90 @@ -35796,8 +35796,8 @@ rule REVERSINGLABS_Cert_Blocklist_13794371C052Ec0559E9B492Abb25C26 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L5082-L5098" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L5082-L5098" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "7383d1fb1fa6e49f8fa9e1eecfe3fcedb8a11702fbd3700630a11b12da29fedf" score = 75 quality = 90 @@ -35821,8 +35821,8 @@ rule REVERSINGLABS_Cert_Blocklist_5C7E78F53C31D6Aa5B45De14B47Eb5C4 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L5100-L5116" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L5100-L5116" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "7521abc5c93f0336af4fab95268962aa3d3fb48fed6a8ba7fdb98e373158b327" score = 75 quality = 90 @@ -35846,8 +35846,8 @@ rule REVERSINGLABS_Cert_Blocklist_Dadf44E4046372313Ee97B8E394C4079 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L5118-L5136" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L5118-L5136" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "170533935b91776ec2413106c55ed4a01c33f32a469a855824cac796f2e132a0" score = 75 quality = 90 @@ -35871,8 +35871,8 @@ rule REVERSINGLABS_Cert_Blocklist_F8C2E08438Bb0E9Adc955E4B493E5821 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L5138-L5156" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L5138-L5156" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "5dbe554032c945c46ffd61ef1e0deb59d396a70dd63994bf44c65d849ec8220a" score = 75 quality = 90 @@ -35896,8 +35896,8 @@ rule REVERSINGLABS_Cert_Blocklist_70E1Ebd170Db8102D8C28E58392E5632 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L5158-L5174" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L5158-L5174" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "e1738eddc1da0876a373ee7f35bff155d56c1b98a23cb117c0e7a966f8fa3c92" score = 75 quality = 90 @@ -35921,8 +35921,8 @@ rule REVERSINGLABS_Cert_Blocklist_09C89De6F64A7Fdf657E69353C5Fdd44 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L5176-L5192" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L5176-L5192" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "1cb57cd68cda91754307d2e4d94ea011975bbfff0f15134081a5aa11870b0db1" score = 75 quality = 90 @@ -35946,8 +35946,8 @@ rule REVERSINGLABS_Cert_Blocklist_Ffff2Ce862378B26440Df49Ca9175B70 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L5194-L5212" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L5194-L5212" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "8ed7b0643b07ce4954f570157e1534ee1ed647717cce00fe7f2b572c9b5d0042" score = 75 quality = 90 @@ -35971,8 +35971,8 @@ rule REVERSINGLABS_Cert_Blocklist_3223B4616C2687C04865Bee8321726A8 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L5214-L5230" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L5214-L5230" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "fcb0a14866b3612c5ec5a7db7a3333e20a4605695b3d019eef84de85d7b3ea4d" score = 75 quality = 90 @@ -35996,8 +35996,8 @@ rule REVERSINGLABS_Cert_Blocklist_7709D2Df39E9A4F7Db2F3Cbc29B49743 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L5232-L5248" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L5232-L5248" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "c9ade45e0f9fb737a08ffa94d1fff89471a1cbcbacc139730fab88e382226d0b" score = 75 quality = 90 @@ -36021,8 +36021,8 @@ rule REVERSINGLABS_Cert_Blocklist_E29690E14518874D2Dcf00234Ae94F1F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L5250-L5268" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L5250-L5268" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "ef84815798b213dc49a142e3076cc6dd680dccabe72643fc86234024a46468f9" score = 75 quality = 90 @@ -36046,8 +36046,8 @@ rule REVERSINGLABS_Cert_Blocklist_Cfac705C7E6845904F99995324F7562C : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L5270-L5288" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L5270-L5288" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "68bcfe60c2e7154f427c20d0471ede99e55c8200149a4438d5a2a75982fcd419" score = 75 quality = 90 @@ -36071,8 +36071,8 @@ rule REVERSINGLABS_Cert_Blocklist_A7989F8Be0C82D35A19E7B3Dd4Be30E5 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L5290-L5308" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L5290-L5308" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "a50129908a471e6692bcf663abd5ef52861d4a46fdf528f39efe816ee6150edf" score = 75 quality = 90 @@ -36096,8 +36096,8 @@ rule REVERSINGLABS_Cert_Blocklist_0Fa13Ae98E17Ae23Fcfe7Ae873D0C120 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L5310-L5326" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L5310-L5326" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "415f39f82b6a45acd196ccf246ec660806a8d66c61df8c7d2850e5b244118d04" score = 75 quality = 90 @@ -36121,8 +36121,8 @@ rule REVERSINGLABS_Cert_Blocklist_3696883055975D571199C6B5D48F3Cd5 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L5328-L5344" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L5328-L5344" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "d6f77b9ca928167341a35b83e353886d4db8dfcecf45cde0f0f93d65059b5200" score = 75 quality = 90 @@ -36146,8 +36146,8 @@ rule REVERSINGLABS_Cert_Blocklist_Ee678930D5Bdfaa2Ab0172Fa4C10Ae07 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L5346-L5364" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L5346-L5364" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "f1e254450fdbe94172a4fa2d2727c3ade5ae436cf4c0c1153a15e9a2f64f2452" score = 75 quality = 90 @@ -36171,8 +36171,8 @@ rule REVERSINGLABS_Cert_Blocklist_D7C432E8D4Edef515Bfb9D1C214Ff0F5 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L5366-L5384" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L5366-L5384" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "63741513f3ab2f51ecd66dc973239c9dc194b86504fe26b2dd4a7f31299e5497" score = 75 quality = 90 @@ -36196,8 +36196,8 @@ rule REVERSINGLABS_Cert_Blocklist_5B440A47E8Ce3Dd202271E5C7A666C78 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L5386-L5402" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L5386-L5402" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "eb4387d58e391c356ed774d8c13bb4bbb2befed585bb44674459d3ef519aec58" score = 75 quality = 90 @@ -36221,8 +36221,8 @@ rule REVERSINGLABS_Cert_Blocklist_B82C6553B2186C219797621Aaa233Edb : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L5404-L5422" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L5404-L5422" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "72e3e1740a4adc4315d2dd9c9f7b8cee2d89c3006014dec663b70d3419f43ca3" score = 75 quality = 90 @@ -36246,8 +36246,8 @@ rule REVERSINGLABS_Cert_Blocklist_F360F7Ad0Ed065Fec0B44F98E04481A0 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L5424-L5442" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L5424-L5442" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "2a25f1121f492dec461e570ff56acb0e3957cdf9100002f2ff0b6c3d3b35fee5" score = 75 quality = 90 @@ -36271,8 +36271,8 @@ rule REVERSINGLABS_Cert_Blocklist_Fe41941464B9992A69B7317418Ae8Eb7 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L5444-L5462" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L5444-L5462" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "bd5131f2b44deec6a7a68577b80ef4d066c331da2976539ce52ac6cff8d5560e" score = 75 quality = 90 @@ -36296,8 +36296,8 @@ rule REVERSINGLABS_Cert_Blocklist_0C14B611A44A1Bae0E8C7581651845B6 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L5464-L5480" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L5464-L5480" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "7f6028181e33e4ba8264ee367169e7259e19ff49dcae9a337a4ba78c06b459e6" score = 75 quality = 90 @@ -36321,8 +36321,8 @@ rule REVERSINGLABS_Cert_Blocklist_690910Dc89D7857C3500Fb74Bed2B08D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L5482-L5498" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L5482-L5498" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "3c5da6238279296854eb95ecaed802f453e80c6bceb71c3fa587df0f7d40cf96" score = 75 quality = 90 @@ -36346,8 +36346,8 @@ rule REVERSINGLABS_Cert_Blocklist_Fd41E6Bd7428D3008C8A05F68C9Ac6F2 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L5500-L5518" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L5500-L5518" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "e387664dc9aa746e127b4efb2ef43675f8fb6df66e99d33ef765e8fa306a4f18" score = 75 quality = 90 @@ -36371,8 +36371,8 @@ rule REVERSINGLABS_Cert_Blocklist_C7079866C0E48B01246Ba0C148E70D4D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L5520-L5538" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L5520-L5538" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "cc144760e0ca21fd98b55ac222db540900def61f54e9644f8cab5f711ec7bf24" score = 75 quality = 90 @@ -36396,8 +36396,8 @@ rule REVERSINGLABS_Cert_Blocklist_D591Da22F33C800A7024Aecff2Cd6C6D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L5540-L5558" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L5540-L5558" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "30e421d5ea3c5693c5c9bd0e3dd997ceda9755d17e3fb16d2a8e6c4a327ae32f" score = 75 quality = 90 @@ -36421,8 +36421,8 @@ rule REVERSINGLABS_Cert_Blocklist_B36E0F2053Caee9C3B966F7Be0B40Fc3 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L5560-L5578" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L5560-L5578" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "2444c78aefdb9e8c8004598a318db016d7e781ede6da2ba3ee85316456c3e77b" score = 75 quality = 90 @@ -36446,8 +36446,8 @@ rule REVERSINGLABS_Cert_Blocklist_5B320A2F46C99C1Ba1357Bee : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L5580-L5596" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L5580-L5596" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "12797f80bce9d64c6c07e185aa309a0c4f910835745a7f2cc1874fb1211624d8" score = 75 quality = 90 @@ -36471,8 +36471,8 @@ rule REVERSINGLABS_Cert_Blocklist_08D4352185317271C1Cec9D05C279Af7 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L5598-L5614" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L5598-L5614" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "b240962ab23729b241413ed1e53ac6541bf6b8a673c57522efd0cfe0c7eb9dd4" score = 75 quality = 90 @@ -36496,8 +36496,8 @@ rule REVERSINGLABS_Cert_Blocklist_B514E4C5309Ef9F27Add05Bedd4339A0 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L5616-L5634" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L5616-L5634" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "665b280218528bbe3d5c65d043266469e5288587ed9d85d01797bef7ce132a6f" score = 75 quality = 90 @@ -36521,8 +36521,8 @@ rule REVERSINGLABS_Cert_Blocklist_13C7B92282Aae782Bfb00Baf879935F4 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L5636-L5652" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L5636-L5652" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "d4edbb446a51e5153ba88d6757d5fb610303eac3fd4bdd3b987b508dc618d2dc" score = 75 quality = 90 @@ -36546,8 +36546,8 @@ rule REVERSINGLABS_Cert_Blocklist_D627F1000D12485995514Bfbdefc55D9 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L5654-L5672" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L5654-L5672" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "7ca590d71997879d17054a936238dd5273a52f3438d1b231a75927abfb118ffd" score = 75 quality = 90 @@ -36571,8 +36571,8 @@ rule REVERSINGLABS_Cert_Blocklist_5Fb6Bae8834Edd8D3D58818Edc86D7D7 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L5674-L5690" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L5674-L5690" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "a8cec0479bfd53f34e291d56538187c05375e80d20af7f0af08f0db8e1d6ed22" score = 75 quality = 90 @@ -36596,8 +36596,8 @@ rule REVERSINGLABS_Cert_Blocklist_E5Ad42C509A7C24605530D35832C091E : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L5692-L5710" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L5692-L5710" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "2d57d1c171734d0da167ce7eba47aecd88cd15063488d79659804c6c2fae00a2" score = 75 quality = 90 @@ -36621,8 +36621,8 @@ rule REVERSINGLABS_Cert_Blocklist_8E3D89C682F7C0Dad70110Cb7B7C8263 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L5712-L5730" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L5712-L5730" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "a0f42c5492469e7f132b000aead2d674fed4ea9c0e168579fd55a6c89b45ae4d" score = 75 quality = 90 @@ -36646,8 +36646,8 @@ rule REVERSINGLABS_Cert_Blocklist_Ef2D35F2Ae82A767A16Be582Ab0D1Ba0 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L5732-L5750" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L5732-L5750" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "0709290aeb18bcb855518e150c2768c24ab311f5c727cdc4c40145b879ff88b6" score = 75 quality = 90 @@ -36671,8 +36671,8 @@ rule REVERSINGLABS_Cert_Blocklist_039668034826Df47E6207Ec9Daed57C3 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L5752-L5768" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L5752-L5768" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "792860feec6e599ba22ae3869ef132cf5b7be2e0572e23503e293444fd7c382d" score = 75 quality = 90 @@ -36696,8 +36696,8 @@ rule REVERSINGLABS_Cert_Blocklist_07Bb6A9D1C642C5973C16D5353B17Ca4 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L5770-L5786" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L5770-L5786" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "b98dcd4f0ebe870a9dad55cac5b0db81be6062216337b75a74a0aff8436df57f" score = 75 quality = 90 @@ -36721,8 +36721,8 @@ rule REVERSINGLABS_Cert_Blocklist_0A1Dc99E4D5264C45A5090F93242A30A : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L5788-L5804" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L5788-L5804" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "1985c9c4f4a93c3088eaec3031df93cf87a9d7ee36b94322330caf3c21982f3c" score = 75 quality = 90 @@ -36746,8 +36746,8 @@ rule REVERSINGLABS_Cert_Blocklist_018093Cfad72Cdf402Eecbe18B33Ec71 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L5806-L5822" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L5806-L5822" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "ac398ef89e691158742598777c320832a750a7410904448778afc7ef3c63c255" score = 75 quality = 90 @@ -36771,8 +36771,8 @@ rule REVERSINGLABS_Cert_Blocklist_569E03988Af60D80Ce60728940850D9B : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L5824-L5842" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L5824-L5842" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "3ea894d9e088c2123f9ec87cbf097e2275fae18cad26e926641fe64921808b1e" score = 75 quality = 90 @@ -36796,8 +36796,8 @@ rule REVERSINGLABS_Cert_Blocklist_418F6D959A8A0F82Bef07Ceba3603E52 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L5844-L5862" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L5844-L5862" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "6c13c5e85d6e053319193d1d94f216eeec64405c86d15971419078a1ce6c8ac9" score = 75 quality = 90 @@ -36821,8 +36821,8 @@ rule REVERSINGLABS_Cert_Blocklist_5378C5Bbeba0D3309A35Bb47F63037F7 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L5864-L5882" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L5864-L5882" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "a96acf93ca6da4d3bf5177b51996825cd3ea70443577622deccdd11fde579c31" score = 75 quality = 90 @@ -36846,8 +36846,8 @@ rule REVERSINGLABS_Cert_Blocklist_0Bab6A2Aa84B495D9E554A4C42C0126D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L5884-L5900" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L5884-L5900" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "79b6df421c78fd3e2f05a60f7d875e02519297a0278614c9f63dff8b1b2a2d18" score = 75 quality = 90 @@ -36871,8 +36871,8 @@ rule REVERSINGLABS_Cert_Blocklist_6314001C3235Cd59Bcc3F5278C518804 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L5902-L5918" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L5902-L5918" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "4320f3884c0f7e4939e8988a4e83b8028a5e01fb425ae4faa2273134db835813" score = 75 quality = 90 @@ -36896,8 +36896,8 @@ rule REVERSINGLABS_Cert_Blocklist_0Ed8Ade5D73B73Dade6943D557Ff87E5 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L5920-L5936" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L5920-L5936" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "7796b6e7da900be8634e7f1e51cda1275ab1e7c2709af7ecaa8777ab0b518494" score = 75 quality = 90 @@ -36921,8 +36921,8 @@ rule REVERSINGLABS_Cert_Blocklist_0292C7D574132Ba5C0441D1C7Ffcb805 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L5938-L5954" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L5938-L5954" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "d2bcf72f4c5829d161bc40e820eb0b1a85deaa49b749422d5429e27b7fb2b1fe" score = 75 quality = 90 @@ -36946,8 +36946,8 @@ rule REVERSINGLABS_Cert_Blocklist_1F23F001458716D435Cca1A55D660Ec5 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L5956-L5972" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L5956-L5972" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "bacfb4b7900ab57d23474e0422bd74fff113296b8db37e8eae3bd456443d28d6" score = 75 quality = 90 @@ -36971,8 +36971,8 @@ rule REVERSINGLABS_Cert_Blocklist_6E0Ccbdfb4777E10Ea6221B90Dc350C2 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L5974-L5990" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L5974-L5990" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "08a1ff7cc3a7680fdbb3235a7b46709cd4ba530a9afeab4344671db9fe893cc4" score = 75 quality = 90 @@ -36996,8 +36996,8 @@ rule REVERSINGLABS_Cert_Blocklist_0Ed1847A2Ae5D71Def1E833Fddd33D38 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L5992-L6008" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L5992-L6008" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "0ec5eb8ff1f630284fabfba5c58dd563d471343ace718f79dad08cfe75c3070d" score = 75 quality = 90 @@ -37021,8 +37021,8 @@ rule REVERSINGLABS_Cert_Blocklist_97Df46Acb26B7C81A13Cc467B47688C8 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L6010-L6028" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L6010-L6028" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "6f6e0e175caee83eaec2dacedaf564b642195a8815cfd0d4564f581070b0c545" score = 75 quality = 90 @@ -37046,8 +37046,8 @@ rule REVERSINGLABS_Cert_Blocklist_186D49Fac34Ce99775B8E7Ffbf50679D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L6030-L6046" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L6030-L6046" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "0444a5052ee384451ebd85918bbc6bf6d6a75334899a63a8b5828ef06cb9c7ca" score = 75 quality = 90 @@ -37071,8 +37071,8 @@ rule REVERSINGLABS_Cert_Blocklist_B1Aea98Bf0Ce789B6C952310F14Edde0 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L6048-L6066" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L6048-L6066" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "6e78750d6aca91e9e6d8f2651a5682ccdab5cd20ee3a74e1f8582eb7bc45d614" score = 75 quality = 90 @@ -37096,8 +37096,8 @@ rule REVERSINGLABS_Cert_Blocklist_2Dcd0699Da08915Dde6D044Cb474157C : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L6068-L6084" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L6068-L6084" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "e1a3f27b8b9b642fe1ca73ec54d225f4470b53d0d06f2eea55ad1ad43ec67b39" score = 75 quality = 90 @@ -37121,8 +37121,8 @@ rule REVERSINGLABS_Cert_Blocklist_4B03Cabe6A0481F17A2Dbeb9Aefad425 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L6086-L6102" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L6086-L6102" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "6986e7bd90842647ec6a168c30dca2d5ae8ae5b1c1014f966dd596a78859ac6e" score = 75 quality = 90 @@ -37146,8 +37146,8 @@ rule REVERSINGLABS_Cert_Blocklist_64Cd303Fa289790Afa03C403E9240002 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L6104-L6120" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L6104-L6120" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "f51556a8a12affbd7f7633bf8daa50e6332fa3d3448ea08853cf8ed28e593680" score = 75 quality = 90 @@ -37171,8 +37171,8 @@ rule REVERSINGLABS_Cert_Blocklist_07Cef66A71C35Bc3Aed6D100C6493863 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L6122-L6138" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L6122-L6138" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "e741fc13fe4d03b145ed1d86e738b415a7260eae5b0908c6991c9ea9896f14cf" score = 75 quality = 90 @@ -37196,8 +37196,8 @@ rule REVERSINGLABS_Cert_Blocklist_Be77Fe5C58B7A360Add6A3Fced4E8334 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L6140-L6158" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L6140-L6158" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "cea0d217206562c0045843405802d3b2fad01bdb2a4cfb52057625b43f5f8eee" score = 75 quality = 90 @@ -37221,8 +37221,8 @@ rule REVERSINGLABS_Cert_Blocklist_F097E59809Ae2E771B7B9Ae5Fc3408D7 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L6160-L6178" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L6160-L6178" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "9e23ff26d3e1ea181e48fc23383e3717804858bc517a31ec508fa0753730c78e" score = 75 quality = 90 @@ -37246,8 +37246,8 @@ rule REVERSINGLABS_Cert_Blocklist_0Cf1Ed2A6Ff4Bee621Efdf725Ea174B7 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L6180-L6196" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L6180-L6196" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "7030c122905105c72833cfcb41692bd9a67cf456e3309afce0b8f9e65c6aa5c1" score = 75 quality = 90 @@ -37271,8 +37271,8 @@ rule REVERSINGLABS_Cert_Blocklist_1249Aa2Ada4967969B71Ce63Bf187C38 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L6198-L6214" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L6198-L6214" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "f84568cfe6304af0307a34bfed6dd346a74e714005b5e6f22a354b14f853ec65" score = 75 quality = 90 @@ -37296,8 +37296,8 @@ rule REVERSINGLABS_Cert_Blocklist_D59A05955A4A421500F9561Ce983Aac4 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L6216-L6234" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L6216-L6234" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "b7ed87a03f20872669369cc3cad4eae40ba597f06222194bd67262c094083ec1" score = 75 quality = 90 @@ -37321,8 +37321,8 @@ rule REVERSINGLABS_Cert_Blocklist_539015999E304A5952985A994F9C3A53 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L6236-L6252" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L6236-L6252" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "feeb1710bd5b048c689a2e45575529624cd1622dcc73db8fe7de6c133fdc5698" score = 75 quality = 90 @@ -37346,8 +37346,8 @@ rule REVERSINGLABS_Cert_Blocklist_0B1926A5E8Ae50A0Efa504F005F93869 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L6254-L6270" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L6254-L6270" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "1cbdf39a873c83d2b55723215fb4930a3ce23b6cab2d71a6cd5f16b2721e30f9" score = 75 quality = 90 @@ -37371,8 +37371,8 @@ rule REVERSINGLABS_Cert_Blocklist_0A23B660E7322E54D7Bd0E5Acc890966 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L6272-L6288" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L6272-L6288" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "17996dd0ec81623dbd4eeea98f9bbe37c11c911ca840833ecb9301bb0a9ddb52" score = 75 quality = 90 @@ -37396,8 +37396,8 @@ rule REVERSINGLABS_Cert_Blocklist_6Cfa5050C819C4Acbb8Fa75979688Dff : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L6290-L6308" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L6290-L6308" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "cffc234be78446191dd5f5990db9f17c7e28eeaa3e16f1eb8ad4ed1e58fdc25e" score = 75 quality = 90 @@ -37421,8 +37421,8 @@ rule REVERSINGLABS_Cert_Blocklist_044E05Bb1A01A1Cbb50Cfb6Cd24E5D6B : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L6310-L6326" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L6310-L6326" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "40c80d3b6bedb0b3454e14501745a6e82b6ea9ac202748867a2e937fb79c6f6c" score = 75 quality = 90 @@ -37446,8 +37446,8 @@ rule REVERSINGLABS_Cert_Blocklist_B7F19B13De9Bee8A52Ff365Ced6F67Fa : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L6328-L6346" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L6328-L6346" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "a8d2a92b44cdd7b123907a6a77ba0fc9fde4961f9ac846b36f1e87730a1efae6" score = 75 quality = 90 @@ -37471,8 +37471,8 @@ rule REVERSINGLABS_Cert_Blocklist_B61B8E71514059Adc604Da05C283E514 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L6348-L6366" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L6348-L6366" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "1255cef74082c9cad41ac8e7d62e740f69e6ba44171bb45655a68ee5db204e57" score = 75 quality = 90 @@ -37496,8 +37496,8 @@ rule REVERSINGLABS_Cert_Blocklist_Ece6Cbf67Dc41635A5E5D075F286Af23 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L6368-L6386" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L6368-L6386" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "f560e6f4a65eaac8db1d8accb0748de17048e66ccf989468e6350a3ec1d70dc8" score = 75 quality = 90 @@ -37521,8 +37521,8 @@ rule REVERSINGLABS_Cert_Blocklist_014A98D697B44F43Ded21F18Eb6Ad0Ba : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L6388-L6404" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L6388-L6404" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "9f1cc61b944974696113912bc1d1a0b45b9911fa4d6de382a48c0d22d2d20953" score = 75 quality = 90 @@ -37546,8 +37546,8 @@ rule REVERSINGLABS_Cert_Blocklist_063A7D09107Eddd8Aa1F733634C6591B : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L6406-L6422" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L6406-L6422" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "19f11e1d9ce95eb4bc75387a0118c230388a13cd07b02e00ea1d65cdcc0b2bd7" score = 75 quality = 90 @@ -37571,8 +37571,8 @@ rule REVERSINGLABS_Cert_Blocklist_1E74Cfe7De8C5F57840A61034414Ca9F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L6424-L6442" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L6424-L6442" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "d82220d908283f1707ec15882503b02cb8dc80095279a9e7d6cbdd113c25d8ae" score = 75 quality = 90 @@ -37596,8 +37596,8 @@ rule REVERSINGLABS_Cert_Blocklist_75Cf729F8A740Bbdef183A1C4D86A02F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L6444-L6460" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L6444-L6460" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "691fadaa653ecd29e60f2db39b7c5154d7c85f388f72eccd0a4b5fe42eaee0dd" score = 75 quality = 90 @@ -37621,8 +37621,8 @@ rule REVERSINGLABS_Cert_Blocklist_2F64677254D3844Efdac2922123D05D1 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L6462-L6478" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L6462-L6478" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "f9f1f629e03563ece0fe5186b199e2f030dce7f58fb259de1aeb7387c76fa902" score = 75 quality = 90 @@ -37646,8 +37646,8 @@ rule REVERSINGLABS_Cert_Blocklist_32Fbf8Cfa43Dca3F85Efabe96Dfefa49 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L6480-L6496" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L6480-L6496" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "73d80e6a0dc2316524a55a9627792b9b4488d238ef529f1767de182956b0865e" score = 75 quality = 90 @@ -37671,8 +37671,8 @@ rule REVERSINGLABS_Cert_Blocklist_Ef9D0Cf071D463Cd63D13083046A7B8D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L6498-L6516" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L6498-L6516" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "2923979811504f78a79a2480600285a2697845e51870a44ed231a81e79807121" score = 75 quality = 90 @@ -37696,8 +37696,8 @@ rule REVERSINGLABS_Cert_Blocklist_115Cf1353A0E33E19099A4867A4C750A : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L6518-L6536" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L6518-L6536" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "2a3353c655531b113dc019a86288310881e3bbcb6c03670a805f22b185e09e6c" score = 75 quality = 90 @@ -37721,8 +37721,8 @@ rule REVERSINGLABS_Cert_Blocklist_5Cf3778Bb11115A884E192A7Cb807599 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L6538-L6556" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L6538-L6556" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "4242ef4a30bb09463ec5a6df9367915788a2aa782df6c463bcf966d2aad63c1d" score = 75 quality = 90 @@ -37746,8 +37746,8 @@ rule REVERSINGLABS_Cert_Blocklist_82Cb93593B658100Cdd7A00C874287F2 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L6558-L6576" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L6558-L6576" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "c77881e0365c9fc398097d0b6e077330a5f0fcbb53279bfde96b3c01df914c55" score = 75 quality = 90 @@ -37771,8 +37771,8 @@ rule REVERSINGLABS_Cert_Blocklist_9A8Bcfd05F86B15D0C99F50Cf414Bd00 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L6578-L6596" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L6578-L6596" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "803d70dddeff51b753b577ea196b12570847c6875ae676a2d12cf1ca9323be34" score = 75 quality = 90 @@ -37796,8 +37796,8 @@ rule REVERSINGLABS_Cert_Blocklist_95E5793F2Abe0B4Ec9Be54Fd24F76Ae5 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L6598-L6616" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L6598-L6616" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "bd198665ae952e11c91adc329908e3cd55a55365875200cd81d2f71fd092f1fe" score = 75 quality = 90 @@ -37821,8 +37821,8 @@ rule REVERSINGLABS_Cert_Blocklist_133565779808C3B79D8E3F70A9C3Ffac : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L6618-L6634" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L6618-L6634" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "b9fb2e3cc150b0278e67c673f7c01174c30b2cc4458c9c5e573661071795b793" score = 75 quality = 90 @@ -37846,8 +37846,8 @@ rule REVERSINGLABS_Cert_Blocklist_7E0Ccda0Ef37Acef6C2Ebe4538627E5C : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L6636-L6654" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L6636-L6654" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "f13f9b70a2a3187522e4fff45a8a425863ad6242f82592aa9319c8d5fddeeefa" score = 75 quality = 90 @@ -37871,8 +37871,8 @@ rule REVERSINGLABS_Cert_Blocklist_Bad35Fd70025D46C56B89E32B1A3954C : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L6656-L6674" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L6656-L6674" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "1020250fc5030e50bc1e7d0f0c5a77e462a53f47bfcc4383c682b34fed567492" score = 75 quality = 90 @@ -37896,8 +37896,8 @@ rule REVERSINGLABS_Cert_Blocklist_7B91468122273Aa32B7Cfc80C331Ea13 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L6676-L6692" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L6676-L6692" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "49d6fd8b325df4bc688275a09cee35e1040172eb6f3680aa2b6f0f3640c0782e" score = 75 quality = 90 @@ -37921,8 +37921,8 @@ rule REVERSINGLABS_Cert_Blocklist_3E267B5D14Cdf1F645C1Ec545Cec3Aee : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L6694-L6710" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L6694-L6710" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "e36ae57d715a71aa7d26dd003d647dfa7ab16d64e5411b6c49831544fc482645" score = 75 quality = 90 @@ -37946,8 +37946,8 @@ rule REVERSINGLABS_Cert_Blocklist_Ae6D3C0269Ef6497E14379C51A8507Ba : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L6712-L6730" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L6712-L6730" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "23570962c80bddce28a3dee9d4d864cf3cf64018eec6fbcbdd3ca2658c9f660f" score = 75 quality = 90 @@ -37971,8 +37971,8 @@ rule REVERSINGLABS_Cert_Blocklist_Fd8C468Cc1B45C9Cfb41Cbd8C835Cc9E : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L6732-L6750" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L6732-L6750" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "230d33f0d1d31d4cb76bf3b13f109d3cc9ace846daef145e1dc7666b33c8a42a" score = 75 quality = 90 @@ -37996,8 +37996,8 @@ rule REVERSINGLABS_Cert_Blocklist_7C061Baa3118327255161F6A7Fa4E21D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L6752-L6770" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L6752-L6770" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "4193fce69af03b3521a3cc442b762c52f8585b44fa6b0bd78b9ace171b807ed4" score = 75 quality = 90 @@ -38021,8 +38021,8 @@ rule REVERSINGLABS_Cert_Blocklist_04332C16724Ffeda5868D22Af56Aea43 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L6772-L6788" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L6772-L6788" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "6b62d5c7a3c6e3096797cd2f515d86045fa77682638bda44175d05c5b6c5bbc0" score = 75 quality = 90 @@ -38046,8 +38046,8 @@ rule REVERSINGLABS_Cert_Blocklist_030012F134E64347669F3256C7D050C5 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L6790-L6806" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L6790-L6806" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "1a55856bfa4c632b2b0404686dc7ba5e7238b619dd4d2eb68c3d291bc86e52c4" score = 75 quality = 90 @@ -38071,8 +38071,8 @@ rule REVERSINGLABS_Cert_Blocklist_Fa3Dcac19B884B44Ef4F81541184D6B0 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L6808-L6826" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L6808-L6826" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "324de84cb8c2f5402c9326749e3456e11312828df2523954fd84f7fb3298fdf3" score = 75 quality = 90 @@ -38096,8 +38096,8 @@ rule REVERSINGLABS_Cert_Blocklist_0E6F4Cb8B06E01C3Bd296Ace3A95F814 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L6828-L6844" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L6828-L6844" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "f3184a9d1fe2a1cf2dcc04d26c284aa9a651d2f00aa28642d7f951550a050138" score = 75 quality = 90 @@ -38121,8 +38121,8 @@ rule REVERSINGLABS_Cert_Blocklist_085B70224253486624Fc36Fa658A1E32 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L6846-L6862" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L6846-L6862" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "50ff48a421a109f8c6bf92032691d9b673945bc591005004ff17dc18c97d4aea" score = 75 quality = 90 @@ -38146,8 +38146,8 @@ rule REVERSINGLABS_Cert_Blocklist_51Cd5393514F7Ace2B407C3Dbfb09D8D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L6864-L6880" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L6864-L6880" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "4cd08b9113a7c1f4f2d438ac59ad0be503daded3a08b8c8e8ce3e0dfdddf259e" score = 75 quality = 90 @@ -38171,8 +38171,8 @@ rule REVERSINGLABS_Cert_Blocklist_B72179C027B9037Ee220E81Ab18Fe56D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L6882-L6900" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L6882-L6900" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "1416768011ff824307d112bdeecce1ad50d1f673e92bef8fddbbeb58ff98b1b1" score = 75 quality = 90 @@ -38196,8 +38196,8 @@ rule REVERSINGLABS_Cert_Blocklist_07B74C70C4Aa092648B7F0D1A8A3A28F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L6902-L6918" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L6902-L6918" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "97759fa2e519936115f0493e251f9abc0cce3ada437776a5a370388512235491" score = 75 quality = 90 @@ -38221,8 +38221,8 @@ rule REVERSINGLABS_Cert_Blocklist_4C8Def294478B7D59Ee95C61Fae3D965 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L6920-L6936" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L6920-L6936" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "3b7b10afa5f0212bd494ba8fe32bef18f2bbd77c8ab2ad498b9557a0575cc177" score = 75 quality = 90 @@ -38246,8 +38246,8 @@ rule REVERSINGLABS_Cert_Blocklist_7D36Cbb64Bc9Add17Ba71737D3Ecceca : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L6938-L6954" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L6938-L6954" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "5874860582ed5be6908dca38e6ecae831eeeb0c2b768e8065ada9fd5ac2bda89" score = 75 quality = 90 @@ -38271,8 +38271,8 @@ rule REVERSINGLABS_Cert_Blocklist_Ad255D4Ebefa751F3782587396C08629 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L6956-L6974" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L6956-L6974" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "43f44cbedf37094416628c9df23767be3b036519f93222812597777a146ecb24" score = 75 quality = 90 @@ -38296,8 +38296,8 @@ rule REVERSINGLABS_Cert_Blocklist_262Ca7Ae19D688138E75932832B18F9D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L6976-L6992" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L6976-L6992" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "a5bb946c6199cd47a087ac26f0a996261318d1830191ea7c0e7797ff03984558" score = 75 quality = 90 @@ -38321,8 +38321,8 @@ rule REVERSINGLABS_Cert_Blocklist_59A57E8Ba3Dcf2B6F59981Fda14B03 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L6994-L7010" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L6994-L7010" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "6e77c7d0bd7e5e9bc8880cc6ffc3f5f4f738e3dde22c270ad7a6f6672a99de53" score = 75 quality = 90 @@ -38346,8 +38346,8 @@ rule REVERSINGLABS_Cert_Blocklist_Aebe117A13B8Bca21685Df48C74F584D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L7012-L7030" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L7012-L7030" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "e7fbc1f32adec39c94dc046933e152cd6d3946da4a168306484b7b6bc7f26fb6" score = 75 quality = 90 @@ -38371,8 +38371,8 @@ rule REVERSINGLABS_Cert_Blocklist_7Dcd19A94535F034Ee36Af4676740633 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L7032-L7048" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L7032-L7048" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "7079d4f1973ad4de21e1f88282c94b11c4d63f8bad12b35ef76a481e154d9da3" score = 75 quality = 90 @@ -38396,8 +38396,8 @@ rule REVERSINGLABS_Cert_Blocklist_Ca4822E6905Aa4Fca9E28523F04F14A3 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L7050-L7068" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L7050-L7068" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "9633f3494e9ece3a698d47c5ba2b7ee7f82cee4be36ac418c969c36285c4963c" score = 75 quality = 90 @@ -38421,8 +38421,8 @@ rule REVERSINGLABS_Cert_Blocklist_24C1Ef800F275Ab2780280C595De3464 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L7070-L7086" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L7070-L7086" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "7536ec92f388234bea3b33bee4af52e0e0ce9cd86b1c8321a503f70bfe5faa76" score = 75 quality = 90 @@ -38446,8 +38446,8 @@ rule REVERSINGLABS_Cert_Blocklist_6401831B46588B9D872B02076C3A7B00 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L7088-L7104" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L7088-L7104" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "cb84b27391fa0260061bc5444039967e83f2134f7b56f9cccf6a421d4a65a577" score = 75 quality = 90 @@ -38471,8 +38471,8 @@ rule REVERSINGLABS_Cert_Blocklist_0A01A91Cce63Ede5Eaa3Dac4883Aea05 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L7106-L7122" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L7106-L7122" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "58a26b44e485814fa645bfa490f3442745884026bb7a70327d4f51645ad3f69c" score = 75 quality = 90 @@ -38496,8 +38496,8 @@ rule REVERSINGLABS_Cert_Blocklist_54Cd7Ae1C27F1421136Ed25088F4979A : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L7124-L7140" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L7124-L7140" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "c7cd84a225216ff1464a147c2572de2b0a2f69f7a315cdebef5ad2bab843b72a" score = 75 quality = 90 @@ -38521,8 +38521,8 @@ rule REVERSINGLABS_Cert_Blocklist_F2D693Aad63E6920782A0027Dfc97D91 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L7142-L7160" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L7142-L7160" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "8f29e65b39608518d16f708faef68db37b6e179c567819dccb6681adcec262e3" score = 75 quality = 90 @@ -38546,8 +38546,8 @@ rule REVERSINGLABS_Cert_Blocklist_F8E8F6C92Ba666B0688A8Cacce9Acccf : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L7162-L7180" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L7162-L7180" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "aa419bc044be55d4c94481998be4e9c0310416740084eb8376842cf5416d78bf" score = 75 quality = 90 @@ -38571,8 +38571,8 @@ rule REVERSINGLABS_Cert_Blocklist_E3D5089D4B8F01Aadce2731062Fb0Cce : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L7182-L7200" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L7182-L7200" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "7f10b86f156ccac695f480661dfea8bcc455477afd9575230c2f8510327d1996" score = 75 quality = 90 @@ -38596,8 +38596,8 @@ rule REVERSINGLABS_Cert_Blocklist_7Ed801843Fa001B8Add52D3A97B25931 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L7202-L7218" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L7202-L7218" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "b7c9424520afe16bd4769e1be84163ac37b8fb37433931f2e362d90cacc01093" score = 75 quality = 90 @@ -38621,8 +38621,8 @@ rule REVERSINGLABS_Cert_Blocklist_D9E834182Dec62C654E775E809Ac1D1B : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L7220-L7238" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L7220-L7238" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "3d8075e34fa3dc221bc2abc2630a93f32efbdde6df270a77b1d6b64d8ce56133" score = 75 quality = 90 @@ -38646,8 +38646,8 @@ rule REVERSINGLABS_Cert_Blocklist_801689896Ed339237464A41A2900A969 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L7240-L7258" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L7240-L7258" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "a371092cbf5a1a0c8051ba2b4c9dd758d829a2f0c21c86d1920164a0ae7751e6" score = 75 quality = 90 @@ -38671,8 +38671,8 @@ rule REVERSINGLABS_Cert_Blocklist_3Fd3661533Eef209153C9Afec3Ba4D8A : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L7260-L7276" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L7260-L7276" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "ce6c07b8ae54db03e4fa2739856a8d3dc2051c051a10c3c73501dad4296dde97" score = 75 quality = 90 @@ -38696,8 +38696,8 @@ rule REVERSINGLABS_Cert_Blocklist_0Ced87Bd70B092Cb93B182Fac32655F6 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L7278-L7294" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L7278-L7294" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "4e2c967b9502d9009c61831f019ba19367b866e898ca1246a1099d75ad0eb4d5" score = 75 quality = 90 @@ -38721,8 +38721,8 @@ rule REVERSINGLABS_Cert_Blocklist_047801D5B55C800B48411Fd8C320Ca5B : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L7296-L7312" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L7296-L7312" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "ef26b4e3c658f53f3048d10bd1b7a2a198cd402e1b7c60e84adadb4f236ccb5d" score = 75 quality = 90 @@ -38746,8 +38746,8 @@ rule REVERSINGLABS_Cert_Blocklist_0F0Ed5318848703405D40F7C62D0F39A : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L7314-L7330" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L7314-L7330" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "484932ddfe614fd5ab22361ab281cda62803c98279f938aa5237237fae6a95d6" score = 75 quality = 90 @@ -38771,8 +38771,8 @@ rule REVERSINGLABS_Cert_Blocklist_4E7545C9Fc5938F5198Ab9F1749Ca31C : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L7332-L7348" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L7332-L7348" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "f6be57eb6744ad6d239a0a2cc1ec8c39c9dfd4e4eeb3be9e699516c259f617f0" score = 75 quality = 90 @@ -38796,8 +38796,8 @@ rule REVERSINGLABS_Cert_Blocklist_7Ddd3796A427B42F2E52D7C7Af0Ca54F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L7350-L7366" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L7350-L7366" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "804ab8c44e5d97d8e14f852d61094e90d1e3ace66316781e9e79ab46fc7db8e7" score = 75 quality = 90 @@ -38821,8 +38821,8 @@ rule REVERSINGLABS_Cert_Blocklist_03B27D7F4Ee21A462A064A17Eef70D6C : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L7368-L7384" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L7368-L7384" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "b303751e354c346f73368de94b66a960dd12efa0730d2ab14af743810669ac81" score = 75 quality = 90 @@ -38846,8 +38846,8 @@ rule REVERSINGLABS_Cert_Blocklist_B0A308Fc2E71Ac4Ac40677B9C27Ccbad : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L7386-L7404" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L7386-L7404" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "21fd7625399c939b6d03100b731709616d206a3811197af2b86991be9d89b4eb" score = 75 quality = 90 @@ -38871,8 +38871,8 @@ rule REVERSINGLABS_Cert_Blocklist_61B11Ef9726Ab2E78132E01Bd791B336 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L7406-L7422" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L7406-L7422" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "1a8e72f31039a5a5602d0314f017a2596a23e4a796dc66167dfefc0c9790e3e3" score = 75 quality = 90 @@ -38896,8 +38896,8 @@ rule REVERSINGLABS_Cert_Blocklist_8Fe807310D98357A59382090634B93F0 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L7424-L7442" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L7424-L7442" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "0ec56bd4783c854efef863050ff729fd99efa98b7b19e04e56a080ee3e75cd90" score = 75 quality = 90 @@ -38921,8 +38921,8 @@ rule REVERSINGLABS_Cert_Blocklist_B97F66Bb221772Dc07Ef1D4Bed8F6085 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L7444-L7462" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L7444-L7462" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "794dc27ff9b2588d3f2c31cdb83e53616c604aa41da7d8c895034e1cf9da5dd8" score = 75 quality = 90 @@ -38946,8 +38946,8 @@ rule REVERSINGLABS_Cert_Blocklist_Fed006Fbf85Cd1C6Ba6B4345B198E1E6 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L7464-L7482" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L7464-L7482" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "0360c6760f1018f9388ef5639ab2306879134f33da12677f954fa31b8a71aa16" score = 75 quality = 90 @@ -38971,8 +38971,8 @@ rule REVERSINGLABS_Cert_Blocklist_Aa28C9Bd16D9D304F18Af223B27Bfa1E : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L7484-L7502" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L7484-L7502" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "feaa8d645eea46c7cbbba4ba86c92184df7515a50f1f905ab818c59079a0c96a" score = 75 quality = 90 @@ -38996,8 +38996,8 @@ rule REVERSINGLABS_Cert_Blocklist_19Beff8A6C129663E5E8C18953Dc1F67 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L7504-L7520" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L7504-L7520" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "0ec031c781ebad7447cfc53ce791aacc8f24e38f039c84e2ee547de64729ae76" score = 75 quality = 90 @@ -39021,8 +39021,8 @@ rule REVERSINGLABS_Cert_Blocklist_029685Cda1C8233D2409A31206F78F9F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L7522-L7538" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L7522-L7538" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "d541ce73e5039541ea221f27cc4d033f0c477e41a148206c26cc39ae07c4caaa" score = 75 quality = 90 @@ -39046,8 +39046,8 @@ rule REVERSINGLABS_Cert_Blocklist_D609B6C95428954A999A8A99D4F198Af : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L7540-L7558" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L7540-L7558" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "a124f80d599051ecd7c17e6818d181ea018db14c9f0514bbcc5b677ba3656d65" score = 75 quality = 90 @@ -39071,8 +39071,8 @@ rule REVERSINGLABS_Cert_Blocklist_D3356318924C8C42959Bf1D1574E6482 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L7560-L7578" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L7560-L7578" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "a672054a776d0715fc888578bcb559d24ef54b4c523f7d49a39ded2586c3140a" score = 75 quality = 90 @@ -39096,8 +39096,8 @@ rule REVERSINGLABS_Cert_Blocklist_31D852F5Fca1A5966B5Ed08A14825C54 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L7580-L7596" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L7580-L7596" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "8c98b856d53e6862e94042bb133f5739bddcec2e208e43961b23e244584c6ee4" score = 75 quality = 90 @@ -39121,8 +39121,8 @@ rule REVERSINGLABS_Cert_Blocklist_17D99Cc2F5B29522D422332E681F3E18 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L7598-L7614" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L7598-L7614" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "55cc1634cdc5209d68b98fdb0d9e97e0a34346cdcb10f243d13217cda01195f1" score = 75 quality = 90 @@ -39146,8 +39146,8 @@ rule REVERSINGLABS_Cert_Blocklist_6A568F85De2061F67Ded98707D4988Df : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L7616-L7632" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L7616-L7632" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "793be308a4df55c3b325e1ee3185159c4155f6dfabc311216d3763bd43680bd4" score = 75 quality = 90 @@ -39171,8 +39171,8 @@ rule REVERSINGLABS_Cert_Blocklist_038Fc745523B41B40D653B83Aa381B80 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L7634-L7650" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L7634-L7650" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "016ca6dcb5c7c56c80e4486b84d97fb3869a959ef3e8392e4376a0a0de06092f" score = 75 quality = 90 @@ -39196,8 +39196,8 @@ rule REVERSINGLABS_Cert_Blocklist_30Af0D0E6D8201A5369664C5Ebbb010F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L7652-L7668" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L7652-L7668" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "018e5a0fbeeaded2569b83e2f91230e0055a5ffa2059b7a064a5c2eda55ed2de" score = 75 quality = 90 @@ -39221,8 +39221,8 @@ rule REVERSINGLABS_Cert_Blocklist_Ac0A7B9420B369Af3Ddb748385B981 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L7670-L7688" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L7670-L7688" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "2bc31eaa64be487cb85873a64b7462d90d1c28839def070ce5db7ae555383421" score = 75 quality = 90 @@ -39246,8 +39246,8 @@ rule REVERSINGLABS_Cert_Blocklist_C167F04B338B1E8747B92C2197403C43 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L7690-L7708" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L7690-L7708" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "8e0a11efc739baefe23a3d77e4eefc9dc23c74821c91fc219822dbc5dbb468b1" score = 75 quality = 90 @@ -39271,8 +39271,8 @@ rule REVERSINGLABS_Cert_Blocklist_9272607Cfc982B782A5D36C4B78F5E7B : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L7710-L7728" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L7710-L7728" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "2b1d6f27fb513542589a5c9011e501a9d298282bba6882eac0fc7bf3e6ebb291" score = 75 quality = 90 @@ -39296,8 +39296,8 @@ rule REVERSINGLABS_Cert_Blocklist_45Eb9187A2505D8E6C842E6D366Ad0C8 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L7730-L7746" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L7730-L7746" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "4ae755e814ae2488d4bd6b8136ab6d78e4809a2ddacb7f88cf1d2b64c1488898" score = 75 quality = 90 @@ -39321,8 +39321,8 @@ rule REVERSINGLABS_Cert_Blocklist_56Fff139Df5Ae7E788E5D72196Dd563A : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L7748-L7764" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L7748-L7764" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "4b58c83901605d8b43519f1bc2d4ac8dc10c794f027681378b2bee2a8ff81604" score = 75 quality = 90 @@ -39346,8 +39346,8 @@ rule REVERSINGLABS_Cert_Blocklist_E161F76Da3B5E4623892C8E6Fda1Ea3D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L7766-L7784" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L7766-L7784" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "883545593b48aa11c11f7fa1a1f77c62321ea86067f1ed108dcd00c8c6cd3495" score = 75 quality = 90 @@ -39371,8 +39371,8 @@ rule REVERSINGLABS_Cert_Blocklist_9Ae5B177Ac3A7Ce2Aadf1C891B574924 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L7786-L7804" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L7786-L7804" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "03ac299459a1aaf2e4a2e62884cd321e16100fee78b4b0e271acdd8a4e32525c" score = 75 quality = 90 @@ -39396,8 +39396,8 @@ rule REVERSINGLABS_Cert_Blocklist_A03Ea3A4Fa772B17037A0B80F1F968Aa : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L7806-L7824" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L7806-L7824" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "e2044c6ddb80f3add13dfc3b623d0460ce8e9a66c5a98582f80d906edbbbd829" score = 75 quality = 90 @@ -39421,8 +39421,8 @@ rule REVERSINGLABS_Cert_Blocklist_333Ca7D100B139B0D9C1A97Cb458E226 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L7826-L7842" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L7826-L7842" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "b3a31a54132fd8ca2c11b7806503207a4197f16af78693387bac56879b5e1448" score = 75 quality = 90 @@ -39446,8 +39446,8 @@ rule REVERSINGLABS_Cert_Blocklist_9245D1511923F541844Faa3C6Bfebcbe : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L7844-L7862" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L7844-L7862" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "b965e897b42c39841e663cc144cf6e4a81fc9bcb64ce3a15a7ca021e95866b08" score = 75 quality = 90 @@ -39471,8 +39471,8 @@ rule REVERSINGLABS_Cert_Blocklist_2888Cf0F953A4A3640Ee4Cfc6304D9D4 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L7864-L7880" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L7864-L7880" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "a9ee8534d89b8ac8705bb1777718513a28e4531ed398f482f46a72f2760af161" score = 75 quality = 90 @@ -39496,8 +39496,8 @@ rule REVERSINGLABS_Cert_Blocklist_C8Edcfe8Be174C2F204D858C5B91Dea5 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L7882-L7900" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L7882-L7900" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "b3e6927abfce69548374bfd430a3ae3a1c5a8d05f0f40e43091b4d12025c5b1a" score = 75 quality = 90 @@ -39521,8 +39521,8 @@ rule REVERSINGLABS_Cert_Blocklist_9Faf8705A3Eaef9340800Cc4Fd38597C : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L7902-L7920" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L7902-L7920" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "66a340f169e401705ba229d2d4548cef1a57bf1d2d320b108d12b2049b063b92" score = 75 quality = 90 @@ -39546,8 +39546,8 @@ rule REVERSINGLABS_Cert_Blocklist_0940Fa9A4080F35052B2077333769C2F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L7922-L7938" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L7922-L7938" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "45636ea33751fea61572539fe6f28bccd05df9b6b9e7f2d77bb738f7c69c53a2" score = 75 quality = 90 @@ -39571,8 +39571,8 @@ rule REVERSINGLABS_Cert_Blocklist_Ea720222D92Dc8D48E3B3C3B0Fc360A6 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L7940-L7958" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L7940-L7958" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "c60e1ccf178f03f930a3bc41e9a92be20df0362f067ed1fcfc7c93627a056d75" score = 75 quality = 90 @@ -39596,8 +39596,8 @@ rule REVERSINGLABS_Cert_Blocklist_4743E140C05B33F0449023946Bd05Acb : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L7960-L7976" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L7960-L7976" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "69ce1512d7df4926ee2b470b18fbe51a2aa81e07b37b2536617d6353045e0d19" score = 75 quality = 90 @@ -39621,8 +39621,8 @@ rule REVERSINGLABS_Cert_Blocklist_A496Bc774575C31Abec861B68C36Dcb6 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L7978-L7996" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L7978-L7996" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "f82214f982c9972e547f77966c44e935e9de701cc9108ceca34a4fede850d243" score = 75 quality = 90 @@ -39646,8 +39646,8 @@ rule REVERSINGLABS_Cert_Blocklist_0A55C15F733Bf1633E9Ffae8A6E3B37D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L7998-L8014" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L7998-L8014" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "89ca9f1c5cf0b029748528d8c5bb65f89ee05877bfdc13b4ce3d2d3e7feafb5d" score = 75 quality = 90 @@ -39671,8 +39671,8 @@ rule REVERSINGLABS_Cert_Blocklist_C650Ae531100A91389A7F030228B3095 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L8016-L8034" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L8016-L8034" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "186b66283491cfebcaade57b1010ce4304c08ddb131153984210c2c7025961aa" score = 75 quality = 90 @@ -39696,8 +39696,8 @@ rule REVERSINGLABS_Cert_Blocklist_3990362C34015Ce4C23Ecc3377Fd3C06 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L8036-L8052" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L8036-L8052" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "0625800fcb166b56cab2e16d0d757983a6f880b68627ed8c3c38419dd9a32999" score = 75 quality = 90 @@ -39721,8 +39721,8 @@ rule REVERSINGLABS_Cert_Blocklist_121Fca3Cfa4Bd011669F5Cc4E053Aa3F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L8054-L8070" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L8054-L8070" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "1edd5be3f970202be15080cd7ef19c0cce7fcba73cb6120d7cb7d518e877cf85" score = 75 quality = 90 @@ -39746,8 +39746,8 @@ rule REVERSINGLABS_Cert_Blocklist_D338F8A490E37E6C2Be80A0E349929Fa : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L8072-L8090" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L8072-L8090" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "39d9695803e96508b5ad12a7d9f8b65d13288dbe94b21a4952e096dd576e11ce" score = 75 quality = 90 @@ -39771,8 +39771,8 @@ rule REVERSINGLABS_Cert_Blocklist_2C1Ee9B583310B5E34A1Ee6945A34B26 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L8092-L8108" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L8092-L8108" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "7752e49e8848863d78c5de03c3d194498765d80da00a84c5164c7a9010d13474" score = 75 quality = 90 @@ -39796,8 +39796,8 @@ rule REVERSINGLABS_Cert_Blocklist_D875B3E3F2Db6C3Eb426E24946066111 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L8110-L8128" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L8110-L8128" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "9e181271d46c828b9ec266331e077b3b4891a193c71173447da383fad91ae878" score = 75 quality = 90 @@ -39821,8 +39821,8 @@ rule REVERSINGLABS_Cert_Blocklist_Ad0A958Cdf188Bed43154A54Bf23Afba : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L8130-L8148" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L8130-L8148" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "07e53e59f90aa3cd3a98dbca2627672606f6c6f8f3bda8456e32122463729c4b" score = 75 quality = 90 @@ -39846,8 +39846,8 @@ rule REVERSINGLABS_Cert_Blocklist_3Cee26C125B8C188F316C3Fa78D9C2F1 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L8150-L8166" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L8150-L8166" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "5c64f8e40c31822ce8d2e34f96ccc977085e429f0c068a5f6b44099117837de1" score = 75 quality = 90 @@ -39871,8 +39871,8 @@ rule REVERSINGLABS_Cert_Blocklist_4C687A0022C36F89E253F91D1F6954E2 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L8168-L8184" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L8168-L8184" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "287c0c7a25e33e0e7def6efa23dbd2efba7c4ac3aa8f5deb8568a60a95e08bbe" score = 75 quality = 90 @@ -39896,8 +39896,8 @@ rule REVERSINGLABS_Cert_Blocklist_Ca646B4275406Df639Cf603756F63D77 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L8186-L8204" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L8186-L8204" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "a690e3f6a656835984e47d999271fe441a5fbf424208da8d5b3c9ddcef47b70e" score = 75 quality = 90 @@ -39921,8 +39921,8 @@ rule REVERSINGLABS_Cert_Blocklist_Addbec454B5479Cabd940A72Df4500Af : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L8206-L8224" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L8206-L8224" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "799629791646c524d170b900339b87474aed73b7156a8c4dd20f7c13cbe97929" score = 75 quality = 90 @@ -39946,8 +39946,8 @@ rule REVERSINGLABS_Cert_Blocklist_Ac307E5257Bb814B818D3633B630326F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L8226-L8244" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L8226-L8244" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "10819bd2194fface6db812f8c6770c306c183386d2d9ba97467a5b55fd997194" score = 75 quality = 90 @@ -39971,8 +39971,8 @@ rule REVERSINGLABS_Cert_Blocklist_0D83E7F47189Cdbfc7Fa3E5F58882329 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L8246-L8262" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L8246-L8262" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "b344f9fd6d8378b7d77a34b14c5f37eea253f3d13a8eb0777925f195fb3cf502" score = 75 quality = 90 @@ -39996,8 +39996,8 @@ rule REVERSINGLABS_Cert_Blocklist_58Aa64564A50E8B2D6E31D5Cd6250Fde : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L8264-L8280" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L8264-L8280" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "f6b50ebf707b67650fe832d81c6fe8d2411cd83432ef94432d181db0c29aa48b" score = 75 quality = 90 @@ -40021,8 +40021,8 @@ rule REVERSINGLABS_Cert_Blocklist_2Aa0Ae245B487C8926C88Ee6D736D1Ca : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L8282-L8298" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L8282-L8298" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "5a362175600552983ae838ca18aa378dc748b8b68bd8b67a9387794d983ed1a2" score = 75 quality = 90 @@ -40046,8 +40046,8 @@ rule REVERSINGLABS_Cert_Blocklist_1Aec3D3F752A38617C1D7A677D0B5591 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L8300-L8316" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L8300-L8316" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "b299833a19944ca6943ba9c974ec95369c57cd61acc8b2e1b5310edd077762c2" score = 75 quality = 90 @@ -40071,8 +40071,8 @@ rule REVERSINGLABS_Cert_Blocklist_A7E1Dc5352C3852C5523030F57F2425C : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L8318-L8336" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L8318-L8336" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "79c42c9a4eeeb69a62a16590e2b0b63818785509a40d543c7efe27ec6baaa19e" score = 75 quality = 90 @@ -40096,8 +40096,8 @@ rule REVERSINGLABS_Cert_Blocklist_Bbd4Dc3768A51Aa2B3059C1Bad569276 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L8338-L8356" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L8338-L8356" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "f336570834e0663c6e589fa22b3541f4f79c40ff945dd91f1fd1258a96adeceb" score = 75 quality = 90 @@ -40121,8 +40121,8 @@ rule REVERSINGLABS_Cert_Blocklist_08622B9Dd9D78E67678Ecc21E026522E : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L8358-L8374" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L8358-L8374" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "09507b09b035195b74434f56041588f67245fa097183228dffc612bb4901825b" score = 75 quality = 90 @@ -40146,8 +40146,8 @@ rule REVERSINGLABS_Cert_Blocklist_E69A6De0074Ece38C2F30F0D4A808456 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L8376-L8394" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L8376-L8394" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "21d8641d2394120847044f0e6f4d868095a1e30c0b594a3d045877ab9b3808a1" score = 75 quality = 90 @@ -40171,8 +40171,8 @@ rule REVERSINGLABS_Cert_Blocklist_8385684419Ab26A3F2640B1496E1Fe94 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L8396-L8414" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L8396-L8414" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "24f75badc335160a8053a4c7e8bbd8ddbd3266c3a18059a937d5989df97ae9d9" score = 75 quality = 90 @@ -40196,8 +40196,8 @@ rule REVERSINGLABS_Cert_Blocklist_21E3Cae5B77C41528658Ada08509C392 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L8416-L8432" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L8416-L8432" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "2e24ed0bd0bf3c36cae4bf106a2c17386bfb58b76372068be9745c2d501f30fc" score = 75 quality = 90 @@ -40221,8 +40221,8 @@ rule REVERSINGLABS_Cert_Blocklist_2Abd2Eef14D480Dfea9Ca9Fdd823Cf03 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L8434-L8450" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L8434-L8450" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "2dfc220c44d3dda28a253e5115ae9a087b6ddbf1a7ca1e9bcae5bd9ac5b2e1a0" score = 75 quality = 90 @@ -40246,8 +40246,8 @@ rule REVERSINGLABS_Cert_Blocklist_86909B91F07F9316984D888D1E28Ab76 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L8452-L8470" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L8452-L8470" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "abd84492ed008125688a53e20d51780fa0b8c2309dcf751ff76a03d6f337beaa" score = 75 quality = 90 @@ -40271,8 +40271,8 @@ rule REVERSINGLABS_Cert_Blocklist_D1B8F1Fe56381Befdb2E73Ffef2A4B28 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L8472-L8490" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L8472-L8490" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "c118cb46914e7a6df8dd33dd14d5f9cf2692d98311503ec850cc66f02c20839e" score = 75 quality = 90 @@ -40296,8 +40296,8 @@ rule REVERSINGLABS_Cert_Blocklist_D4Ef1Ab6Ab5D3Cb35E4Efb7984Def7A2 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L8492-L8510" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L8492-L8510" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "ecc2f6bfda1a0afd016f0a5183c0d1cdfe5d5e06c893a7d9a3d7cb7f9bc4bf16" score = 75 quality = 90 @@ -40321,8 +40321,8 @@ rule REVERSINGLABS_Cert_Blocklist_066276Af2F2C7E246D3B1Cab1B4Aa42E : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L8512-L8528" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L8512-L8528" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "30d4fa2cbc75d3a6258cdf0374159f25ea152c39784f8b7e9c461978df865dc0" score = 75 quality = 90 @@ -40346,8 +40346,8 @@ rule REVERSINGLABS_Cert_Blocklist_65Cd323C2483668B90A44A711D2A6B98 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L8530-L8546" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L8530-L8546" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "653aff6f3913f1bf51e90e7a835dbb5441457175797cefdddd234a6c2c0f11ad" score = 75 quality = 90 @@ -40371,8 +40371,8 @@ rule REVERSINGLABS_Cert_Blocklist_5A17D5De74Fd8F09Df596Df3123139Bb : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L8548-L8564" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L8548-L8564" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "7ed62740fe191d961ad32b2a79463cc9cbce557ea757e413860f7b4974904c03" score = 75 quality = 90 @@ -40396,8 +40396,8 @@ rule REVERSINGLABS_Cert_Blocklist_15Da61D7E1A631803431561674Fb9B90 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L8566-L8582" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L8566-L8582" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "75d2c3b47fe9c863812f2c98fc565af9050b909a03528e2ea4a96542a3ec0c0d" score = 75 quality = 90 @@ -40421,8 +40421,8 @@ rule REVERSINGLABS_Cert_Blocklist_7Ab21306B11Ff280A93Fc445876988Ab : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L8584-L8600" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L8584-L8600" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "0cda954aa807336a6737716d0fa43d696376c240ab7be9d8477baf8800604bf1" score = 75 quality = 90 @@ -40446,8 +40446,8 @@ rule REVERSINGLABS_Cert_Blocklist_634E16E38F12E9A71Aca08E4C6B2Dbb9 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L8602-L8618" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L8602-L8618" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "08950f276e5cf3fe4b5f7421ba671dfd72585aac3bbed7868fdb0e5aa90ec10e" score = 75 quality = 90 @@ -40471,8 +40471,8 @@ rule REVERSINGLABS_Cert_Blocklist_289051A83F350A2C600187C99B6C0A73 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L8620-L8636" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L8620-L8636" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "cd5d6f95f0cfdbf8d37ea78d061ce00512b6cb7c899152b1640673494d539dd1" score = 75 quality = 90 @@ -40496,8 +40496,8 @@ rule REVERSINGLABS_Cert_Blocklist_818631110B5D14331Dac7E6Ad998B902 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L8638-L8656" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L8638-L8656" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "5e0de3848adf933632c2eb8cf5ead61d6470237386ba8b48d57a278d99dba324" score = 75 quality = 90 @@ -40521,8 +40521,8 @@ rule REVERSINGLABS_Cert_Blocklist_277Cd16De5D61B9398B645Afe41C09C7 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L8658-L8674" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L8658-L8674" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "696467d699dec060b205f36f53dbe157b241823757d72798b35235d6530fd193" score = 75 quality = 90 @@ -40546,8 +40546,8 @@ rule REVERSINGLABS_Cert_Blocklist_D0Eda76C13D30C97015708790Bb94214 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L8676-L8694" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L8676-L8694" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "2112ebfb7c9ebbbccb20cefcd23bb49142da770feb16ee8eef5eb27646226785" score = 75 quality = 90 @@ -40571,8 +40571,8 @@ rule REVERSINGLABS_Cert_Blocklist_6333Ed618F88A05B4D82Ad7Bf66Cb0Fa : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L8696-L8712" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L8696-L8712" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "b088ac4b74a8cf3dddb67c8de2b7c3c5f537287a0454c0030c0eb4069c465c7d" score = 75 quality = 90 @@ -40596,8 +40596,8 @@ rule REVERSINGLABS_Cert_Blocklist_3B777165B125Bccc181D0Bac3F5B55B3 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L8714-L8730" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L8714-L8730" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "80aff3d6f45f5847d5d39b170b9d0e70168d02569ca6d86a2c39150399d290fc" score = 75 quality = 90 @@ -40621,8 +40621,8 @@ rule REVERSINGLABS_Cert_Blocklist_5B37Ac3479283B6F9D75Ddf0F8742D06 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L8732-L8748" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L8732-L8748" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "b7abd389ac31cd970e6611c7c303714fdd658f45d4857ad524f5e8368edbb875" score = 75 quality = 90 @@ -40646,8 +40646,8 @@ rule REVERSINGLABS_Cert_Blocklist_3112C69D460C781Fd649C71E61Bfec82 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L8750-L8766" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L8750-L8766" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "ed31b0a24d18a451163867f0f49df12af3ca0768f250ac8ce66d41405393130d" score = 75 quality = 90 @@ -40671,8 +40671,8 @@ rule REVERSINGLABS_Cert_Blocklist_0A5B4F67Ad8B22Afc2Debe6Ce5F8F679 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L8768-L8784" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L8768-L8784" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "938efb7ee19970484aded5cd46b2ff730f8882706bec3f062bdebde3cc9a4799" score = 75 quality = 90 @@ -40696,8 +40696,8 @@ rule REVERSINGLABS_Cert_Blocklist_Df45B36C9D0Bd248C3F9494E7Ca822 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L8786-L8804" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L8786-L8804" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "9c03522376b0d807cd36a0641e474d770bc3b4f8221f26d232878d2d320d072b" score = 75 quality = 90 @@ -40721,8 +40721,8 @@ rule REVERSINGLABS_Cert_Blocklist_1Ae3C4Eccecda2127D43Be390A850Dda : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L8806-L8822" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L8806-L8822" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "8a2ff4f7a5ac996127778b1670e79291bddcb5dee6e7da2b540fd254537ee27e" score = 75 quality = 90 @@ -40746,8 +40746,8 @@ rule REVERSINGLABS_Cert_Blocklist_2E36360538624C9B1Afd78A2Fb756028 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L8824-L8840" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L8824-L8840" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "9cbb50c7d383048fd506506fa9ee8bf7c6d82feaf21bcde4008ab99b82e234a7" score = 75 quality = 90 @@ -40771,8 +40771,8 @@ rule REVERSINGLABS_Cert_Blocklist_Addb899F8229Fd53E6435E08Bbd3A733 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L8842-L8860" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L8842-L8860" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "ecb8e31b8c56b92cef601618e0adc2f6d88999318805b92389693aa9e8050d18" score = 75 quality = 90 @@ -40796,8 +40796,8 @@ rule REVERSINGLABS_Cert_Blocklist_C1A1Db95D7Bf80290Aa6E82D8F8F996A : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L8862-L8880" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L8862-L8880" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "84c7c0e53facadcdfd752e9cf3811fbfd6aac4bef4109acf430a67b6dcd37bfc" score = 75 quality = 90 @@ -40821,8 +40821,8 @@ rule REVERSINGLABS_Cert_Blocklist_C667Ffe3A5B0A5Ae7Cf3A9E41682E91B : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L8882-L8900" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L8882-L8900" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "be2cd688f2d7c458ee764bd7a7250e0116328702db5585b444d631f05cdc701b" score = 75 quality = 90 @@ -40846,8 +40846,8 @@ rule REVERSINGLABS_Cert_Blocklist_E0A83917660D05Cf476374659D3C7B85 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L8902-L8920" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L8902-L8920" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "f60753ecb775d664e07e78611568799eaf06fb4742bcef3bf0c28202daf98c50" score = 75 quality = 90 @@ -40871,8 +40871,8 @@ rule REVERSINGLABS_Cert_Blocklist_Afc5522898143Aafaab7Fd52304Cf00C : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L8922-L8940" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L8922-L8940" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "bfcf2fbbd9be97202eeb44c0f81f0a0713d4d30c466f2b170231c7f9df0e9e6d" score = 75 quality = 90 @@ -40896,8 +40896,8 @@ rule REVERSINGLABS_Cert_Blocklist_8B3333D32B2C2A1D33B41Ba5Db9D4D2D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L8942-L8960" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L8942-L8960" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "cdb3f1983ed17df22d17c6321bc2ead2c391d70fdca4a9f6f4784f62196b85d0" score = 75 quality = 90 @@ -40921,8 +40921,8 @@ rule REVERSINGLABS_Cert_Blocklist_Fbb1198Bd8Bddb0D693Eb72A8613Fe3F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L8962-L8980" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L8962-L8980" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "2e004116d0f8df5a625b190127655926336fc74b4cce4ae40cd516a135e5d719" score = 75 quality = 90 @@ -40946,8 +40946,8 @@ rule REVERSINGLABS_Cert_Blocklist_846F77D9919Fc4405Aefe1701309Bd67 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L8982-L9000" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L8982-L9000" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "6739049a61183d506daf9aaf44a3b15cbf2234c6af307ec95bc07fa3d8501105" score = 75 quality = 90 @@ -40971,8 +40971,8 @@ rule REVERSINGLABS_Cert_Blocklist_0939C2Bad859C0432E8E98A6C0162C02 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L9002-L9018" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L9002-L9018" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "3c48241e52e58600bfa0385742831dba59d9cbd959cd6853fe8e030f5df79c23" score = 75 quality = 90 @@ -40996,8 +40996,8 @@ rule REVERSINGLABS_Cert_Blocklist_7Fba0E19919Ac50D700Ba60250D02C8B : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L9020-L9036" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L9020-L9036" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "8c803111df930056bdc3ef7560f07bf4d255b93286d01ecc55f790e72565ba5d" score = 75 quality = 90 @@ -41021,8 +41021,8 @@ rule REVERSINGLABS_Cert_Blocklist_A758504E7971869D0Aec2775Fffa03D5 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L9038-L9056" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L9038-L9056" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "dcb1ac4c7dcbebd0a432515da82e4a97be6c6c2a54f9d642aa8c1a2bcbdce5de" score = 75 quality = 90 @@ -41046,8 +41046,8 @@ rule REVERSINGLABS_Cert_Blocklist_37A67Cf754Ee5Ae284B4Cf8B9D651604 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L9058-L9074" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L9058-L9074" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "22cb71eebbb212a4436847c11c7ca9cefaf118086b024014c12498a6a5953af5" score = 75 quality = 90 @@ -41071,8 +41071,8 @@ rule REVERSINGLABS_Cert_Blocklist_119Acead668Bad57A48B4F42F294F8F0 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L9076-L9092" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L9076-L9092" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "61c49c60fc4fd5d654a6376fcee43e986a5351f085a5652a3c8888774557e053" score = 75 quality = 90 @@ -41096,8 +41096,8 @@ rule REVERSINGLABS_Cert_Blocklist_7A6D30A6Eb2Fa0C3369283725704Ac4C : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L9094-L9110" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L9094-L9110" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "788abb53ed7974d87c1b1bdbe31dcd3e852ea64745d94780d78d1217ee0206fe" score = 75 quality = 90 @@ -41121,8 +41121,8 @@ rule REVERSINGLABS_Cert_Blocklist_670C3494206B9F0C18714Fdcffaaa42F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L9112-L9128" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L9112-L9128" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "3b1e244b5f543a05beb2475020aa20dfc723f4dce3a5a0a963db1672d3295721" score = 75 quality = 90 @@ -41146,8 +41146,8 @@ rule REVERSINGLABS_Cert_Blocklist_0E8Aa328Af207Ce8Bcae1Dc15C626188 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L9130-L9146" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L9130-L9146" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "4022abb8efbda944e35ff529c5b3b3c9f6370127a945f3eec1310149bb5d06e4" score = 75 quality = 90 @@ -41171,8 +41171,8 @@ rule REVERSINGLABS_Cert_Blocklist_Cfad6Be1D823B4Eacb803B720F525A7D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L9148-L9166" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L9148-L9166" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "d8005774e6011d8198039a6588834cd0b13dd728103b63c3ea8b6e0dc3878f05" score = 75 quality = 90 @@ -41196,8 +41196,8 @@ rule REVERSINGLABS_Cert_Blocklist_7Ebcb54B7E0E6410B28610De0743D4Dd : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L9168-L9184" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L9168-L9184" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "c9444ff9e13192bf300afac12554bc4cc2defb37bb5b57906b6163db378c515a" score = 75 quality = 90 @@ -41221,8 +41221,8 @@ rule REVERSINGLABS_Cert_Blocklist_01106Cc293772Ca905A2B6Eff02Bf0F5 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L9186-L9202" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L9186-L9202" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "81e19c06de4546a2cee974230ef7aa15291f20f2e6b6f89c9b12107c26836b5e" score = 75 quality = 90 @@ -41246,8 +41246,8 @@ rule REVERSINGLABS_Cert_Blocklist_05Bb162F6Efe852B7Bd4712Fd737A61E : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L9204-L9220" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L9204-L9220" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "d2fcbce0826c1478338827376d2c7869e5b38dc6d5e737a2f986600c6f71b1e6" score = 75 quality = 90 @@ -41271,8 +41271,8 @@ rule REVERSINGLABS_Cert_Blocklist_6171990Ba1C8E71049Ebb296A35Bd160 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L9222-L9238" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L9222-L9238" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "e922bb850b7c5c70db80e6a2b99310eac48d3b10b94a7259899facd681916bfa" score = 75 quality = 90 @@ -41296,8 +41296,8 @@ rule REVERSINGLABS_Cert_Blocklist_2114Ca3Bd2Afd63D7Fa29D744992B043 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L9240-L9256" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L9240-L9256" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "241fe5a9f233fa36a665d22b38fd360bee21bc9832c15ac9c9d9b17adc3bb306" score = 75 quality = 90 @@ -41321,8 +41321,8 @@ rule REVERSINGLABS_Cert_Blocklist_6Aaa62208A3A78Bfac1443007D031E61 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L9258-L9274" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L9258-L9274" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "7ba7f69514230fe636efc0a12fb9ac489a5a80ca1f5bcdb050dd30ee8f69659c" score = 75 quality = 90 @@ -41346,8 +41346,8 @@ rule REVERSINGLABS_Cert_Blocklist_09450B8F73Ea43E39D2Cdd56049Dbe40 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L9276-L9292" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L9276-L9292" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "22b344b8befc00b0154d225603c81c6058399770f54cb6a09d0f7908c5c8188c" score = 75 quality = 90 @@ -41371,8 +41371,8 @@ rule REVERSINGLABS_Cert_Blocklist_0Efd9Bd4B4281C6522D96011Df46C9C4 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L9294-L9310" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L9294-L9310" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "8f8a5e3457c05c5e70e33041c5b0b971cf8f19313d47055fd760ed17d94c8794" score = 75 quality = 90 @@ -41396,8 +41396,8 @@ rule REVERSINGLABS_Cert_Blocklist_0Dd7D4A785990584D8C0837659173272 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L9312-L9328" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L9312-L9328" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "d18a479f07f2bdb890437e2bcb0213abdfb0eb684cdaf17c5eb0583039f2edb4" score = 75 quality = 90 @@ -41421,8 +41421,8 @@ rule REVERSINGLABS_Cert_Blocklist_0C59D46580F039Af2C4Ab6Ba0Ffed197 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L9330-L9346" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L9330-L9346" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "32eea2a436f386ef44a00ef72be8be7d4070b02f84ba71c7ee1ca407fddce8ec" score = 75 quality = 90 @@ -41446,8 +41446,8 @@ rule REVERSINGLABS_Cert_Blocklist_0448Ec8D26597F99912138500Cc41C1B : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L9348-L9364" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L9348-L9364" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "001556c31cfb0d94978adc48dc0d24c83666512348c65508975cc9e1a119aeae" score = 75 quality = 90 @@ -41471,8 +41471,8 @@ rule REVERSINGLABS_Cert_Blocklist_0108Cbaee60728F5Bf06E45A56D6F170 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L9366-L9382" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L9366-L9382" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "52027548e20c819e73ea5e9afd87faaca4498bc39e54dd30ad99a24e3ace57fd" score = 75 quality = 90 @@ -41496,8 +41496,8 @@ rule REVERSINGLABS_Cert_Blocklist_038D56A12153E8B5C74C69Bff65Cbe3F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L9384-L9400" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L9384-L9400" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "ed3a81231f93f9d2ae462481503ba37072c3800dd1379baae11737f093a27af1" score = 75 quality = 90 @@ -41521,8 +41521,8 @@ rule REVERSINGLABS_Cert_Blocklist_060D94E2Ccae84536654D9Daf39Fef1E : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L9402-L9418" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L9402-L9418" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "49000f3a3ce1ad9aef87162d7527b8f062e0aa12276b82c7335f0ccc14b7d38a" score = 75 quality = 90 @@ -41546,8 +41546,8 @@ rule REVERSINGLABS_Cert_Blocklist_0Bc9B800F480691Bd6B60963466B0C75 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L9420-L9436" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L9420-L9436" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "6a498fd30c611976e9aad2f9b85b13c3c29246582cdfefc800615db88e40dac2" score = 75 quality = 90 @@ -41571,8 +41571,8 @@ rule REVERSINGLABS_Cert_Blocklist_0C4324Ff41F0A7B16Ffcc93Dffa8Fa99 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L9438-L9454" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L9438-L9454" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "d3ce83fb0497c533a5474d46300c341677ec243686723783798bfbaec4f6e369" score = 75 quality = 90 @@ -41596,8 +41596,8 @@ rule REVERSINGLABS_Cert_Blocklist_0B980Fc8783E4F158E41829Ab21Bab81 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L9456-L9472" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L9456-L9472" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "b0f43caec1cfc5b2d1512d7fcf0bcf1e02fc81764b4376b081f38c4de328eab2" score = 75 quality = 90 @@ -41621,8 +41621,8 @@ rule REVERSINGLABS_Cert_Blocklist_D8F515715Aeffef0A0E4E37F16C254Fa : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L9474-L9492" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L9474-L9492" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "3c7d57a655f76a6e5ef6b0e770db7c91d0830b6b0b37caef5ef9e3e78ad1fd75" score = 75 quality = 90 @@ -41646,8 +41646,8 @@ rule REVERSINGLABS_Cert_Blocklist_D79739187C585E453C00Afc11D77B523 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L9494-L9512" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L9494-L9512" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "6d6db87227d7be559afa67c4f2b65b01f26741fdf337d920241a633bb036426f" score = 75 quality = 90 @@ -41671,8 +41671,8 @@ rule REVERSINGLABS_Cert_Blocklist_961Cecb0227845317549E9343A980E91 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L9514-L9532" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L9514-L9532" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "c74512e95e2d6aedecb1dbd30fac6fde40d1e9520c89b785519694d9bc9ba854" score = 75 quality = 90 @@ -41696,8 +41696,8 @@ rule REVERSINGLABS_Cert_Blocklist_1Ef6392B2993A6F67578299659467Ea8 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L9534-L9550" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L9534-L9550" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "f6b454a575ea7635d5edebffe3c9c83e95312ee33245e733987532348258733e" score = 75 quality = 90 @@ -41721,8 +41721,8 @@ rule REVERSINGLABS_Cert_Blocklist_A918455C0D4Da7Ca474F41F11A7Cf38C : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L9552-L9570" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L9552-L9570" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "ea30d85c057f9363ce29d4c024097c50a8752dd2095481181322fe5d5c92bb4b" score = 75 quality = 90 @@ -41746,8 +41746,8 @@ rule REVERSINGLABS_Cert_Blocklist_936Bc256D2057Ca9B9Ec3034C3Ed0Ee6 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L9572-L9590" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L9572-L9590" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "7e90c29bcfe4632e70b61a0cf2ab48a3de986bd5c6c730f64a363f4f3d79a3f4" score = 75 quality = 90 @@ -41771,8 +41771,8 @@ rule REVERSINGLABS_Cert_Blocklist_Afe8Fee94B41422E01E4897Bcd52D0A4 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L9592-L9610" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L9592-L9610" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "02c55b182bc9843334baed9c0a7cca2c88cd1de00ca9b47b10ec79b7a5acf9bb" score = 75 quality = 90 @@ -41796,8 +41796,8 @@ rule REVERSINGLABS_Cert_Blocklist_718E89Ddb33257Ea77Ba74Be7F2Baf1D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L9612-L9628" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L9612-L9628" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "2f0defa1e1d905d937677e96f2a0955d9737f6976596932cc093fdecfea3fdb0" score = 75 quality = 90 @@ -41821,8 +41821,8 @@ rule REVERSINGLABS_Cert_Blocklist_4D3E38F4Aebbc32257450726B29Be117 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L9630-L9646" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L9630-L9646" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "f618547942fcd9b3d1104cb5bedeecec8596fa7cc34bca838b6120085b305d73" score = 75 quality = 90 @@ -41846,8 +41846,8 @@ rule REVERSINGLABS_Cert_Blocklist_8F4C49Dae1F1Ff0Ebe9104C6F73242Bd : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L9648-L9666" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L9648-L9666" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "a8c99cc30b791a76fe3cd48184bf95ee47abb30bd200128efd2f5295ee18f7b1" score = 75 quality = 90 @@ -41871,8 +41871,8 @@ rule REVERSINGLABS_Cert_Blocklist_Ac3C05F1Cb9453De8E7110F589Fb32C0 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L9668-L9686" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L9668-L9686" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "6328fd5dbb497c69ddc9151f85754669760b709ecbff3e8f320a40a62ca0dd2c" score = 75 quality = 90 @@ -41896,8 +41896,8 @@ rule REVERSINGLABS_Cert_Blocklist_Fbb96A90B6718810311767Ca25Ab1E48 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L9688-L9706" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L9688-L9706" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "431e3364a42b272d9b71b92dee44cc185ef034a45a0b72bbda82cf7e9b29c355" score = 75 quality = 90 @@ -41921,8 +41921,8 @@ rule REVERSINGLABS_Cert_Blocklist_Cfd38423Aef875A10B16644D058297E2 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L9708-L9726" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L9708-L9726" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "a2f67cbf31c9db2891892c31a7ed4ce7eccd834bfb10ae70f58e46f8e68e7c17" score = 75 quality = 90 @@ -41946,8 +41946,8 @@ rule REVERSINGLABS_Cert_Blocklist_E6C05C5A2222Bf92818324A3A7374Ad3 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L9728-L9746" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L9728-L9746" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "bea8fea49144abc109e33a5964bb8e113aa61b4cd70c72a43183cb0840429571" score = 75 quality = 90 @@ -41971,8 +41971,8 @@ rule REVERSINGLABS_Cert_Blocklist_75Ce08Bdbad44123299Dbe9D7C1D20De : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L9748-L9764" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L9748-L9764" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "8ba66ab55f9a6755e11a7f39152aa26917271c7f6bc5ffdb42d07ad791fb47d7" score = 75 quality = 90 @@ -41996,8 +41996,8 @@ rule REVERSINGLABS_Cert_Blocklist_333705C20B56E57F60B5Eb191Eef0D90 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L9766-L9782" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L9766-L9782" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "30eeec467b837f6b1759cd0fd6a8bc2e8942f2400df170c671287f4159652479" score = 75 quality = 90 @@ -42021,8 +42021,8 @@ rule REVERSINGLABS_Cert_Blocklist_A2A0Ba281262Acce7A00119E25564386 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L9784-L9802" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L9784-L9802" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "f5e3c16f6caaf5f3152d90dc48895d0bbcdb296c368beeebb96157f03a8ded40" score = 75 quality = 90 @@ -42046,8 +42046,8 @@ rule REVERSINGLABS_Cert_Blocklist_338483Cc174C16Ebc454A3803Ffd4217 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L9804-L9820" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L9804-L9820" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "7d7dd55eaab15cf458e5e57f0e5fbebdcc9313aee05394310a5cf9d9b4def153" score = 75 quality = 90 @@ -42071,8 +42071,8 @@ rule REVERSINGLABS_Cert_Blocklist_Be89936C26Cd0D845074F6B7B47F480C : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L9822-L9840" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L9822-L9840" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "348df24620bfe6322c410cb593f5caad67492b0b5af234ee89b0411beb4b48f9" score = 75 quality = 90 @@ -42096,8 +42096,8 @@ rule REVERSINGLABS_Cert_Blocklist_0F20A5155E53Ce20Bb644F646Ed6A2Fd : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L9842-L9858" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L9842-L9858" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "70d57f2c24d4ae6f17339bfb998589a3b10f5dd4b19ac8a5bc99e082145c4ed0" score = 75 quality = 90 @@ -42121,8 +42121,8 @@ rule REVERSINGLABS_Cert_Blocklist_Ea734E1Dfb6E69Ed2Bc55E513Bf95B5E : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L9860-L9878" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L9860-L9878" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "a18d1c1e5e22c1aa041a4b2d23d2aefcbedbd3517a079d578e1a143ecadb4533" score = 75 quality = 90 @@ -42146,8 +42146,8 @@ rule REVERSINGLABS_Cert_Blocklist_Ba67B0De51Ebb9B1179804E75357Ab26 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L9880-L9898" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L9880-L9898" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "69b9012fc4ab9636d159de49ff452f054030c1157cf70a95512b2a0748dad7c0" score = 75 quality = 90 @@ -42171,8 +42171,8 @@ rule REVERSINGLABS_Cert_Blocklist_Cff2B275Ba8A1Dde83Ac7Ff858399A62 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L9900-L9918" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L9900-L9918" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "d37e1d94048339a86b8fa173d3ab753fc5e79329b73df9fda5815cd622c57745" score = 75 quality = 90 @@ -42196,8 +42196,8 @@ rule REVERSINGLABS_Cert_Blocklist_D22E026C5B5966F1Cf6Ef00A7C06682E : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L9920-L9938" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L9920-L9938" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "33a05d46b40ffdf49bfa5facca41ebdf6bedcabc1cb1f5b9bf2d043ad1c869b0" score = 75 quality = 90 @@ -42221,8 +42221,8 @@ rule REVERSINGLABS_Cert_Blocklist_3054F940C931Bad7B238A24376C6A5Cc : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L9940-L9956" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L9940-L9956" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "21c8e8f10d1e4b9eb917c86ac868de2afcd5776a9c1d59149df1d07d8c3e14b9" score = 75 quality = 90 @@ -42246,8 +42246,8 @@ rule REVERSINGLABS_Cert_Blocklist_A617E23D6Ca8F34E2F7413Cd299Fc72B : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L9958-L9976" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L9958-L9976" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "f307a0b598f0876c003aa43db50e024698b6f93931e626c085f98553c14ec2ae" score = 75 quality = 90 @@ -42271,8 +42271,8 @@ rule REVERSINGLABS_Cert_Blocklist_387Eeb89B8Bf626Bbf4C7C9F5B998B40 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L9978-L9994" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L9978-L9994" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "2377eeb5316d25752443735e78d0ad7de398a2677f5a0fd45fd6e6c87720d49b" score = 75 quality = 90 @@ -42296,8 +42296,8 @@ rule REVERSINGLABS_Cert_Blocklist_292Eb1133507F42E6F36C5549C189D5E : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L9996-L10012" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L9996-L10012" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "bc3ef217455b74900cae114d25b02325d2bef25c11873342df1dd2369cbce76a" score = 75 quality = 90 @@ -42321,8 +42321,8 @@ rule REVERSINGLABS_Cert_Blocklist_5Fbf16A33D26390A15F046C310030Cf0 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L10014-L10030" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L10014-L10030" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "24bee3563e0867ef6702e7f57bbce7075f766410650ae5ce1e2e8c7b14a3eaca" score = 75 quality = 90 @@ -42346,8 +42346,8 @@ rule REVERSINGLABS_Cert_Blocklist_0F007898Afcba5F8Af8Ae65D01803617 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L10032-L10048" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L10032-L10048" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "27610bb3bf069991803611474abf44a3bf82fc9283d0412a1c24ae46a3f5352e" score = 75 quality = 90 @@ -42371,8 +42371,8 @@ rule REVERSINGLABS_Cert_Blocklist_E55Be88Ddbd93C423220468D430905Dd : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L10050-L10068" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L10050-L10068" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "05b2f297454e7080591b85991b224193eb89fc5074eb3c2e484ceadad2de4cb7" score = 75 quality = 90 @@ -42396,8 +42396,8 @@ rule REVERSINGLABS_Cert_Blocklist_06Bcb74291D96096577Bdb1E165Dce85 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L10070-L10086" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L10070-L10086" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "00b7ff8f3cbc04c48c71433c384d7a7884b856f261850e33ea4413a12cf5a1b5" score = 75 quality = 90 @@ -42421,8 +42421,8 @@ rule REVERSINGLABS_Cert_Blocklist_C8442A8185082Ef1Ed7Dc3Fff2176Aa7 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L10088-L10106" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L10088-L10106" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "74b1b48f0179187ea7bb8ef4663bf13da47f5c6405ecc5589706184564c05727" score = 75 quality = 90 @@ -42446,8 +42446,8 @@ rule REVERSINGLABS_Cert_Blocklist_0406C4A1521A38C8D0C4Aa214388E4Dc : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L10108-L10124" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L10108-L10124" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "f6780751ae553771eb57201a8672847a24512e6279b6a4fd843d8ee2f326860a" score = 75 quality = 90 @@ -42471,8 +42471,8 @@ rule REVERSINGLABS_Cert_Blocklist_12705Fb66Bc22C68372A1C4E5Fa662E2 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L10126-L10142" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L10126-L10142" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "f10316a26e2d34400b7c2e403eab18ab6c1cc94b35f0ac8a3f490d101d29dc8d" score = 75 quality = 90 @@ -42496,8 +42496,8 @@ rule REVERSINGLABS_Cert_Blocklist_3B0914E2982Be8980Aa23F49848555E5 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L10144-L10160" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L10144-L10160" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "ea7d9fa7817751fef775765b54be5dd4d00c15ca50ac10fb40fb46cc3634c7b0" score = 75 quality = 90 @@ -42521,8 +42521,8 @@ rule REVERSINGLABS_Cert_Blocklist_029Bf7E1Cb09Fe277564Bd27C267De5A : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L10162-L10178" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L10162-L10178" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "3f64372d11d61c669580d90cdf2201e7f2904fb3d73d27be2ff1559c9c37614a" score = 75 quality = 90 @@ -42546,8 +42546,8 @@ rule REVERSINGLABS_Cert_Blocklist_D3Aee8Abb9948844A3Ac1C04Cc7E6Bdf : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L10180-L10198" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L10180-L10198" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "3f3f1d5c871d2b73627d4281ac5bcd08799fb47f94155e82795d97c87de35e40" score = 75 quality = 90 @@ -42571,8 +42571,8 @@ rule REVERSINGLABS_Cert_Blocklist_734819463C1195Bd6E135Ce4D5Bf49Bc : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L10200-L10216" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L10200-L10216" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "a63c05cca23b61ba6eabda2b60c617b966a2669fd3a0da30354792e5c1ae2140" score = 75 quality = 90 @@ -42596,8 +42596,8 @@ rule REVERSINGLABS_Cert_Blocklist_Db95B22362D46A73C39E0Ac924883C5B : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L10218-L10236" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L10218-L10236" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "895983bcb7f3a0c5ce54504f4a2ff8d652137434b8951380d756de6556d0844e" score = 75 quality = 90 @@ -42621,8 +42621,8 @@ rule REVERSINGLABS_Cert_Blocklist_0C48732873Ac8Ccebaf8F0E1E8329Cec : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L10238-L10254" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L10238-L10254" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "7c9476a4119e013c8bb3c14b607090d592feaa5f2fc0f78d810555681d4a3733" score = 75 quality = 90 @@ -42646,8 +42646,8 @@ rule REVERSINGLABS_Cert_Blocklist_C51F4Cf4D82Bc920421E1Ad93E39D490 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L10256-L10274" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L10256-L10274" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "cef717e7fe3eb0fb958d405caaf98fa51b22b150ccbf1286d3b4634e9df81ade" score = 75 quality = 90 @@ -42671,8 +42671,8 @@ rule REVERSINGLABS_Cert_Blocklist_C96086F1894E6420D2B4Bdeea834C4D7 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L10276-L10294" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L10276-L10294" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "949bbd41ad4c83a05c1f004786cd296e2af80a3a559955ec90a4675cdfa04258" score = 75 quality = 90 @@ -42696,8 +42696,8 @@ rule REVERSINGLABS_Cert_Blocklist_06Fa27A121Cc82230C3013Ee634B6C62 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L10296-L10312" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L10296-L10312" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "23ac7a97e7632536ed27cf9078b6bc1a734f1e991a20a228734b45117582f367" score = 75 quality = 90 @@ -42721,8 +42721,8 @@ rule REVERSINGLABS_Cert_Blocklist_9Dd3B2F7957Ba99F4B04Fcdbe03B7Aac : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L10314-L10332" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L10314-L10332" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "d4f1b75dddd47fe8a19bd8e794b4930bdcaf54d63db57422db0a9b631d4f488d" score = 75 quality = 90 @@ -42746,8 +42746,8 @@ rule REVERSINGLABS_Cert_Blocklist_061051Ff2A8Afab10347A6F1Ff08Ecb6 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L10334-L10350" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L10334-L10350" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "db3ac3ee326c60e9abc94a2fb53d801637f044e7ab72d69e53958799e48747b7" score = 75 quality = 90 @@ -42771,8 +42771,8 @@ rule REVERSINGLABS_Cert_Blocklist_Eda2429083Bfafb04E6E7Bdda1B08834 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L10352-L10370" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L10352-L10370" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "4f7d5c6929fe364c8868fddb28dd7bbf7cdcf3896d57836466af1a538190d11c" score = 75 quality = 90 @@ -42796,8 +42796,8 @@ rule REVERSINGLABS_Cert_Blocklist_0A590154B5980E566314122987Dea548 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L10372-L10388" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L10372-L10388" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "d5fdf2bc61fadf3e73bcf1695c48ebc465e614cdd2310f9e5f40648d9615afc4" score = 75 quality = 90 @@ -42821,8 +42821,8 @@ rule REVERSINGLABS_Cert_Blocklist_69A72F5591Ad78A0825Fbb9402Ab9543 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L10390-L10406" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L10390-L10406" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "72ca07b7722f9506c5c42b5e58c5ce9b3a7d607164a5f265015769f2831cd588" score = 75 quality = 90 @@ -42846,8 +42846,8 @@ rule REVERSINGLABS_Cert_Blocklist_0883Db137021B51F3A2A08A76A4Bc066 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L10408-L10424" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L10408-L10424" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "5e3c8654169830790665992f5d7669d0ca6c1c8048580b3ae70331ad2a763a6c" score = 75 quality = 90 @@ -42871,8 +42871,8 @@ rule REVERSINGLABS_Cert_Blocklist_2B921Aaaba777B5A99507196C6F1C46C : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L10426-L10442" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L10426-L10442" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "a00eb9837f7700d83862dff2077d85c68c24621d7aacf857b42587dc37976465" score = 75 quality = 90 @@ -42896,8 +42896,8 @@ rule REVERSINGLABS_Cert_Blocklist_0332D5C942869Bdcabf5A8266197Cd14 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L10444-L10460" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L10444-L10460" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "726ac44dd8109fcd0a9120f6c0673b8ecf7d5b3a4bb81976f48402e21502201a" score = 75 quality = 90 @@ -42921,8 +42921,8 @@ rule REVERSINGLABS_Cert_Blocklist_4679C5398A279318365Fd77A84445699 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L10462-L10478" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L10462-L10478" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "bdb68be92b3ba6b5eaa6e8e963529c0b9213942ba2552c687496ad5d12d5b472" score = 75 quality = 90 @@ -42946,8 +42946,8 @@ rule REVERSINGLABS_Cert_Blocklist_101D6A5A29D9A77807553Ceac669D853 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L10480-L10496" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L10480-L10496" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "bce92750f71477ecfa7b8213724344708066c0e6133a47cd6758bbd9f8f9da5f" score = 75 quality = 90 @@ -42971,8 +42971,8 @@ rule REVERSINGLABS_Cert_Blocklist_6000F8C02B0A15B1E53B8399845Faddf : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L10498-L10514" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L10498-L10514" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "00ceb241555154cab97ef616042dbd966f3a8fae257e142dfe6bad9559bd1724" score = 75 quality = 90 @@ -42996,8 +42996,8 @@ rule REVERSINGLABS_Cert_Blocklist_121070Be1E782F206985543Bc7Bc58B6 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L10516-L10532" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L10516-L10532" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "a5d603cf64c8a16fa12daf9c6b5d0850e6145fb39b38442ed724ec0f849b8be9" score = 75 quality = 90 @@ -43021,8 +43021,8 @@ rule REVERSINGLABS_Cert_Blocklist_5226A724Cfa0B4Bc0164Ecda3F02A3Dc : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L10534-L10550" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L10534-L10550" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "0ba1155b30761f48674aaa82a70a06fea30cced6518f089f3f9f173a4eb06a09" score = 75 quality = 90 @@ -43046,8 +43046,8 @@ rule REVERSINGLABS_Cert_Blocklist_0A7Be7722B65A866Ebcd3Bd7F8F10825 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L10552-L10568" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L10552-L10568" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "c4aa22241ef72d454db4ec0fb0933abfa7b1d8d1029b45410475832cda4a2af4" score = 75 quality = 90 @@ -43071,8 +43071,8 @@ rule REVERSINGLABS_Cert_Blocklist_05634456Dbedb3556Ca8415E64815C5D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L10570-L10586" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L10570-L10586" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "f5941c74821c0cd76633393d0346a9de2c7bccc666dc20b34c5b4d733faefc8f" score = 75 quality = 90 @@ -43096,8 +43096,8 @@ rule REVERSINGLABS_Cert_Blocklist_2E07A8D6E3B25Ae010C8Ed2C4Ab0Fb37 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L10588-L10604" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L10588-L10604" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "bad2144c9cde02a75fa968e3c24178f3ba73b0addb2b4967f24733b933e0eeb6" score = 75 quality = 90 @@ -43121,8 +43121,8 @@ rule REVERSINGLABS_Cert_Blocklist_30B4Eeebd88Fd205Acc8577Bbaed8655 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L10606-L10622" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L10606-L10622" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "673ec5a1cacb9a7be101a4a533baf5a1eab4e6dd8721c69e56636701c5303c72" score = 75 quality = 90 @@ -43146,8 +43146,8 @@ rule REVERSINGLABS_Cert_Blocklist_B3391A6C1B3C6836533959E2384Ab4Ca : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L10624-L10642" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L10624-L10642" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "38e38acfbfbf63b7179d2f8656f70224afa9269a7bdecd10ccbbbd92a6a216d3" score = 75 quality = 90 @@ -43171,8 +43171,8 @@ rule REVERSINGLABS_Cert_Blocklist_05D50A0E09Bb9A836Ffb90A3 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L10644-L10660" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L10644-L10660" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "1bd1960cd6dd8bf83472dc2b1809b84ceb3db68a5e6c3ba68f28ad922230b2ed" score = 75 quality = 90 @@ -43196,8 +43196,8 @@ rule REVERSINGLABS_Cert_Blocklist_0A2787Fbb4627C91611573E323584113 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L10662-L10678" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L10662-L10678" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "efa352beafb56b95a89554bc8929f8e01a4da46eef1f6cf8a1487a2a06bc1b3e" score = 75 quality = 90 @@ -43221,8 +43221,8 @@ rule REVERSINGLABS_Cert_Blocklist_1D36C4F439D651503589318F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L10680-L10696" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L10680-L10696" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "73dc3c01041d50100a8d5519afe1a80f470c30175f9ad1bf76ac287ac199a959" score = 75 quality = 90 @@ -43246,8 +43246,8 @@ rule REVERSINGLABS_Cert_Blocklist_26F855A25890B749578F13E4B9459768 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L10698-L10714" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L10698-L10714" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "35bfa39ef8f03d10af884f288278ea6ad3aff31cbae111057c2b619c6dc0a752" score = 75 quality = 90 @@ -43271,8 +43271,8 @@ rule REVERSINGLABS_Cert_Blocklist_0F1Ae2239Bb96C5Aef49D0Ae50266912 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L10716-L10732" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L10716-L10732" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "4f88df4fc2f4cd89aa177ce09caab3e2660267ae883f7ab54c22a9ba1657bad0" score = 75 quality = 90 @@ -43296,8 +43296,8 @@ rule REVERSINGLABS_Cert_Blocklist_1Deea179F5757Fe529043577762419Df : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L10734-L10750" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L10734-L10750" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "67c3d3496caf54ca0b1afc4d1dcc902e2f3632ac6708f85e163d427b567d098f" score = 75 quality = 90 @@ -43321,8 +43321,8 @@ rule REVERSINGLABS_Cert_Blocklist_5B1F9Ec88D185631Ab032Dbfd5166C0D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L10752-L10768" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L10752-L10768" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "dec9d43c6911deb5f35c45692bfd6ef47f85d955f5e59041e58a1f0d2fc306e3" score = 75 quality = 90 @@ -43346,8 +43346,8 @@ rule REVERSINGLABS_Cert_Blocklist_58Af00Ce542760Fc116B41Fa92E18589 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L10770-L10786" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L10770-L10786" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "0ff773d252e5e0402171ae15d7ab43bcfd313eb8c326ed5f128a89ec43386a52" score = 75 quality = 90 @@ -43371,8 +43371,8 @@ rule REVERSINGLABS_Cert_Blocklist_25Ba18A267D6D8E08Ebc6E2457D58D1E : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L10788-L10804" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L10788-L10804" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "174fe170c26a8197486e7b390d9fce4da61fb68ee5dc9486d43dbeb3cf659c3a" score = 75 quality = 90 @@ -43396,8 +43396,8 @@ rule REVERSINGLABS_Cert_Blocklist_12Df5Ff3460979Cec1288D874A9Fbf83 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L10806-L10822" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L10806-L10822" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "3d4b5e56962d04bc35451eeab4c1870c8653c9afcbb28dc6bad7cfb1711e9df1" score = 75 quality = 90 @@ -43421,8 +43421,8 @@ rule REVERSINGLABS_Cert_Blocklist_Df2547B2Cab5689A81D61De80Eaaa3A2 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L10824-L10842" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L10824-L10842" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "cde89ae5b77ff6833fe642bdd74e81763ef068e31c07e7881906e4e4a5939942" score = 75 quality = 90 @@ -43446,8 +43446,8 @@ rule REVERSINGLABS_Cert_Blocklist_28B691272719B1Ee : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L10844-L10860" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L10844-L10860" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "0bd973f415b7cfa0858c705c4486da9f181c7259af01d1cff486fb6b8e8e775b" score = 75 quality = 90 @@ -43471,8 +43471,8 @@ rule REVERSINGLABS_Cert_Blocklist_1C897216E58E83Cbe74Ad03284E1Fb82 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L10862-L10878" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L10862-L10878" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "6b3b2708d3a442fa6425e60ae900c94fc22fbfdb47f290ff56e9d349d99fd85f" score = 75 quality = 90 @@ -43496,8 +43496,8 @@ rule REVERSINGLABS_Cert_Blocklist_5A364C4957D93406F76321C2316F42F0 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L10880-L10896" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L10880-L10896" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "fe3a2b906debb3f03e6a403829fca02c751754e9a02442a962c66defb84aed83" score = 75 quality = 90 @@ -43521,8 +43521,8 @@ rule REVERSINGLABS_Cert_Blocklist_E7E7F7180666546Ce7A8Da32119F5Ce1 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L10898-L10916" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L10898-L10916" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "940f6508208998593f309ffeeeda20ab475d427c952a14871b6e58e17d2a4c85" score = 75 quality = 90 @@ -43546,8 +43546,8 @@ rule REVERSINGLABS_Cert_Blocklist_062B2827500C5Df35A83F661B3Af5Dd3 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L10918-L10934" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L10918-L10934" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "4edc263b08b21428b5f2f4f14f9582c0f96f79cb49fbba563c103bf8bb2037a6" score = 75 quality = 90 @@ -43571,8 +43571,8 @@ rule REVERSINGLABS_Cert_Blocklist_7Bf27695Fd20B588F2B2F173B6Caf2Ba : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L10936-L10952" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L10936-L10952" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "94d8739761b6a8ee91550be47432b046609b076aab6e57996de123a0fcaba73e" score = 75 quality = 90 @@ -43596,8 +43596,8 @@ rule REVERSINGLABS_Cert_Blocklist_1B248C8508042D36Bbd5D92D189C61D8 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L10954-L10970" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L10954-L10970" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "2c063d0878a8bf6cd637e1dac2cb9164beb52c951e01858a7c3c9c4c1a853f54" score = 75 quality = 90 @@ -43621,8 +43621,8 @@ rule REVERSINGLABS_Cert_Blocklist_032660Ee1D49Ad35086027473E2614E5E724 : INFO FI date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L10972-L10988" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L10972-L10988" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "8d1435d2fa70db12cde2f9098e35ca1737f5aac36bac91329b28f03aad090e90" score = 75 quality = 90 @@ -43646,8 +43646,8 @@ rule REVERSINGLABS_Cert_Blocklist_043052956E1E6Dbd5F6Ae3D8B82Cad2A2Ed8 : INFO FI date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L10990-L11006" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L10990-L11006" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "c29fb109c741437a3739f1c42aadace8f612ef1e3ea90e3e2bdd8a92c85e766a" score = 75 quality = 90 @@ -43671,8 +43671,8 @@ rule REVERSINGLABS_Cert_Blocklist_Dbc03Ca7E6Ae6Db6 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L11008-L11026" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L11008-L11026" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "0077b9c46ddd98a4929878ba4ba9476ed7fb1d7bf6e30c3ae0f950445d01e8f3" score = 75 quality = 90 @@ -43696,8 +43696,8 @@ rule REVERSINGLABS_Cert_Blocklist_7D27332C3Cb3A382A4Fd232C5C66A2 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L11028-L11044" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L11028-L11044" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "c1c50015db7f97b530819b40e2578463a6021bfff8e2582858a4c3fbd1a9b9bc" score = 75 quality = 90 @@ -43721,8 +43721,8 @@ rule REVERSINGLABS_Cert_Blocklist_82D224323Efa65060B641F51Fadfef02 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L11046-L11064" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L11046-L11064" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "9d361c91ed24b6c20a7b35957e26f208ce8e0a3d79c5a6fed6278acd826ccf49" score = 75 quality = 90 @@ -43746,8 +43746,8 @@ rule REVERSINGLABS_Cert_Blocklist_890570B6B0E2868A53Be3F8F904A88Ee : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L11066-L11084" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L11066-L11084" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "fb7af8ec09da2fecaaaed8c7770966f11ef8a44a131553a9d1412387db2fb7ea" score = 75 quality = 90 @@ -43771,8 +43771,8 @@ rule REVERSINGLABS_Cert_Blocklist_2642Fe865F7566Ce3123A5142C207094 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L11086-L11102" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L11086-L11102" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "1ad4adf8b05a6cc065d289e6963480d37a92712a318744a30a16aad22380f238" score = 75 quality = 90 @@ -43796,8 +43796,8 @@ rule REVERSINGLABS_Cert_Blocklist_4A2E337Fff23E5B2A1321Ffde56D1759 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L11104-L11120" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L11104-L11120" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "bc2df95ddf1ef3d5f83d14852e1cf6cbf4b71bfbe88fc97c2a4553e8581ddf47" score = 75 quality = 90 @@ -43821,8 +43821,8 @@ rule REVERSINGLABS_Cert_Blocklist_92D9B92F8Cf7A1Ba8B2C025Be730C300 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L11122-L11140" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L11122-L11140" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "2a0be6157e589705ad19756971bd865edad2d54760d03c2e6f47a461b402ad68" score = 75 quality = 90 @@ -43846,8 +43846,8 @@ rule REVERSINGLABS_Cert_Blocklist_B8164F7143E1A313003Ab0C834562F1F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L11142-L11160" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L11142-L11160" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "a42fec2e0e8d37948420f16907f39c3d502c535be98024d04a777dfbc633004d" score = 75 quality = 90 @@ -43871,8 +43871,8 @@ rule REVERSINGLABS_Cert_Blocklist_24E4A2B3Db6Be1007B9Ddc91995Bc0C8 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L11162-L11178" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L11162-L11178" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "861691ce7bae4366f3b35d01c84bb0031b54653869f52eaccf20808b1b55d2af" score = 75 quality = 90 @@ -43896,8 +43896,8 @@ rule REVERSINGLABS_Cert_Blocklist_881573Fc67Ff7395Dde5Bccfbce5B088 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L11180-L11198" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L11180-L11198" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "ce489a4a2f07181d6fbf295f426deeaf51310e061bac2e56d65b37eeb397ff9a" score = 75 quality = 90 @@ -43921,8 +43921,8 @@ rule REVERSINGLABS_Cert_Blocklist_53E1F226Cb77574F8Fbeb5682Da091Bb : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L11200-L11216" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L11200-L11216" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "591846225d5faf3ee8f3102acaad066f0187219044077bbdaf32345613b00965" score = 75 quality = 90 @@ -43946,8 +43946,8 @@ rule REVERSINGLABS_Cert_Blocklist_0772B4D1D63233D2B8771997Bc8Da5C4 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L11218-L11234" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L11218-L11234" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "30586a643b29f3c943b3f35bb1639c5b9fa48ecbd776775086e35af502aa4a7a" score = 75 quality = 90 @@ -43971,8 +43971,8 @@ rule REVERSINGLABS_Cert_Blocklist_02B6656292310B84022Db5541Bc48Faf : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L11236-L11252" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L11236-L11252" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "40b570b28e10ebd2a1ba515dc3fa45bdb5c0b76044e4dda7a6819976072a67a2" score = 75 quality = 90 @@ -43996,8 +43996,8 @@ rule REVERSINGLABS_Cert_Blocklist_64C2505C7306639Fc8Eae544B0305338 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L11254-L11270" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L11254-L11270" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "9b6fb002d603135391958668be0ef805e441928a035c9c4da4bb9915aa3086e8" score = 75 quality = 90 @@ -44021,8 +44021,8 @@ rule REVERSINGLABS_Cert_Blocklist_2F96A89Bfec6E44Dd224E8Fd7E72D9Bb : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L11272-L11288" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L11272-L11288" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "c0c8e5c0e2e120ee6b055e9a6b2af3d424bed0832c2619beab658fe01757f69f" score = 75 quality = 90 @@ -44046,8 +44046,8 @@ rule REVERSINGLABS_Cert_Blocklist_B649A966410F62999C939384Af553919 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L11290-L11308" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L11290-L11308" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "623a2f931198eacf44fd233065e96a4dcadb5b3bbc7ca56df2b6ae9eafc4faa5" score = 75 quality = 90 @@ -44071,8 +44071,8 @@ rule REVERSINGLABS_Cert_Blocklist_45245Eef53Fcf38169C715Cf68F44452 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L11310-L11326" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L11310-L11326" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "7e0c3147e657802e457f6df271b7f5a64c81fd13f936a8935aa991022e4ab238" score = 75 quality = 90 @@ -44096,8 +44096,8 @@ rule REVERSINGLABS_Cert_Blocklist_1895433Ee9E2Bd48619D75132262616F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L11328-L11344" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L11328-L11344" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "f00a29ff5dddae40225ab62cb2d4b9dec1539ad58c8cd27d686480eecdb3e31d" score = 75 quality = 90 @@ -44121,8 +44121,8 @@ rule REVERSINGLABS_Cert_Blocklist_1Ffc9825644Caf5B1F521780C5C7F42C : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L11346-L11362" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L11346-L11362" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "1a9263c809f5633d01d4d4d0091c8dc214bad73af0eff3c9a94b33bca513f26d" score = 75 quality = 90 @@ -44146,8 +44146,8 @@ rule REVERSINGLABS_Cert_Blocklist_8D52Fb12A2511E86Bbb0Ba75C517Eab0 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L11364-L11382" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L11364-L11382" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "023830ab3d71ed8ecf8f0e271c56dc267dcd000f5ff156c70d31089cd7010da8" score = 75 quality = 90 @@ -44171,8 +44171,8 @@ rule REVERSINGLABS_Cert_Blocklist_332Bd5801E8415585E72C87E0E2Ec71D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L11384-L11400" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L11384-L11400" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "3648c3a8dbcdbd24746b9fa8cb3071d5f5019e5917848d88437158c6cb165445" score = 75 quality = 90 @@ -44196,8 +44196,8 @@ rule REVERSINGLABS_Cert_Blocklist_E3B80C0932B52A708477939B0D32186F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L11402-L11420" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L11402-L11420" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "acdfce4dc25cbc9e9817453d5cf56c7d319bebdf7a039ea47412ec3b2f68cb02" score = 75 quality = 90 @@ -44221,8 +44221,8 @@ rule REVERSINGLABS_Cert_Blocklist_C79F817F082986Bef3209F6723C8Da97 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L11422-L11440" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L11422-L11440" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "a5960f4c2ed768ccc5779d3754f51463c7b14a3a887c690944add23fba464f1a" score = 75 quality = 90 @@ -44246,8 +44246,8 @@ rule REVERSINGLABS_Cert_Blocklist_1E5Efa53A14599Cc82F56F0790E20B17 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L11442-L11458" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L11442-L11458" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "78cbfeb5d7b58029a5b4107f2a59e892ff9d71788cf74e88ac823cb85ba35a94" score = 75 quality = 90 @@ -44271,8 +44271,8 @@ rule REVERSINGLABS_Cert_Blocklist_0Cf2D0B5Bfdd68Cf777A0C12F806A569 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L11460-L11476" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L11460-L11476" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "4d8fd52cd12f9512c0b148f9915860152f108884d29617a5fbfd62500d3a14c4" score = 75 quality = 90 @@ -44296,8 +44296,8 @@ rule REVERSINGLABS_Cert_Blocklist_F675139Ea68B897A865A98F8E4611F00 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L11478-L11496" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L11478-L11496" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "2306e90d376f5de8a4eb6d4a696bc1781686d7094cb0a2db48019ee93c1bf60a" score = 75 quality = 90 @@ -44321,8 +44321,8 @@ rule REVERSINGLABS_Cert_Blocklist_4728189Fa0F57793484Cdf764F5E283D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L11498-L11514" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L11498-L11514" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "9ec7e84c77583bd52ccfb8d6d5831f3634ed0a401d8103376c4775b7f2c43d81" score = 75 quality = 90 @@ -44346,8 +44346,8 @@ rule REVERSINGLABS_Cert_Blocklist_9Bd81A9Adaf71F1Ff081C1F4A05D7Fd7 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L11516-L11534" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L11516-L11534" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "e275a1fd2eb931030fa8b5fc11cd1b335835aaa553a42455053cb93fef5e6e72" score = 75 quality = 90 @@ -44371,8 +44371,8 @@ rule REVERSINGLABS_Cert_Blocklist_C81319D20C6F1F1Aec3398522189D90C : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L11536-L11554" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L11536-L11554" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "2a9f13f5e79a12f7e9d9d4a0dcaac065e1fc5167c67bc9f3fd7ba1c374b26d96" score = 75 quality = 90 @@ -44396,8 +44396,8 @@ rule REVERSINGLABS_Cert_Blocklist_C318D876768258A696Ab9Dd825E27Acd : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L11556-L11574" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L11556-L11574" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "691b57929c93d14f8700e0e61170b9248499fd36b80aec90f2054c32d6a3a9eb" score = 75 quality = 90 @@ -44421,8 +44421,8 @@ rule REVERSINGLABS_Cert_Blocklist_06Df5C318759D6Ea9D090Bfb2Faf1D94 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L11576-L11592" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L11576-L11592" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "5f151ee5781a15cca4394fdd8200162eae47e9d088a0b1551c9ed22ce11473a2" score = 75 quality = 90 @@ -44446,8 +44446,8 @@ rule REVERSINGLABS_Cert_Blocklist_02De1Cc6C487954592F1Bf574Ca2B000 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L11594-L11610" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L11594-L11610" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "40b78005d343684d08bb93e92c51eee10e674e8deb9eec290bc9ffe3b23061b1" score = 75 quality = 90 @@ -44471,8 +44471,8 @@ rule REVERSINGLABS_Cert_Blocklist_A32B8B4F1Be43C23Eb2848Ab4Ef06Bb2 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L11612-L11630" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L11612-L11630" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "dd7d44349baaf4a2e2f61b38cef31f288110bb03944fd4593f52a0ab03b9d172" score = 75 quality = 90 @@ -44496,8 +44496,8 @@ rule REVERSINGLABS_Cert_Blocklist_626735Ed30E50E3E0553986D806Bfc54 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L11632-L11648" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L11632-L11648" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "0a2acf8528a12fd05cf58c2ed5224f7472d14251b342ce4df6d9c10c6a6decfc" score = 75 quality = 90 @@ -44521,8 +44521,8 @@ rule REVERSINGLABS_Cert_Blocklist_34D42E871Ddb1C92Fa20B55B384E1259 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L11650-L11666" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L11650-L11666" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "8af5f4abe6425713b7c1fd17deaa78b2cfd6ef73ad960bce883e95661c2dbb56" score = 75 quality = 90 @@ -44546,8 +44546,8 @@ rule REVERSINGLABS_Cert_Blocklist_08D4Dc90047B8470Ccaf3924Dfbd8B5F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L11668-L11684" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L11668-L11684" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "569db2f6d6f4da9985c57812a03f91bce88f2150b17659249e0f746a0d15150b" score = 75 quality = 90 @@ -44571,8 +44571,8 @@ rule REVERSINGLABS_Cert_Blocklist_C2Fc83D458E653837Fcfc132C9B03062 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L11686-L11704" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L11686-L11704" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "836cec8d8396680dd64f95d4dd41f7f5876cb4268d983238a01d2e0990cce74a" score = 75 quality = 90 @@ -44596,8 +44596,8 @@ rule REVERSINGLABS_Cert_Blocklist_54C793D2224Bdd6Ca527Bb2B7B9Dfe9D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L11706-L11722" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L11706-L11722" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "81c9c1d841d4aae3de229cc499ee84920d89928590a3eb157f7a7a7fbc46b4a8" score = 75 quality = 90 @@ -44621,8 +44621,8 @@ rule REVERSINGLABS_Cert_Blocklist_8Cece6Df54Cf6Ad63596546D77Ba3581 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L11724-L11742" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L11724-L11742" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "d6b5bca36ef492ce9b79be905c86c66d43ef38701dafeed977229034119bd00d" score = 75 quality = 90 @@ -44646,8 +44646,8 @@ rule REVERSINGLABS_Cert_Blocklist_984E84Cfe362E278F558E2C70Aaafac2 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L11744-L11762" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L11744-L11762" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "e7a8f3dff77121df53d5f932f861e15208b0607ba77712f40927bc14b17a53cd" score = 75 quality = 90 @@ -44671,8 +44671,8 @@ rule REVERSINGLABS_Cert_Blocklist_Ff52Eb011Bb748Fee75153Cbe1E50Dd6 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L11764-L11782" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L11764-L11782" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "8c80ed4e4f77df34ff9fcc712deda4c1bbedc588f2b01d02aa705e368fb98c5e" score = 75 quality = 90 @@ -44696,8 +44696,8 @@ rule REVERSINGLABS_Cert_Blocklist_84A4A0D0657E217B176B455E2465Aee0 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L11784-L11802" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L11784-L11802" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "92f6e90bd21182bece68ac1651105f96a18c5b1497d30e0040a978e349341bdb" score = 75 quality = 90 @@ -44721,8 +44721,8 @@ rule REVERSINGLABS_Cert_Blocklist_B8F726508Cf1D7B7913Bf4Bbd1E5C19C : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L11804-L11822" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L11804-L11822" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "ec05c7e41e309aff00ae819c63f5bdc8e4172c611779da345efd211e48c9efb1" score = 75 quality = 90 @@ -44746,8 +44746,8 @@ rule REVERSINGLABS_Cert_Blocklist_6A241Ffe96A6349Df608D22C02942268 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L11824-L11840" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L11824-L11840" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "79db8be7ca3ed80eb1e3a9401e8fec2b83da8b95b16789ed0b59bb7f4639a94d" score = 75 quality = 90 @@ -44771,8 +44771,8 @@ rule REVERSINGLABS_Cert_Blocklist_Aa1D84779792B57F91Fe7A4Bde041942 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L11842-L11860" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L11842-L11860" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "682af8c799acaca531724c5b3184b855e64ec4531fcc333a485ba2f63331cdae" score = 75 quality = 90 @@ -44796,8 +44796,8 @@ rule REVERSINGLABS_Cert_Blocklist_3C98B6872Fbb1F4Ae37A4Caa749D24C2 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L11862-L11878" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L11862-L11878" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "c534ad306f85e12eca2336e998120deb4ba8d0d63b8331986ec7fe4ac69ba65a" score = 75 quality = 90 @@ -44821,8 +44821,8 @@ rule REVERSINGLABS_Cert_Blocklist_E4E795Fd1Fd25595B869Ce22Aa7Dc49F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L11880-L11898" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L11880-L11898" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "ced47bd69b58de9e6b2aa7518ccceca088884acb79c0803c3defe6b115a0abb6" score = 75 quality = 90 @@ -44846,8 +44846,8 @@ rule REVERSINGLABS_Cert_Blocklist_E953Ada7E8F1438E5F7680Ff599Ae43E : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L11900-L11918" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L11900-L11918" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "7cb7d77abefd35f0756c5aa0983f7403cca4cbacd94dcc6b510c929bc96c8309" score = 75 quality = 90 @@ -44871,8 +44871,8 @@ rule REVERSINGLABS_Cert_Blocklist_28C57Df09Ce7Cc3Fde2243Beb4D00101 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L11920-L11936" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L11920-L11936" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "84402dc0a58fca36424d8d6d13c60b80342bb3792f4e32e23878530264358726" score = 75 quality = 90 @@ -44896,8 +44896,8 @@ rule REVERSINGLABS_Cert_Blocklist_2D8Cfcf04209Dc7F771D8D18E462C35A : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L11938-L11954" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L11938-L11954" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "2b784e46268d78046365400ef914d7ca673503c93962d0b0740ca2ac9faf7857" score = 75 quality = 90 @@ -44921,8 +44921,8 @@ rule REVERSINGLABS_Cert_Blocklist_016836311Fc39Fbb8E6F308Bb03Cc2B3 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L11956-L11972" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L11956-L11972" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "c5f6372a207d02283840e745619e93194d954eedff7bae34aadcb645b1cb78fc" score = 75 quality = 90 @@ -44946,8 +44946,8 @@ rule REVERSINGLABS_Cert_Blocklist_435Abf46053A0A445C54217A8C233A7F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L11974-L11990" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L11974-L11990" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "839f55e8fe7a86aad406e657fdef48925543b5d3884927104fd3786444a8fccc" score = 75 quality = 90 @@ -44971,8 +44971,8 @@ rule REVERSINGLABS_Cert_Blocklist_B2F9C693A2E6634565F63C79B01Dd8F8 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L11992-L12010" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L11992-L12010" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "f5ec67c082be21a2495ef90fd0a6d4fc4b1379c4903dcc051d39cf1913d5cf20" score = 75 quality = 90 @@ -44996,8 +44996,8 @@ rule REVERSINGLABS_Cert_Blocklist_54A6D33F73129E0Ef059Ccf51Be0C35E : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L12012-L12028" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L12012-L12028" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "6fbed9c8537ea2baeb58044a934fc9741730b8a3ae4d059c23b033973d7ff7d3" score = 75 quality = 90 @@ -45021,8 +45021,8 @@ rule REVERSINGLABS_Cert_Blocklist_142Aac4217E22B525C8587589773Ba9B : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L12030-L12046" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L12030-L12046" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "f169925c27f5e0f8d5f658b83d1b9fa4548c4443b16bd4d7f87aa2b8e44bf06b" score = 75 quality = 90 @@ -45046,8 +45046,8 @@ rule REVERSINGLABS_Cert_Blocklist_239664C12Baeb5A6D787912888051392 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L12048-L12064" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L12048-L12064" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "ab2c228088a4c11b3a0f1a5f0acf181cc31e548781cb3f1205475bfbe39c7236" score = 75 quality = 90 @@ -45071,8 +45071,8 @@ rule REVERSINGLABS_Cert_Blocklist_0218Ebfd5A9Bfd55D2F661F0D18D1D71 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L12066-L12082" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L12066-L12082" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "4aabe3beab0055b6ef8f6114c5236940f5693b44e94efd14132b450bb9232c03" score = 75 quality = 90 @@ -45096,8 +45096,8 @@ rule REVERSINGLABS_Cert_Blocklist_35590Ebe4A02Dc23317D8Ce47A947A9B : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L12084-L12100" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L12084-L12100" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "2d4bc88943cdc8af00effab745e64e60ef662c668a0b2193c256d11831ef1554" score = 75 quality = 90 @@ -45121,8 +45121,8 @@ rule REVERSINGLABS_Cert_Blocklist_Aa07D4F2857119Cee514A0Bd412F8201 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L12102-L12120" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L12102-L12120" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "fbbea89f2070b2a527bba6199022fbffd269e664b000988a59adf4ca0d4a9f22" score = 75 quality = 90 @@ -45146,8 +45146,8 @@ rule REVERSINGLABS_Cert_Blocklist_40F5660A90301E7A8A8C3B42 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L12122-L12138" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L12122-L12138" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "3573d1d5f11df106f1f6f44f8b0164992f2a50707c6df7b08b05ed9ea7d9173b" score = 75 quality = 90 @@ -45171,8 +45171,8 @@ rule REVERSINGLABS_Cert_Blocklist_0400C7614F86D75Fe4Ee3F6192B6Feda : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L12140-L12156" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L12140-L12156" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "47735267e9a0fb8107f6c4008bacc8aada1705f6714a0447dacc3928fc20cad6" score = 75 quality = 90 @@ -45196,8 +45196,8 @@ rule REVERSINGLABS_Cert_Blocklist_E573D9C8B403C41Bd59Ffa0A8Efd4168 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L12158-L12176" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L12158-L12176" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "425126b90fe2ab7c1ec7bf2fd5a91e4438a81992f20f99ed87ec62e7f20043cd" score = 75 quality = 90 @@ -45221,8 +45221,8 @@ rule REVERSINGLABS_Cert_Blocklist_B06Bc166Fc765Dacd2F7448C8Cdd9205 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L12178-L12196" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L12178-L12196" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "2c47166f02c7f94bb4f82296e3220ff7ca3c6c53566d855b2fe77cb842a5fb43" score = 75 quality = 90 @@ -45246,8 +45246,8 @@ rule REVERSINGLABS_Cert_Blocklist_E9268Ed63A7D7E9Dfd40A664Ddfbaf18 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L12198-L12216" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L12198-L12216" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "fc840c0b37867c3b0aa80d4dc609feaaab77d3f0c6f84c8bb2ea7c5a6461ebb8" score = 75 quality = 90 @@ -45271,8 +45271,8 @@ rule REVERSINGLABS_Cert_Blocklist_425Dc3E0Ca8Bcdce19D00D87E3F0Ba28 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L12218-L12234" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L12218-L12234" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "67a975f2806825bf0da27fcaf33c2ff497fe9bb2af12c22ff505b49070516960" score = 75 quality = 90 @@ -45296,8 +45296,8 @@ rule REVERSINGLABS_Cert_Blocklist_Afc0Ddb7Bdc8207E8C3B7204018Eecd3 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L12236-L12254" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L12236-L12254" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "302e2d6b31ca5c2c33c4ec7294630fd88a9c40f70ddecdc606ccff27b24e1cd4" score = 75 quality = 90 @@ -45321,8 +45321,8 @@ rule REVERSINGLABS_Cert_Blocklist_38989Ec61Ecdb7391Ff5647F7D58Ad18 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L12256-L12272" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L12256-L12272" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "1795812d4daa458b157280cac7a9b13e9b67a2d78eac077691bbce2bf8aeec34" score = 75 quality = 90 @@ -45346,8 +45346,8 @@ rule REVERSINGLABS_Cert_Blocklist_Bc6C43D206A360F2D6B58537C456B709 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L12274-L12292" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L12274-L12292" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "eb5288d2b96ff7a7783c2b2b02f9f1168784352ed84ad6463dce00c12daca6cb" score = 75 quality = 90 @@ -45371,8 +45371,8 @@ rule REVERSINGLABS_Cert_Blocklist_4929Ab561C812Af93Ddb9758B545F546 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L12294-L12310" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L12294-L12310" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "12235e324b92b83e9cfaed7cbcff5d093b8b1d7528dd5ac327159cde6e9a4d1f" score = 75 quality = 90 @@ -45396,8 +45396,8 @@ rule REVERSINGLABS_Cert_Blocklist_25C6Dbce3D5499F65D9Df16E9007465D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L12312-L12328" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L12312-L12328" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "978f05f86734c63afe1e5929a58f3cfff75ef749ffda07252db90b6fe12508ec" score = 75 quality = 90 @@ -45421,8 +45421,8 @@ rule REVERSINGLABS_Cert_Blocklist_Bc6A1812E001362469541108973Bbd52 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L12330-L12348" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L12330-L12348" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "9b678e9fb1e1eda3ac8e027b5e449af446de4379fea46ef7ff820240c73795ee" score = 75 quality = 90 @@ -45446,8 +45446,8 @@ rule REVERSINGLABS_Cert_Blocklist_Bde1D6Dc3622724F427A39E6A34F5124 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L12350-L12368" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L12350-L12368" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "f1cf0b6855269a771447a0b38f4a02996b6527d7df4b143b69598ed591719ca0" score = 75 quality = 90 @@ -45471,8 +45471,8 @@ rule REVERSINGLABS_Cert_Blocklist_5C9F5F96726A6E6Fc3B8Bb153Ac82Af2 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L12370-L12386" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L12370-L12386" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "a61bcc4a90a75a429366e3f93929005b67325eccc6cad3df6b7a0c3692597828" score = 75 quality = 90 @@ -45496,8 +45496,8 @@ rule REVERSINGLABS_Cert_Blocklist_6E889Bb3B7F7194B674C6A0335A608E0 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L12388-L12404" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L12388-L12404" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "fa2a47f4fb822089fcc958850ce516c8c5d95a6d9b575f3b1d1d4a2ceb2537e4" score = 75 quality = 90 @@ -45521,8 +45521,8 @@ rule REVERSINGLABS_Cert_Blocklist_0F62F760704Bdf8Dc30C7Baa7376F484 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L12406-L12422" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L12406-L12422" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "d54d52e116b9404782ce80664f218d2e142577dac672c53c41b82f0466c7375a" score = 75 quality = 90 @@ -45546,8 +45546,8 @@ rule REVERSINGLABS_Cert_Blocklist_071202Dbfda40B629C5E7Acac947C2D3 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L12424-L12440" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L12424-L12440" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "cc51b0ae6a59f68e61ee0b4ff33ea0e1ee9ef04e4c994e1c98da6befab62a5b9" score = 75 quality = 90 @@ -45571,8 +45571,8 @@ rule REVERSINGLABS_Cert_Blocklist_98Ab9585C04D7F0E4Cf4De98C14B684D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L12442-L12460" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L12442-L12460" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "ba43dd15b13623bb99d88c93fb9e751deb95a546325a1142d9137b25430d07fd" score = 75 quality = 90 @@ -45596,8 +45596,8 @@ rule REVERSINGLABS_Cert_Blocklist_4631713E66E91347F0388B98Cf747794 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L12462-L12478" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L12462-L12478" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "cb517cda67150b7e17ee3bd946903e8e8eca81742a362032249a2f2387e71c50" score = 75 quality = 90 @@ -45621,8 +45621,8 @@ rule REVERSINGLABS_Cert_Blocklist_E963F8983D21B4C1A69C66A9D37498E5 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L12480-L12498" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L12480-L12498" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "b7c715e28f003351d10ba53657e9e667b635a0e4433276d91d26f4482a61191d" score = 75 quality = 90 @@ -45646,8 +45646,8 @@ rule REVERSINGLABS_Cert_Blocklist_6E44Fcedd49F22F7A28Cecc99104F61A : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L12500-L12516" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L12500-L12516" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "caff0cbca45c0dffb673367585824783371f2f4e31a0c9629afb7de708098892" score = 75 quality = 90 @@ -45671,8 +45671,8 @@ rule REVERSINGLABS_Cert_Blocklist_35B49Ee870Aea532E6Ef0A4987105C8F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L12518-L12534" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L12518-L12534" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "a9d8e9db453f40e32a0cb6412db8885db54053fdf3d7908b884361a493f97b1f" score = 75 quality = 90 @@ -45696,8 +45696,8 @@ rule REVERSINGLABS_Cert_Blocklist_063Dcd7D7B0Bc77Cac844C7213Be3989 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L12536-L12552" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L12536-L12552" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "091d00b0731f0a3d9917eee945249f001e4b5b1b603cad2fc21eed70ec86aa99" score = 75 quality = 90 @@ -45721,8 +45721,8 @@ rule REVERSINGLABS_Cert_Blocklist_6F8777Aa866142Ad7120E5E1C9321E37 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L12554-L12570" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L12554-L12570" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "ca3ff0c7192ba90932d35d053712816555dea051ce15d29a7ccf4e37da989899" score = 75 quality = 90 @@ -45746,8 +45746,8 @@ rule REVERSINGLABS_Cert_Blocklist_4A7F07C5D4Ad2E23F9E8E03F0E229Dd4 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L12572-L12588" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L12572-L12588" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "6dc2bfac77117e294cacc772f7bfaea8b2e3caa26a0afd3729d517e91ca20ea5" score = 75 quality = 90 @@ -45771,8 +45771,8 @@ rule REVERSINGLABS_Cert_Blocklist_F5F9C8F8C33E4Ce84Dd48Fcb03Ccb075 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L12590-L12608" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L12590-L12608" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "ac3bab3f5a93099f39b0862b419346d1eb3d0f75d86e121ba30626d496c46c57" score = 75 quality = 90 @@ -45796,8 +45796,8 @@ rule REVERSINGLABS_Cert_Blocklist_57Fc55239F21F139978609E323097132 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L12610-L12626" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L12610-L12626" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "030bb847e524e672ee382e0284ba3f027920f60c70bbd153d4b9cdd2669e6a99" score = 75 quality = 90 @@ -45821,8 +45821,8 @@ rule REVERSINGLABS_Cert_Blocklist_Eeefec4308Abe63323600E1608F5E6F2 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L12628-L12646" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L12628-L12646" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "71ab4bd7e85155bfbc1612941c5f15c409629b116258c38b79bd808512df006a" score = 75 quality = 90 @@ -45846,8 +45846,8 @@ rule REVERSINGLABS_Cert_Blocklist_0Ecd460Ce14Bd8Ef2926Da2Cd9A44176 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L12648-L12664" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L12648-L12664" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "58fa244c125415ef7a3cf0feb79add4db7c84f94c23e5d27e840fb17c18d67ef" score = 75 quality = 90 @@ -45871,8 +45871,8 @@ rule REVERSINGLABS_Cert_Blocklist_5E75E997F3D70Bb8C182D56B25B7D836 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L12666-L12682" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L12666-L12682" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "a2c6a57759fb0717951f83a32c00deeae82cad772b6cb7f60fa96232b6b82560" score = 75 quality = 90 @@ -45896,8 +45896,8 @@ rule REVERSINGLABS_Cert_Blocklist_D5690D94F15315E143Db10Af35497Dc5 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L12684-L12702" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L12684-L12702" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "4ac17d0f0e4ef2bb5f6cda8e7cb07a641d49c83465a0a80c46ff6e0e752d1847" score = 75 quality = 90 @@ -45921,8 +45921,8 @@ rule REVERSINGLABS_Cert_Blocklist_8223C74185Add0927246F5E33Ebac467 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L12704-L12722" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L12704-L12722" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "f700b4f7cdfda9f678c3a5259d4293640c50567ec277c5b3db69756534e2007f" score = 75 quality = 90 @@ -45946,8 +45946,8 @@ rule REVERSINGLABS_Cert_Blocklist_Dd9E9E1D7C573714E3F567C5380Ae6D0 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L12724-L12742" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L12724-L12742" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "7bbcdb989d53bafbb2bdb694be72d4f7305323c01e8f1eafcb7cd889df165ff6" score = 75 quality = 90 @@ -45971,8 +45971,8 @@ rule REVERSINGLABS_Cert_Blocklist_3D5E71 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L12744-L12760" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L12744-L12760" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "aa73ac6569e4bb0084d7b148b2186ec2737a691a133319b21b666aa16bca9f2d" score = 75 quality = 90 @@ -45996,8 +45996,8 @@ rule REVERSINGLABS_Cert_Blocklist_C33187Fe848A65E8484Ea492Cb2Cbb18 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L12762-L12780" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L12762-L12780" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "b66d67b74d73a143cb5301b232abd5f0f84f058223d4494b924a25dffb49037a" score = 75 quality = 90 @@ -46021,8 +46021,8 @@ rule REVERSINGLABS_Cert_Blocklist_6Fc143Ba34Cabf1De7A4C7F8F4Cdad6D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L12782-L12798" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L12782-L12798" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "ffe25e4478a2245d4e5b330bb9300fb6cb48afb0fe3bd72bd62a589eeee3fe89" score = 75 quality = 90 @@ -46046,8 +46046,8 @@ rule REVERSINGLABS_Cert_Blocklist_6Ac6268B2E431A2C1369346D175D0E30 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L12800-L12816" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L12800-L12816" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "27efaba9bd9cd116f640007c1e951bb77757efbe148b5f953e71d6621d7f16b2" score = 75 quality = 90 @@ -46071,8 +46071,8 @@ rule REVERSINGLABS_Cert_Blocklist_0Fc4D9178B8Df2C19E269Ac6F43Dd708 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L12818-L12834" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L12818-L12834" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "41dfe37b464d337268a8bb0e23124df7b50ab966038e8ad33bda81a4d86040ca" score = 75 quality = 90 @@ -46096,8 +46096,8 @@ rule REVERSINGLABS_Cert_Blocklist_E01407871E2146C9Baab1Ae7Ab8Ab172 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L12836-L12854" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L12836-L12854" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "1801e7f15bd5f916fc08d263a845d296d334ca9de1040008f619719c1b5c0a3b" score = 75 quality = 90 @@ -46121,8 +46121,8 @@ rule REVERSINGLABS_Cert_Blocklist_Effc6D19D6Fc85872E4E5B3Ccee6D301 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L12856-L12874" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L12856-L12874" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "a746c4193f1264cb96eae0ea85c2c76b5caf3b72ca950f76af426b4d68d210b3" score = 75 quality = 90 @@ -46146,8 +46146,8 @@ rule REVERSINGLABS_Cert_Blocklist_2F4A25D52B16Eb4C9Dfe71Ebbd8121Bb : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L12876-L12892" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L12876-L12892" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "7b237ae0574afeafcc05f71512c09d3170edbee20e512a1b0af5b431923dc25c" score = 75 quality = 90 @@ -46171,8 +46171,8 @@ rule REVERSINGLABS_Cert_Blocklist_6889Aab6202Bcc5F11Caedf4D04F435B : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L12894-L12910" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L12894-L12910" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "b2261ed8001929be8f80f73cc0c5076138f4794c73cbffd63773da5fc44639a8" score = 75 quality = 90 @@ -46196,8 +46196,8 @@ rule REVERSINGLABS_Cert_Blocklist_3Be63083Fbb1787B445Da97583721419 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L12912-L12928" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L12912-L12928" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "f39f5a632544bc01c3b4c9e2f2dd33f7109c44375f54011a34181e10da79debc" score = 75 quality = 90 @@ -46221,8 +46221,8 @@ rule REVERSINGLABS_Cert_Blocklist_6E2D3449272B6B96B8B9F728E87580D5 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L12930-L12946" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L12930-L12946" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "0155a8c71bf8426bbb980798772b04c145df5b8c4b60ff1a610a1236a47547ef" score = 75 quality = 90 @@ -46246,8 +46246,8 @@ rule REVERSINGLABS_Cert_Blocklist_268C0D7028A154Ac3B6349C5 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L12948-L12964" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L12948-L12964" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "8311b36f008e31b7ac27b439fa46da4c90ab4be6c7c89426f8e1939963bc3d7d" score = 75 quality = 90 @@ -46271,8 +46271,8 @@ rule REVERSINGLABS_Cert_Blocklist_2Daa8D629Cc0410A9482E62A0F8Bf8Fc : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L12966-L12982" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L12966-L12982" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "cfb2631bc1832f65fb9d77c812bf2a1e05121e825254bd57ae8b21e7b10b2344" score = 75 quality = 90 @@ -46296,8 +46296,8 @@ rule REVERSINGLABS_Cert_Blocklist_9A727E200Ea76570 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L12984-L13002" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L12984-L13002" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "337dc486f2bdca1f7682887d5e5c0f82961850a8fd9c9a20b9a43a75334070d8" score = 75 quality = 90 @@ -46321,8 +46321,8 @@ rule REVERSINGLABS_Cert_Blocklist_0954A3C876Df9262Cde5817F9870F0C6 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L13004-L13020" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L13004-L13020" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "164b064a9df31d4a122236dfee7b713417a44d47a7f304b2bf55686a7f038feb" score = 75 quality = 90 @@ -46346,8 +46346,8 @@ rule REVERSINGLABS_Cert_Blocklist_3C30930E53Bb026F9A5D7440155F7118 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L13022-L13038" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L13022-L13038" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "260a58669043d21ee0ffccbdee95c9d04ef338497685d42f1951660f658a164d" score = 75 quality = 90 @@ -46371,8 +46371,8 @@ rule REVERSINGLABS_Cert_Blocklist_432Eefc0D4Dc0326Eb277A518Cc4310A : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L13040-L13056" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L13040-L13056" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "d5a0b7f19f66f18b5ef1c548276b675ead74fed6be94310c303bfad6c85f18be" score = 75 quality = 90 @@ -46396,8 +46396,8 @@ rule REVERSINGLABS_Cert_Blocklist_470D6Ce21A6940320261F09E : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L13058-L13074" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L13058-L13074" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "cae1d381bf2018a0ce56feb245d01f2bfea55b67894264d32d78dbb41873c792" score = 75 quality = 90 @@ -46421,8 +46421,8 @@ rule REVERSINGLABS_Cert_Blocklist_7E6Bc7E5A49E2C28E6F5D042 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L13076-L13092" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L13076-L13092" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "f378c490ff4f32fc095c822f75abac44a8d94327404cd97546c63e7441e07632" score = 75 quality = 90 @@ -46446,8 +46446,8 @@ rule REVERSINGLABS_Cert_Blocklist_4C5020899147C850196C4Ebf : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L13094-L13110" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L13094-L13110" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "112e834a24c50d639f8607740faa609f1a36539058357544e5dbcddf841f3116" score = 75 quality = 90 @@ -46471,8 +46471,8 @@ rule REVERSINGLABS_Cert_Blocklist_4Efcf7Adc21F070E590D49Ddb8081397 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L13112-L13128" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L13112-L13128" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "d60a5bbd50484d620ab60cfd40840abc541c2b7bc1005a9076b69ddd1b938652" score = 75 quality = 90 @@ -46496,8 +46496,8 @@ rule REVERSINGLABS_Cert_Blocklist_Cbd37C0A651913Ee25A6860D7D5Ccdf2 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L13130-L13148" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L13130-L13148" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "77cc439aea6eaa5a835b6b1aa50904c1df0d5379228e424ab2d68a3cb654834c" score = 75 quality = 90 @@ -46521,8 +46521,8 @@ rule REVERSINGLABS_Cert_Blocklist_5Fe0Ad6B03C57Ab67A352159004Ca3Db : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L13150-L13166" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L13150-L13166" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "6f2489421f2effa2089b744f7e137818935fe2339d9216a42686012c51da677b" score = 75 quality = 90 @@ -46546,8 +46546,8 @@ rule REVERSINGLABS_Cert_Blocklist_642Ad8E5Ef8B3Ac767F0D5C1A999Bdaa : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L13168-L13184" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L13168-L13184" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "d42d40ca381b99b68a3384cecf585aab2acca66d4e13503d337b1605d587d0b5" score = 75 quality = 90 @@ -46571,8 +46571,8 @@ rule REVERSINGLABS_Cert_Blocklist_5333D3079D8Afda715703775E1389991 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L13186-L13202" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L13186-L13202" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "98bd9d35c4e196a11943826115ab495833f7ef1d95f9736cc24255d6dd4fd21c" score = 75 quality = 90 @@ -46596,8 +46596,8 @@ rule REVERSINGLABS_Cert_Blocklist_139A7Ee1F1A7735C151089755Df5D373 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L13204-L13220" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L13204-L13220" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "86072fef7d1488dc257c3ca8fbb99620ec06f8ecb671b4e20d09d0ce6cc8601d" score = 75 quality = 90 @@ -46621,8 +46621,8 @@ rule REVERSINGLABS_Cert_Blocklist_74Dbe83082E1B3Dfa29F9C24 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L13222-L13238" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L13222-L13238" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "1fdf6471d0b869df1a8630108cdaf1cc97d33e91d4726073913cdc54c7cf0042" score = 75 quality = 90 @@ -46646,8 +46646,8 @@ rule REVERSINGLABS_Cert_Blocklist_0A466553A6391Aafd181B400266C7B18 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L13240-L13256" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L13240-L13256" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "cb21e5759887904d6a38cd1b363610ebc0bfd9a357050c602210468992815cbe" score = 75 quality = 90 @@ -46671,8 +46671,8 @@ rule REVERSINGLABS_Cert_Blocklist_0D3Dec8794Fa7228D1Ee40Eeb8187149 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L13258-L13274" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L13258-L13274" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "20084dc0b069d65755f859f5aef4be5599d1f066ba006199d3ce803b0d8f041e" score = 75 quality = 90 @@ -46696,8 +46696,8 @@ rule REVERSINGLABS_Cert_Blocklist_24Af70B5D17A63Ad053E5821 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L13276-L13292" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L13276-L13292" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "d78f709067c83169484d9dd6e1dd8a88852362da028551d4e55e5703a22e04a7" score = 75 quality = 90 @@ -46721,8 +46721,8 @@ rule REVERSINGLABS_Cert_Blocklist_402E9Fcba61E5Eaf9C0C7B3Bfd6259D9 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L13294-L13310" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L13294-L13310" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "1bfc2610745a98ebcf0f77504815d9d1c448697fbe407d6c2e075219b401de50" score = 75 quality = 90 @@ -46746,8 +46746,8 @@ rule REVERSINGLABS_Cert_Blocklist_2C84F9136059E96134F8766670Eacd52 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L13312-L13328" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L13312-L13328" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "d6778630dcc3e4fe2816e6dee1b823e616f53de8a924057495c7c252948a71b4" score = 75 quality = 90 @@ -46771,8 +46771,8 @@ rule REVERSINGLABS_Cert_Blocklist_6716A9C195987D5Cfe53A094779461E7 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L13330-L13346" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L13330-L13346" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "648fd70432a791b3e589f5eda1b1510045b465623914a9762ff3dfb4a3e022f8" score = 75 quality = 90 @@ -46796,8 +46796,8 @@ rule REVERSINGLABS_Cert_Blocklist_876C00Bd665Df98B35554F67A5C1C32A : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L13348-L13366" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L13348-L13366" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "90bde1313db78d4166e8c87e7e4111c576880922b1c983f3a842ea030d38a0da" score = 75 quality = 90 @@ -46821,8 +46821,8 @@ rule REVERSINGLABS_Cert_Blocklist_4B093Cb60D4B992266F550934A4Ac7D0 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L13368-L13384" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L13368-L13384" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "4b634bc706638d72f2d036d41cf092cac538e930d7d407eebc225b482fd64f51" score = 75 quality = 90 @@ -46846,8 +46846,8 @@ rule REVERSINGLABS_Cert_Blocklist_2050B54146B011Ed30F60F61 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L13386-L13402" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L13386-L13402" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "74749317fcefcdb698046a6f42c6c6e05cc1eab1370b3b1fd7d025f49de4a032" score = 75 quality = 90 @@ -46871,8 +46871,8 @@ rule REVERSINGLABS_Cert_Blocklist_73E2F34C9C2435F29Bbe0A3C : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L13404-L13420" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L13404-L13420" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "503429e737e8bdad735cf88e2bb2877d1f52b2c38be101a7a129c02db608a347" score = 75 quality = 90 @@ -46896,8 +46896,8 @@ rule REVERSINGLABS_Cert_Blocklist_68C457D7495D2A8D0D7B9042836135C2 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L13422-L13438" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L13422-L13438" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "3eb63f75f258eec611fa4288302f0ce5e47149ca876265a4a4b65dc33313aaa6" score = 75 quality = 90 @@ -46921,8 +46921,8 @@ rule REVERSINGLABS_Cert_Blocklist_6B72Ca367D40Fbef16E73E6Eba6A9A59 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L13440-L13456" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L13440-L13456" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "2b20c16dafcd891c36b28b36093cd3ad3a15f3795f0f2adda61fb0db2835d02d" score = 75 quality = 90 @@ -46946,8 +46946,8 @@ rule REVERSINGLABS_Cert_Blocklist_736B7663D322533413F36E3E7E55F920 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L13458-L13474" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L13458-L13474" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "44e86319106a4bf8edba6c1be2f90d68b3d1ef4591f0cc23921a0dc4da4a407b" score = 75 quality = 90 @@ -46971,8 +46971,8 @@ rule REVERSINGLABS_Cert_Blocklist_54A170102461Fdc967Acfafe4Bbbc7F0 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L13476-L13492" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L13476-L13492" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "ddae18d566fa2fd077f51d0afff74fb8a8e525f88f23908c7402a4b2c092ad24" score = 75 quality = 90 @@ -46996,8 +46996,8 @@ rule REVERSINGLABS_Cert_Blocklist_0C501B8B113209C96C8119Cf7A6B8B79 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L13494-L13510" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L13494-L13510" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "dca37fda83650979566fb6ffbedaf713955a3c7f03ecc62e2e155475b7ca00e4" score = 75 quality = 90 @@ -47021,8 +47021,8 @@ rule REVERSINGLABS_Cert_Blocklist_0300Ee4A4C52443147821A8186D04309 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L13512-L13528" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L13512-L13528" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "8476ece98427c1ffd99d820c25fe664397de2c393473f7d5ee0846d8d840fd9e" score = 75 quality = 90 @@ -47046,8 +47046,8 @@ rule REVERSINGLABS_Cert_Blocklist_202Cf8 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L13530-L13546" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L13530-L13546" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "671a4b522761fdff75d1c0c608e8cfb21c7ab538c8c30c8620315bc58ed358e6" score = 75 quality = 90 @@ -47071,8 +47071,8 @@ rule REVERSINGLABS_Cert_Blocklist_6651Cc8B4850D4Dec61961503Ea7956B : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L13548-L13564" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L13548-L13564" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "29bfe9c8b340b55a9daa2644e8d55b2b783cc95c85541732e6e0decca8c10ff6" score = 75 quality = 90 @@ -47096,8 +47096,8 @@ rule REVERSINGLABS_Cert_Blocklist_25Bef28467E4750331D2F403458113B8 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L13566-L13582" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L13566-L13582" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "dc59fdecf60f3781e92cfe8469be2e0c1cb1cfdd3e9f9757d159667437cb37f5" score = 75 quality = 90 @@ -47121,8 +47121,8 @@ rule REVERSINGLABS_Cert_Blocklist_0296Cf3314F434C5B74D0C3E36616Dd1 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L13584-L13600" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L13584-L13600" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "acf3b7460c79fa71c1b131b26a40bbc286c9da0a5fe7071bbe8b386a3ca91de4" score = 75 quality = 90 @@ -47146,8 +47146,8 @@ rule REVERSINGLABS_Cert_Blocklist_045D57D63E13775C8F812E1864797F5A : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L13602-L13618" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L13602-L13618" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "d3e61e9a43f5b17ebb08b71dc39648d1f20273a18214f39605f365f9f0f72c10" score = 75 quality = 90 @@ -47171,8 +47171,8 @@ rule REVERSINGLABS_Cert_Blocklist_6D633Df9Bb6015Fc3Ecea99Dff309Ee7 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L13620-L13636" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L13620-L13636" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "84e2f427ee79b47db8d0e5f1e2217a7e1c1ea64047e01b4ea6db69f529501f36" score = 75 quality = 90 @@ -47196,8 +47196,8 @@ rule REVERSINGLABS_Cert_Blocklist_22E2A66E63B8Cb4Ec6989Bf7 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L13638-L13654" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L13638-L13654" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "2099c508d1fd986f34f14aa396a5aaa136e2cdd2226099acdca9c14f6f6342eb" score = 75 quality = 90 @@ -47221,8 +47221,8 @@ rule REVERSINGLABS_Cert_Blocklist_654B406De388Ec2Aec253Ff2Ba4C4Bbd : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L13656-L13672" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L13656-L13672" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "a1aadaded55c8b0d85ac09ba9ab27fefaeec2969cdabaf26ff0c41bf33422ddc" score = 75 quality = 90 @@ -47246,8 +47246,8 @@ rule REVERSINGLABS_Cert_Blocklist_78D1817Ebcf338B4E9C810F9740A726B : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L13674-L13690" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L13674-L13690" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "62e59130ef0ac35b17a265bb8bc2031cac6a75c11925ccb21eb4601b8fbe1a63" score = 75 quality = 90 @@ -47271,8 +47271,8 @@ rule REVERSINGLABS_Cert_Blocklist_45Fbcdb1Fbd3D702Fb77257B45D8C58E : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L13692-L13708" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L13692-L13708" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "441e10f49515d75ee9e8983ba4321377fee13a91ca5eeddc08b393136ce8ccfd" score = 75 quality = 90 @@ -47296,8 +47296,8 @@ rule REVERSINGLABS_Cert_Blocklist_4B5D8Ed5Ca011679F141F124 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L13710-L13726" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L13710-L13726" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "39ff0d5fd711524ce181596033d1d51579cd086eb20b87722aebf39623bbaa17" score = 75 quality = 90 @@ -47321,8 +47321,8 @@ rule REVERSINGLABS_Cert_Blocklist_33671F1Bcbd0F5E231Fc386F4895000E : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L13728-L13744" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L13728-L13744" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "9199c8d76e3390ec9038808b4e88b803b3f3d6966af6206d0c9968d9ab673f31" score = 75 quality = 90 @@ -47346,8 +47346,8 @@ rule REVERSINGLABS_Cert_Blocklist_32Bc299F0694C19Ec21E71265B1D7E17 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L13746-L13762" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L13746-L13762" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "cb522e3084d382c451a8b040095e75582675f90dbb588e370f2f0054f4c2d14b" score = 75 quality = 90 @@ -47371,8 +47371,8 @@ rule REVERSINGLABS_Cert_Blocklist_7B75C6B0A09Afdb9787F6Dff75Ae7844 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L13764-L13780" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L13764-L13780" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "8fd125a526b3433fbb8a5c6fa74ce0b0e2de8ff789880c355625d4140cd902a2" score = 75 quality = 90 @@ -47396,8 +47396,8 @@ rule REVERSINGLABS_Cert_Blocklist_167Fd1295B3Bb102Dbb37292C838E7Cd : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L13782-L13798" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L13782-L13798" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "1cc7d441291fd9c4dc37320d411f94fb362523d47d37ab35c20b3ac9d4cd75cb" score = 75 quality = 90 @@ -47421,8 +47421,8 @@ rule REVERSINGLABS_Cert_Blocklist_253Ad25E39Abe8F8Fda9Fcf6 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L13800-L13816" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L13800-L13816" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "1d46ccaa136cd7be30ffbf0eb09eb6485c543ff4bdbe99fa7ea3846841cbd41b" score = 75 quality = 90 @@ -47446,8 +47446,8 @@ rule REVERSINGLABS_Cert_Blocklist_A9C1523Cb2C73A82771D318124963E87 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L13818-L13836" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L13818-L13836" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "87e314d14361f56935b7a8fb93468cfaf2c73e16c25d68a61ec80ad9334d3115" score = 75 quality = 90 @@ -47471,8 +47471,8 @@ rule REVERSINGLABS_Cert_Blocklist_68E1B2C210B19Bb1F2A24176709B165B : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L13838-L13854" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L13838-L13854" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "8e88ad992c58d37ff1ac34e2d9cf121f3bc692ae78c0ad79140974abdec2f317" score = 75 quality = 90 @@ -47496,8 +47496,8 @@ rule REVERSINGLABS_Cert_Blocklist_5C88313Bd98Bde99C9B9Ac1408A63249 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L13856-L13872" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L13856-L13872" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "f958e46e00bf4ab8ecf071502bcda63a84265029bc9c72cea1eaaf72e9003a84" score = 75 quality = 90 @@ -47521,8 +47521,8 @@ rule REVERSINGLABS_Cert_Blocklist_7A632A6Ecfc6C49Ec1F42F76 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L13874-L13890" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L13874-L13890" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "038badeab61c00476b79684308bf91f8a63716641f2be16fe0a3b25ebd3a9a1e" score = 75 quality = 90 @@ -47546,8 +47546,8 @@ rule REVERSINGLABS_Cert_Blocklist_F57Df6A6Eee3854D513D0Ba8585049B7 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L13892-L13910" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L13892-L13910" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "09d5998960fb65eda56cd698c5ff50d87ba7a811cbb128bc7485c0f124e14cba" score = 75 quality = 90 @@ -47571,8 +47571,8 @@ rule REVERSINGLABS_Cert_Blocklist_0Ac5Ac5D323122E6D8E92D6E191B1432 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L13912-L13928" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L13912-L13928" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "d5e62d3cdfacfaea70f9ee11230501bb9c4099508077d50a2a143cb69476f02a" score = 75 quality = 90 @@ -47596,8 +47596,8 @@ rule REVERSINGLABS_Cert_Blocklist_2433D9Df7Efbccb870Ee5904D62A0101 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L13930-L13946" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L13930-L13946" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "92a2effe1b94345f52130e4cb1db181f1990e58eaefb9c74375c14249cc1be22" score = 75 quality = 90 @@ -47621,8 +47621,8 @@ rule REVERSINGLABS_Cert_Blocklist_462Baada57570F70Df76D10B9E7Bf2B7 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L13948-L13964" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L13948-L13964" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "c48207907339ce3fb7b6bc630097761a24495a9d4e69d421f2bdb36ddc92abcb" score = 75 quality = 90 @@ -47646,8 +47646,8 @@ rule REVERSINGLABS_Cert_Blocklist_83320D93Dd8Cf16D11F99B1078B0A7Cb : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L13966-L13984" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L13966-L13984" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "94ec5e05357767cc0c4cd1fc8ff6d1a366359ba699c43f3710204d761e7e707f" score = 75 quality = 90 @@ -47671,8 +47671,8 @@ rule REVERSINGLABS_Cert_Blocklist_10Bae1D20Cb4Cc36A0Ffac86 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L13986-L14002" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L13986-L14002" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "44e91fbf4da8e81859a21408ee9f1971f1e8f48d22553fcaa6469156d4a0670b" score = 75 quality = 90 @@ -47696,8 +47696,8 @@ rule REVERSINGLABS_Cert_Blocklist_230716Bfe915Dd6203B2E2A35674C2Ee : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L14004-L14020" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L14004-L14020" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "0197ff46ceb1017488da4383436fd0ddc375904f36cc16c5a8ef21d633ec387c" score = 75 quality = 90 @@ -47721,8 +47721,8 @@ rule REVERSINGLABS_Cert_Blocklist_36A77D37E68E02Fd3D043C7197E044Ca : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L14022-L14038" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L14022-L14038" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "fc13ac5880cc2c8eac9ff8d09f6c5c2055b2de54d460a284936a4f6cd78192e8" score = 75 quality = 90 @@ -47746,8 +47746,8 @@ rule REVERSINGLABS_Cert_Blocklist_73Bff2Fb714F986C1707165F0B0F2E0E : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L14040-L14056" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L14040-L14056" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "d79ab926cbc0049d39f5f4c6e57afc71b1a30311a4816fdb66a9c2e257cc84af" score = 75 quality = 90 @@ -47771,8 +47771,8 @@ rule REVERSINGLABS_Cert_Blocklist_33B24170694Ca0Cf4D2Bdf4Aadf475A3 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L14058-L14074" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L14058-L14074" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "795bcb46b41ded084e4d12d98e335748ec1db3e0abbbb2d933e819d955075138" score = 75 quality = 90 @@ -47796,8 +47796,8 @@ rule REVERSINGLABS_Cert_Blocklist_3A9Bdec10E00E780316Baaebfe7A772C : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L14076-L14092" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L14076-L14092" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "ea9bc11efd2969f6b7112338f2b084ea3551e072e46b1162bd47b08be549cdd4" score = 75 quality = 90 @@ -47821,8 +47821,8 @@ rule REVERSINGLABS_Cert_Blocklist_7Cad9C37F7Affa8F4D8229F97607E265 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L14094-L14110" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L14094-L14110" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "0f88989c64bece23e7eccf8022e038fdd9c360766de71268cf71616f74adc56c" score = 75 quality = 90 @@ -47846,8 +47846,8 @@ rule REVERSINGLABS_Cert_Blocklist_098A57 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L14112-L14128" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L14112-L14128" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "5e203f87dd4608ba5d583e02ce86fbe230e45fff86a7a697766e149d0cf6f436" score = 75 quality = 90 @@ -47871,8 +47871,8 @@ rule REVERSINGLABS_Cert_Blocklist_5389Cc6286Da3Bfa1Dc4Df498Bf68361 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L14130-L14146" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L14130-L14146" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "d25d998c980f47f4da065155451503dcbc677ad041af85a6ed7060ecadec66b3" score = 75 quality = 90 @@ -47896,8 +47896,8 @@ rule REVERSINGLABS_Cert_Blocklist_Ed9Caeb7911B31Bd : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L14148-L14166" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L14148-L14166" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "02cfdf883212387a465af3e692b29b8d0eb8249e0a260f18bec2f662d775b606" score = 75 quality = 90 @@ -47921,8 +47921,8 @@ rule REVERSINGLABS_Cert_Blocklist_0Fd2B19A941B7009Cc728A37Cb1B10B9 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L14168-L14184" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L14168-L14184" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "6b5cc47f4df9e57c59bc66c32188e02390d4855a1b9e56bd7471fd641a245c3c" score = 75 quality = 90 @@ -47946,8 +47946,8 @@ rule REVERSINGLABS_Cert_Blocklist_2D88C0Af1Fe2609961C171213C03Bd23 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L14186-L14202" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L14186-L14202" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "2d181b9b517732f14d196c1a6c5661d8de4dbbfe6f120954dd3f9dcad00ff0fe" score = 75 quality = 90 @@ -47971,8 +47971,8 @@ rule REVERSINGLABS_Cert_Blocklist_6E7Cc176062D91225Cfdcbdf5B5F0Ea5 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L14204-L14220" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L14204-L14220" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "1d2ffa7ec3559061432c2aff23f568cb580fb9093d0af7d8a6a0b91add89c9cc" score = 75 quality = 90 @@ -47996,8 +47996,8 @@ rule REVERSINGLABS_Cert_Blocklist_Cecedd2Efc985C2Dbf0019669D270079 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L14222-L14240" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L14222-L14240" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "1dfb5959db6929643126a850de84e54a84d7197518cde475c802987721b71020" score = 75 quality = 90 @@ -48021,8 +48021,8 @@ rule REVERSINGLABS_Cert_Blocklist_61Fe6F00Bd79684210534050Ff46Bc92 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L14242-L14258" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L14242-L14258" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "e8ebc5de081e2d1e653493a2d85699ebfb5227b7fab656468025c2043903f597" score = 75 quality = 90 @@ -48046,8 +48046,8 @@ rule REVERSINGLABS_Cert_Blocklist_0323Cc4E38735B0E6Efba76Ea25C73B7 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L14260-L14276" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L14260-L14276" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "48bda7f61c9705ae70add3940f10d65fc7f7a776cec91a244f0e5bde07303831" score = 75 quality = 90 @@ -48071,8 +48071,8 @@ rule REVERSINGLABS_Cert_Blocklist_1F9Aca069Ac1B6Bfb0E14861Ec857Bf6 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L14278-L14294" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L14278-L14294" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "d7c9a471455768a00deeb73900bf80a98f0b2c9da1fd09d568e2998deaf404d2" score = 75 quality = 90 @@ -48096,8 +48096,8 @@ rule REVERSINGLABS_Cert_Blocklist_3E9D26Dcf703Ca3B140D7E7Ad48312E2 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L14296-L14312" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L14296-L14312" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "d8f70ba61509f3df34705bea0bfcb4cce3e92a33f0f1b65315d886eb5592f152" score = 75 quality = 90 @@ -48121,8 +48121,8 @@ rule REVERSINGLABS_Cert_Blocklist_4E2523E76Ea455941E75Fb8240474A75 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L14314-L14330" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L14314-L14330" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "e89f722345fda82fd894d34169d1463997ae1d567d46badbf3138faa04cf8fa4" score = 75 quality = 90 @@ -48146,8 +48146,8 @@ rule REVERSINGLABS_Cert_Blocklist_6102468293Ba7308D17Efb43Ad6Bfb58 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L14332-L14348" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L14332-L14348" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "c1ae1562595ac6515a071a16195b46db6fad4ee0fe9757d366ee78b914e1de7f" score = 75 quality = 90 @@ -48171,8 +48171,8 @@ rule REVERSINGLABS_Cert_Blocklist_6Ded1A7Ff6Da152A98A57A2F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L14350-L14366" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L14350-L14366" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "20ec1e8e0570eb216304fd8453df315a26d9c170224177c325c10cbefc1993fb" score = 75 quality = 90 @@ -48196,8 +48196,8 @@ rule REVERSINGLABS_Cert_Blocklist_3Ce65Ea057B975D2C17Eaf2C2297B1Eb : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L14368-L14384" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L14368-L14384" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "e17988cb2503e285cfe2ea74d7bc61c577d828e14fd5d8d8062e469dc75c449e" score = 75 quality = 90 @@ -48221,8 +48221,8 @@ rule REVERSINGLABS_Cert_Blocklist_5D085A9A288549D09Edc4941 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L14386-L14402" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L14386-L14402" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "dff7c2d727acca753b030d05028590e1a5577121bb2b4c0dcfcb70b4c9d77cbf" score = 75 quality = 90 @@ -48246,8 +48246,8 @@ rule REVERSINGLABS_Cert_Blocklist_7D20Dec3797A1Ac30649Ebb184265B79 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L14404-L14420" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L14404-L14420" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "78c0575a1c9ecf37ef5bac0612c20f96b8641875b0ba786979adc8a77f001a5e" score = 75 quality = 90 @@ -48271,8 +48271,8 @@ rule REVERSINGLABS_Cert_Blocklist_187D92861076E469B5B7A19E2A9Fd4Ba : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L14422-L14438" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L14422-L14438" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "7383a7fb31a0a913dff1740015ff702642fbb41d8e5a528a8684c80e66026e9d" score = 75 quality = 90 @@ -48296,8 +48296,8 @@ rule REVERSINGLABS_Cert_Blocklist_199A9476Feca3C004Ff889D34545De07 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L14440-L14456" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L14440-L14456" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "39c6efefcbd78d5e08ffd8d3989cab3bdf273a1847b2a961f9e68c9ee95e85b6" score = 75 quality = 90 @@ -48321,8 +48321,8 @@ rule REVERSINGLABS_Cert_Blocklist_1Efe65 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L14458-L14474" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L14458-L14474" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "f849b6899b6766807cfddf99ecb809fe923f35f04de09b62235da352ce6e6e24" score = 75 quality = 90 @@ -48346,8 +48346,8 @@ rule REVERSINGLABS_Cert_Blocklist_0Af7E2B6A3Deb99291Dcaf66 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L14476-L14492" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L14476-L14492" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "270b5655a0f54abceb520eaca714ed4f6d4de720883e2759acd5bb2f027dfd2b" score = 75 quality = 90 @@ -48371,8 +48371,8 @@ rule REVERSINGLABS_Cert_Blocklist_45E27C4Dfa5E6175566A13B1B6Ddf3F5 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L14494-L14510" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L14494-L14510" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "9bcbb84207984b259463482f094bf0f3815f0d74317b6b864dab44769ff5e7e8" score = 75 quality = 90 @@ -48396,8 +48396,8 @@ rule REVERSINGLABS_Cert_Blocklist_37D36A4E61C0Ac68Ceb8Bfcef2Dbf283 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L14512-L14528" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L14512-L14528" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "41e126600aae5646b808ed0a4294faa9a63e47842e9cde4fee9e5e65919af7ee" score = 75 quality = 90 @@ -48421,8 +48421,8 @@ rule REVERSINGLABS_Cert_Blocklist_4321De10738278B93683Ca542407F103 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L14530-L14546" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L14530-L14546" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "2787375605310877891ef924268f4660d1c8aa020e00674c1b1d7eb3c4f5b2fb" score = 75 quality = 90 @@ -48446,8 +48446,8 @@ rule REVERSINGLABS_Cert_Blocklist_2A6B2Df210Be14F4E18E10C7 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L14548-L14564" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L14548-L14564" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "24ae1664c35b7947e2e638bf620d9ab572c70df9cdc1403cc00b422a45ff9194" score = 75 quality = 90 @@ -48471,8 +48471,8 @@ rule REVERSINGLABS_Cert_Blocklist_412Ab2A50E8028Ddcbc499Ddf45F2045 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L14566-L14582" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L14566-L14582" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "a5b85d13dee51d68af28394ecee3dcc2efe7add4d26c2a8033d1855b33ac6271" score = 75 quality = 90 @@ -48496,8 +48496,8 @@ rule REVERSINGLABS_Cert_Blocklist_0747F6A8C3542F954B113Fd98C7607Cf : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L14584-L14600" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L14584-L14600" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "9d5e5c98f3ef372532cfc4f544d5d3f620dc2e49d8b6e1c96df29d2a38042019" score = 75 quality = 90 @@ -48521,8 +48521,8 @@ rule REVERSINGLABS_Cert_Blocklist_2572B484Fa0A61Be7288D785D7Bda7D3 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L14602-L14618" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L14602-L14618" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "d6b23ba706a640a1e76ad7ab0a70c845c9366ac8355eea5439f76f6993c9c6be" score = 75 quality = 90 @@ -48546,8 +48546,8 @@ rule REVERSINGLABS_Cert_Blocklist_6726Bd04204746C46857887F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L14620-L14636" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L14620-L14636" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "11d25dff7e05e6f97725e919cc6c978d7f2e64a91cf04b72461c71d592dfc2dc" score = 75 quality = 90 @@ -48571,8 +48571,8 @@ rule REVERSINGLABS_Cert_Blocklist_4463D8B31E0F87C14233D4D0D2C487A0 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L14638-L14654" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L14638-L14654" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "04ce664fceb4a617294e860d5364d8a4ce8e055fd2baebb8be69f258d9c70ac7" score = 75 quality = 90 @@ -48596,8 +48596,8 @@ rule REVERSINGLABS_Cert_Blocklist_387982605E542D6D52F231Ca6F5657Cc : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L14656-L14672" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L14656-L14672" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "d55cfd45bc0d330c0ed433a882874e4633ffbaa0d68288bea9058fe269d75ed9" score = 75 quality = 90 @@ -48621,8 +48621,8 @@ rule REVERSINGLABS_Cert_Blocklist_E0134C41E7Eda6863C4Eee5B003976Dd : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L14674-L14692" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L14674-L14692" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "fbe34baf52e3fa7d7cdfcfaef9b8851c4cbeb46d17eeade61750e59cf0c13291" score = 75 quality = 90 @@ -48646,8 +48646,8 @@ rule REVERSINGLABS_Cert_Blocklist_5B47A4739Dd8Ffe81D9B5307 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L14694-L14710" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L14694-L14710" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "5f35f520d4af26fa648553894a5b0db043d0c32302d94f531b6cb48691396a92" score = 75 quality = 90 @@ -48671,8 +48671,8 @@ rule REVERSINGLABS_Cert_Blocklist_4F5A9Bf75Da76B949645475473793A7D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L14712-L14728" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L14712-L14728" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "8c58d30b1b6ef80409d9da5f5f4bc26a8818b01cc388b5966c8b68ed0e4c5a2a" score = 75 quality = 90 @@ -48696,8 +48696,8 @@ rule REVERSINGLABS_Cert_Blocklist_081Df56C9A48D02571F08907 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L14730-L14746" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L14730-L14746" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "25d91f09e0731ab09a05855442b72589eb30e1c7d5e4c0a7af760eea540d786f" score = 75 quality = 90 @@ -48721,8 +48721,8 @@ rule REVERSINGLABS_Cert_Blocklist_77D5C1A3E623575999C74409Dc19753C : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L14748-L14764" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L14748-L14764" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "54921ce39a0876511b33ac6fa088c3342e2ea7fa037423fe72825bfe9c83bce6" score = 75 quality = 90 @@ -48746,8 +48746,8 @@ rule REVERSINGLABS_Cert_Blocklist_E9756B3F38B1172Ea89Fdbdfdba5F979 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L14766-L14784" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L14766-L14784" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "997a9433f907896d82f22ae323bf9cfe9aa04a2a49c5505e98adbb34277fcc15" score = 75 quality = 90 @@ -48771,8 +48771,8 @@ rule REVERSINGLABS_Cert_Blocklist_09Fb28 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L14786-L14802" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L14786-L14802" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "5ed65d33b73977e869460ba51271aff94811fa2f41e4a2993c47233add2f38dd" score = 75 quality = 90 @@ -48796,8 +48796,8 @@ rule REVERSINGLABS_Cert_Blocklist_197Dc32D915458953562D2Fe78Bf2468 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L14804-L14820" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L14804-L14820" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "e61284a74765592fe97b90ca1c260efa46ea31286e6d09ab32d6c664b8271f2a" score = 75 quality = 90 @@ -48821,8 +48821,8 @@ rule REVERSINGLABS_Cert_Blocklist_7C0Be3D14787351E3156F5F37F2B3663 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L14822-L14838" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L14822-L14838" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "66c2cd84fccedd2afef00495c49d0c2844e2e5e190e6a859d2970e8ddb4a35c2" score = 75 quality = 90 @@ -48846,8 +48846,8 @@ rule REVERSINGLABS_Cert_Blocklist_05054Fdea356F3Dd7Db479Fa : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L14840-L14856" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L14840-L14856" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "02ec52e060a6b8b3edfad0a1f5b1f2d6c409645d5233612d0d353ad74bcd4568" score = 75 quality = 90 @@ -48871,8 +48871,8 @@ rule REVERSINGLABS_Cert_Blocklist_08Aaa069E92517F21Ce67Ca713F6Ea63 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L14858-L14874" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L14858-L14874" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "28ad7e9c75a701425003cde4a7eb10fa471394628cd5004412778d8d7cddb50b" score = 75 quality = 90 @@ -48896,8 +48896,8 @@ rule REVERSINGLABS_Cert_Blocklist_1B7B54E0Dd4D7E45A0B46834De52658D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L14876-L14892" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L14876-L14892" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "5febbce8c39440bfc4846f509f0b1dd4f71a8b4dc24fa18afb561d26e53c2446" score = 75 quality = 90 @@ -48921,8 +48921,8 @@ rule REVERSINGLABS_Cert_Blocklist_B63E4299D0B0E2Dcdaeb976167A23235 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L14894-L14912" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L14894-L14912" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "da7415d0bc0245dea6a4ec325da5140c79c723c20fb7c04ff14f59a3089a5c88" score = 75 quality = 90 @@ -48946,8 +48946,8 @@ rule REVERSINGLABS_Cert_Blocklist_1Dabae616705F5A51152Eac48423F354 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L14914-L14930" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L14914-L14930" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "0bb14ececa3a78e1a2e71cfdee8bc57678251b15151d156ef5fa754b2438ee35" score = 75 quality = 90 @@ -48971,8 +48971,8 @@ rule REVERSINGLABS_Cert_Blocklist_50D08F3C9Bf86Fba52Cf592B4Fe6Eacf : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L14932-L14948" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L14932-L14948" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "ca613e4b45b9bb1ef7564b9fc6321bccc0f683298de692a3db2bf841db9010ef" score = 75 quality = 90 @@ -48996,8 +48996,8 @@ rule REVERSINGLABS_Cert_Blocklist_7C7Fc3616F3157A28F702Cc1Df275Dcd : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L14950-L14966" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L14950-L14966" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "c2dcea21c7a3e3aef6408f11c23edbce6d8f655f298654552a607a9b0caabb28" score = 75 quality = 90 @@ -49021,8 +49021,8 @@ rule REVERSINGLABS_Cert_Blocklist_73Ed1B2F4Bf8Dd37A8Ad9Bb775774592 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L14968-L14984" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L14968-L14984" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "69865935e07ea255a5d690e170911b33574ea61550b00bebc2ceff91ba9a33da" score = 75 quality = 90 @@ -49046,8 +49046,8 @@ rule REVERSINGLABS_Cert_Blocklist_211B5Dfe65Bc6F34Bc9D3A54 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L14986-L15002" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L14986-L15002" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "cf2e4c0dd98efb77c28b63641196c83e60afc0d6ab64802743c351581506dbb5" score = 75 quality = 90 @@ -49071,8 +49071,8 @@ rule REVERSINGLABS_Cert_Blocklist_5400D1C1406528B1Ef625976 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L15004-L15020" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L15004-L15020" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "fbdd37e050d68c4287e897f050a673aea071df105a35b07475d3233da3f03feb" score = 75 quality = 90 @@ -49096,8 +49096,8 @@ rule REVERSINGLABS_Cert_Blocklist_013472D7D665557Bfa0Dc21B350A361B : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L15022-L15038" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L15022-L15038" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "ab908ef0fca56753bcba8bc85e2fdf5859b4e226c179ec5c6eb6eb3dc4014a8e" score = 75 quality = 90 @@ -49121,8 +49121,8 @@ rule REVERSINGLABS_Cert_Blocklist_66C758A22Bfbbce327616815616Ddd07 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L15040-L15056" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L15040-L15056" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "37f0f64e2d84ef6591e1f07a05abca35b37827d26c828269fb5f38d8546a60a7" score = 75 quality = 90 @@ -49146,8 +49146,8 @@ rule REVERSINGLABS_Cert_Blocklist_E61B0366D940896430Bcfe3E93Baac5B : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L15058-L15076" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L15058-L15076" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "1b1fd0c2237446ab22c7359d1e89d822a4b9b6ad345447740154d7d52635c2ea" score = 75 quality = 90 @@ -49171,8 +49171,8 @@ rule REVERSINGLABS_Cert_Blocklist_6294B8Acc35Dea7D32A95Ac5D4536F8F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L15078-L15094" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L15078-L15094" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "ac92ff8e533121071a620ca5280ae66629576f9c4af9831ddac5bb487e4348af" score = 75 quality = 90 @@ -49196,8 +49196,8 @@ rule REVERSINGLABS_Cert_Blocklist_485E4626C32493C16283Cfd9E30D17Ad : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L15096-L15112" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L15096-L15112" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "faf860786e8473493d24abf6e61cf0b906e98d786516be6d2098181368214020" score = 75 quality = 90 @@ -49221,8 +49221,8 @@ rule REVERSINGLABS_Cert_Blocklist_D0312F9177Cd46B943Df3Ef22Db4608B : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L15114-L15132" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L15114-L15132" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "2eb955e91c927980cee031c6284e48bad315e891c32cdaf41b844090e841c44d" score = 75 quality = 90 @@ -49246,8 +49246,8 @@ rule REVERSINGLABS_Cert_Blocklist_202702 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L15134-L15150" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L15134-L15150" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "bc097e97c1c4c4a71cbf66be811636fecfa23682cb2cc47ab1fcd680a646fb14" score = 75 quality = 90 @@ -49271,8 +49271,8 @@ rule REVERSINGLABS_Cert_Blocklist_369A02E5D90B2649040E7F87 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L15152-L15168" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L15152-L15168" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "e2a2e231914f166410580a42ca9d4aac18c5cba94d1f11d22e7acd6d375851d8" score = 75 quality = 90 @@ -49296,8 +49296,8 @@ rule REVERSINGLABS_Cert_Blocklist_60497070Ff4A83Bc87Bdea24Da5B431D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L15170-L15186" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L15170-L15186" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "30998e3f5299a37cdee83b1232249b84dbb3c154ef99237da5ce1b16f9db5da3" score = 75 quality = 90 @@ -49321,8 +49321,8 @@ rule REVERSINGLABS_Cert_Blocklist_0A333E : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L15188-L15204" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L15188-L15204" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "f76d21e0ae2cf9b28825c813fc509d533c10aba38f8f0c2884365047c1272c1f" score = 75 quality = 90 @@ -49346,8 +49346,8 @@ rule REVERSINGLABS_Cert_Blocklist_1Cb6519B2528D006D1Da987153Dad2B3 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L15206-L15222" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L15206-L15222" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "776402fc3a7de4843373bc1981f965fe9c2a9f1fe2374b142a96952fd05a591b" score = 75 quality = 90 @@ -49371,8 +49371,8 @@ rule REVERSINGLABS_Cert_Blocklist_621E696C3A6371E77A678Cbf0Ee34Ab2 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L15224-L15240" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L15224-L15240" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "67c9fd92681d6dd1172509113e167e74e07f1f86fd62456758b3e3930180b528" score = 75 quality = 90 @@ -49396,8 +49396,8 @@ rule REVERSINGLABS_Cert_Blocklist_21B991 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L15242-L15258" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L15242-L15258" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "54ca9b19adfc9357a3fb74f0670ad929319c4d06a7de7ae400f8285a31052276" score = 75 quality = 90 @@ -49421,8 +49421,8 @@ rule REVERSINGLABS_Cert_Blocklist_1Cc37De5Dbed097F98F56Dbc : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L15260-L15276" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L15260-L15276" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "a2d04275b9fe37308c8f1dca75f4cc3c4a8985930f901e1f46e3ddc2977eea32" score = 75 quality = 90 @@ -49446,8 +49446,8 @@ rule REVERSINGLABS_Cert_Blocklist_50F66Ab0D7Ed19B69D48F635E69572Fa : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L15278-L15294" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L15278-L15294" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "28f71c0572e769d4a0cb289071912bc79cddfd98a3a8161c5400c7bee7090bf5" score = 75 quality = 90 @@ -49471,8 +49471,8 @@ rule REVERSINGLABS_Cert_Blocklist_11212F502836A784752160351Defb136Cf09 : INFO FI date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L15296-L15312" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L15296-L15312" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "63d4c1aaafdf6de14d0ae78035644cf6b0fefab8b0063d2566ca38af9f9498d2" score = 75 quality = 90 @@ -49496,8 +49496,8 @@ rule REVERSINGLABS_Cert_Blocklist_2C16Be9A7Ce2A23Ab7A4B4Eb7Da3400C : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L15314-L15330" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L15314-L15330" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "917f324cbe91718efc9b2f41ef947fa8f1a501dde319936774d702d57b1e6b37" score = 75 quality = 90 @@ -49521,8 +49521,8 @@ rule REVERSINGLABS_Cert_Blocklist_22Accad235Fb1Ac7422Ebe5Ea7Ac9Bc5 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L15332-L15348" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L15332-L15348" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "b348c502aeae036f6d17283260ed4479427f89c8c25f2b6d59e137e90694dbe4" score = 75 quality = 90 @@ -49546,8 +49546,8 @@ rule REVERSINGLABS_Cert_Blocklist_4D29757C4Fbfc32B97091D96E3723002 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L15350-L15366" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L15350-L15366" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "78ede4b02cb1b07500cd0c4f1f33da598938940d0f58430edda00d79b19b16a5" score = 75 quality = 90 @@ -49571,8 +49571,8 @@ rule REVERSINGLABS_Cert_Blocklist_3A949Ef03D9Dd2D150B24B274Ff6D7B4 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L15368-L15384" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L15368-L15384" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "88c63a921a300e1b985d084c3ab1a2485713b4c674dafd419d092e5562f121d7" score = 75 quality = 90 @@ -49596,8 +49596,8 @@ rule REVERSINGLABS_Cert_Blocklist_954D0577D5Ce8999E0387A5364829F66 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L15386-L15404" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L15386-L15404" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "84ddc08a0a55200f644778a0e3482f15e82d74c524f12a7ad91b1c3d4acfc731" score = 75 quality = 90 @@ -49621,8 +49621,8 @@ rule REVERSINGLABS_Cert_Blocklist_Df5121Dc99D1Ab6B7E5229F6832123Ef : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L15406-L15424" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L15406-L15424" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "3b5e5b81890f1dea3dc0858cade54e7f88a21861818be79c3e7fba066f80d491" score = 75 quality = 90 @@ -49646,8 +49646,8 @@ rule REVERSINGLABS_Cert_Blocklist_760Cef386B63406751Ae83A9Eae92342 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L15426-L15442" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L15426-L15442" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "43b56736afe081a1215db67b933413d7fbafbfc1be8213b330668578921ebca7" score = 75 quality = 90 @@ -49671,8 +49671,8 @@ rule REVERSINGLABS_Cert_Blocklist_5C2625Fa836A64F4882C56Cc7A45F0Ed : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L15444-L15460" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L15444-L15460" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "85e187684d62c33ef6f69323b837ef2d44facab8278b512d7bd6afd49eaed976" score = 75 quality = 90 @@ -49696,8 +49696,8 @@ rule REVERSINGLABS_Cert_Blocklist_7Df6Fa580F84493C414Ee0E431086737 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L15462-L15478" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L15462-L15478" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "ef244587c9eb1e1cb2f8a9c161e5dd9ff70e9764586f16e011334400ee400ed9" score = 75 quality = 90 @@ -49721,8 +49721,8 @@ rule REVERSINGLABS_Cert_Blocklist_309D2E115F1Fe2993Ee2E063 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L15480-L15496" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L15480-L15496" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "15fdb95fe5429cdc0263615c2b7c90d21f37b52954c5ce568c1293cd3a544730" score = 75 quality = 90 @@ -49746,8 +49746,8 @@ rule REVERSINGLABS_Cert_Blocklist_90E33C1068F54913315B6Ce9311141B9 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L15498-L15516" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L15498-L15516" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "4a97171c6dfaa8d249ab0be1ce264b596d266ff4697d869a4d1f90cc0e2c49b7" score = 75 quality = 90 @@ -49771,8 +49771,8 @@ rule REVERSINGLABS_Cert_Blocklist_3F15C3 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L15518-L15534" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L15518-L15534" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "03ea946fa99ed7a6ab23cb26dbf514b6c062d63371c9e2a5ddf999acd1954955" score = 75 quality = 90 @@ -49796,8 +49796,8 @@ rule REVERSINGLABS_Cert_Blocklist_285Eccbd1D0000E640B84307Ef88Cd9F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L15536-L15552" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L15536-L15552" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "267df1c327b65938b2b82a53ec8345290659560c69c9a70f2866fe7bd73513a7" score = 75 quality = 90 @@ -49821,8 +49821,8 @@ rule REVERSINGLABS_Cert_Blocklist_55Ab71A3F9Dde3Ef20C788Dd1D5Ff6C3 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L15554-L15570" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L15554-L15570" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "4bee740eaf359462cd85c6232160c6b1fc3df67acfe731da9978f0b8a304a93f" score = 75 quality = 90 @@ -49846,8 +49846,8 @@ rule REVERSINGLABS_Cert_Blocklist_4Beca26210737A5442Ff8B47 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L15572-L15588" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L15572-L15588" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "7a1130413ae8807dc1ec96a6b1c3bac705a1520f7268db2848b997f6f3f9fc9b" score = 75 quality = 90 @@ -49871,8 +49871,8 @@ rule REVERSINGLABS_Cert_Blocklist_0F203839A9C63B8798A7Cb31 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L15590-L15606" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L15590-L15606" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "604ba3fa671cc98e42caf80d07bc9650d193f898413517b46482f183b0f7008a" score = 75 quality = 90 @@ -49896,8 +49896,8 @@ rule REVERSINGLABS_Cert_Blocklist_Dc992Ea8E6Bb4926931Df656D5Eef8A0 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L15608-L15626" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L15608-L15626" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "2b261624677a1c4a1ef539106bedcef30f272fda3d833d4c8095e9797d592e1f" score = 75 quality = 90 @@ -49921,8 +49921,8 @@ rule REVERSINGLABS_Cert_Blocklist_41Bd49Bb456644D8183B3Dae72Ec8F22 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L15628-L15644" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L15628-L15644" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "0516af7b27d244f21c9cea62fe599725d412e385e34f5f3f4f618d565365d321" score = 75 quality = 90 @@ -49946,8 +49946,8 @@ rule REVERSINGLABS_Cert_Blocklist_A8D40Da6708679C08Aebddea6D3F6B8A : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L15646-L15664" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L15646-L15664" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "27ec32791eaeccb8aa95d023c4fc8943f0435c32d8a17bde98d7d0b02ba17e59" score = 75 quality = 90 @@ -49971,8 +49971,8 @@ rule REVERSINGLABS_Cert_Blocklist_307642E1F3A92C6Cc2E7Fb6E18F2Ddcb : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L15666-L15682" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L15666-L15682" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "8c96fbd10672b0b258a80f3abaf0320540c5ff0a4636f011cfe7cfa8ccc482d0" score = 75 quality = 90 @@ -49996,8 +49996,8 @@ rule REVERSINGLABS_Cert_Blocklist_52379131A1C69263C795A7D398Db0997 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L15684-L15700" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L15684-L15700" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "245e994024e08add755ec704b895286c115ac00eb5aeecde98fce96f35f6e9e0" score = 75 quality = 90 @@ -50021,8 +50021,8 @@ rule REVERSINGLABS_Cert_Blocklist_44312Cb9A927B4111360762B4D4Bdd6D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L15702-L15718" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L15702-L15718" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "8e34636ed815812af478dd01eacd5298fa2cfeb420ee2f45e055f557534cae71" score = 75 quality = 90 @@ -50046,8 +50046,8 @@ rule REVERSINGLABS_Cert_Blocklist_123A5074069162F4Ed68Fc7D48F464C2 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L15720-L15736" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L15720-L15736" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "f55835c7404edab96bc5c8fe3844f3380f1f6bc8b43da1d51213de899629e8f5" score = 75 quality = 90 @@ -50071,8 +50071,8 @@ rule REVERSINGLABS_Cert_Blocklist_64Eb04B8Def382B5Efa75F63E0E85Ad0 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L15738-L15754" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L15738-L15754" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "03adb8a9bf2a8f0633b34d5c39816b47e60b9e598208f7de79ad9d9a7ab8cc5e" score = 75 quality = 90 @@ -50096,8 +50096,8 @@ rule REVERSINGLABS_Cert_Blocklist_76D8D908Eed2F9857Dc5676A680Ceac9 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L15756-L15772" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L15756-L15772" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "87f9930967d5832d3003672eeb89669b54feed1ca2ea5eec478c50e3cb7a7571" score = 75 quality = 90 @@ -50121,8 +50121,8 @@ rule REVERSINGLABS_Cert_Blocklist_083E3F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L15774-L15790" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L15774-L15790" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "6977d48a2e31235d780cba1b84b39a90e409ee8ea5555e01cbc34989ecd3882d" score = 75 quality = 90 @@ -50146,8 +50146,8 @@ rule REVERSINGLABS_Cert_Blocklist_79227311Acdd575759198Dbd3544Cca7 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L15792-L15808" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L15792-L15808" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "73e920d51faf7150329ce189d1693c29a2285a02d54fee27e5af5afe3238295b" score = 75 quality = 90 @@ -50171,8 +50171,8 @@ rule REVERSINGLABS_Cert_Blocklist_13Ae38C9Ae21A8576C0D024D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L15810-L15826" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L15810-L15826" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "7be892eaf9e2e31442f7ef5ffd296dd17696d6c95d20eb2758ede2c553b05f38" score = 75 quality = 90 @@ -50196,8 +50196,8 @@ rule REVERSINGLABS_Cert_Blocklist_557B0Abf44045827F1F36Efbc96271Ec : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L15828-L15844" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L15828-L15844" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "633e8d6b44d62443d991738fa82b9742ac5634051bba5d0cdb3d6b35d66bdc8f" score = 75 quality = 90 @@ -50221,8 +50221,8 @@ rule REVERSINGLABS_Cert_Blocklist_7903870184E18A80899740845A15E2B2 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L15846-L15862" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L15846-L15862" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "ad32491b463d0b3b4c85ed78e81bb69802e5f90ae835f73e270b28f02b36f840" score = 75 quality = 90 @@ -50246,8 +50246,8 @@ rule REVERSINGLABS_Cert_Blocklist_5Fba9B373F812C16Aef531D4 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L15864-L15880" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L15864-L15880" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "8b7340359778e3aa56f6ea300973af74eb77efd54108d2ca2b6b8f04d89a1c39" score = 75 quality = 90 @@ -50271,8 +50271,8 @@ rule REVERSINGLABS_Cert_Blocklist_616A5205238590B01D7B761E444E4Ad9 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L15882-L15898" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L15882-L15898" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "463ccd3ace9021569a7a6d5fcbaadf34b15d2b07baf3df526b271b547cf2bbc5" score = 75 quality = 90 @@ -50296,8 +50296,8 @@ rule REVERSINGLABS_Cert_Blocklist_29Be2278113Dd062Eadca32De6B242D0 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L15900-L15916" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L15900-L15916" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "3df7afba9eda9022a64647ce2a91119d0bdf6fe5b164a1e82b1819409024fbee" score = 75 quality = 90 @@ -50321,8 +50321,8 @@ rule REVERSINGLABS_Cert_Blocklist_05F70A557Afd4A443F44D0Baf0Bc8C60 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L15918-L15934" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L15918-L15934" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "3945f515b65ca3ffb6c2b64c884bb2790d703a277e1a5ba128c81bc63ed20a25" score = 75 quality = 90 @@ -50346,8 +50346,8 @@ rule REVERSINGLABS_Cert_Blocklist_4E0665D61997072294A70C662F72Eae3 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L15936-L15952" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L15936-L15952" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "f07cdfd522db0a92fe1dba30f158b2c89bb5424bdcdfda50ae42fcfddeac19ba" score = 75 quality = 90 @@ -50371,8 +50371,8 @@ rule REVERSINGLABS_Cert_Blocklist_74702Dff5D4056B847D009A2265Fb1B3 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L15954-L15970" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L15954-L15970" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "8acc57bbf334a48043dbee6fab7b7a54a44801b2ccd0ccd9d14194689c75c021" score = 75 quality = 90 @@ -50396,8 +50396,8 @@ rule REVERSINGLABS_Cert_Blocklist_353B1Cf7866Ee0B0Acdd532D0Bb1A220 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L15972-L15988" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L15972-L15988" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "aa8f0fe1517134b6e562c2accc46420a4f0afd77c3a7bbe98d551c54e68ed4c7" score = 75 quality = 90 @@ -50421,8 +50421,8 @@ rule REVERSINGLABS_Cert_Blocklist_093Ff2870Fa33Eaf47259457Ee58C2E0 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L15990-L16006" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L15990-L16006" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "1aafe547b8645f07498bac6f0ffd6d5aefbac160aa7a6fb8d1d891e70701ce99" score = 75 quality = 90 @@ -50446,8 +50446,8 @@ rule REVERSINGLABS_Cert_Blocklist_719C17A823839Dca813Ee85888B3B39A : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L16008-L16024" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L16008-L16024" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "a160ada48048e11632082e7538459554d77d31539e53709cd897f3c454af8236" score = 75 quality = 90 @@ -50471,8 +50471,8 @@ rule REVERSINGLABS_Cert_Blocklist_6Dc86Ebf5863568E2237B2D89582D705 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L16026-L16042" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L16026-L16042" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "f24cdf890bd0b51a83ca333c37bc22068ab1f7e7ef36b36d94a133773097bd37" score = 75 quality = 90 @@ -50496,8 +50496,8 @@ rule REVERSINGLABS_Cert_Blocklist_214Df59Fe53874Cc011Dd45727035F51 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L16044-L16060" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L16044-L16060" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "96269f41f82621aee029f343acfce70c781bf7713588dfe78fac35a3d1d3f7cd" score = 75 quality = 90 @@ -50521,8 +50521,8 @@ rule REVERSINGLABS_Cert_Blocklist_37Ca4F66Fdcc8732992723199859886C : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L16062-L16078" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L16062-L16078" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "190dffc36c17c27c43337d7914683b7bab3ff18a50de5278ed2a66f04b9e395d" score = 75 quality = 90 @@ -50546,8 +50546,8 @@ rule REVERSINGLABS_Cert_Blocklist_Be2F22C152Bb218B898C4029056816A9 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L16080-L16098" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L16080-L16098" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "cd99e4d97d9a60f409cf072bbae254486c307ae3cb6e34c5cd9648c972615f36" score = 75 quality = 90 @@ -50571,8 +50571,8 @@ rule REVERSINGLABS_Cert_Blocklist_Fc7065Abf8303Fb472B8Af85918F5C24 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L16100-L16118" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L16100-L16118" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "f57ae32d7efd9cd4c0a207897e30b871dc32405c5b9ad844c9bb7eee4827cc5a" score = 75 quality = 90 @@ -50596,8 +50596,8 @@ rule REVERSINGLABS_Cert_Blocklist_698Ff388Adb50B88Afb832E76B0A0Ad1 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L16120-L16136" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L16120-L16136" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "b29bc69c8fd9543dba8f7d2a18d52b1bcbb8a8ae6f553d8b232ca74709b9addc" score = 75 quality = 90 @@ -50621,8 +50621,8 @@ rule REVERSINGLABS_Cert_Blocklist_391Ae38670Ab188A5De26E07 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L16138-L16154" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L16138-L16154" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "f7ccfadab650ae3b6f950c9d1b35f86aa4a4e6c05479c014ab18881a405678f0" score = 75 quality = 90 @@ -50646,8 +50646,8 @@ rule REVERSINGLABS_Cert_Blocklist_D08D83Ff118Df3777E371C5C482Cce7B : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L16156-L16174" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L16156-L16174" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "5fdaf01c6a23057ab976e3ad2a8b40558b16693161410b0f30d7b884de7e3985" score = 75 quality = 90 @@ -50671,8 +50671,8 @@ rule REVERSINGLABS_Cert_Blocklist_06Ce209477F1Ac19A2049Bdc5846A831 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L16176-L16192" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L16176-L16192" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "24474c4033a8cad1690160da64b75a1eec570f56e830967256c19574bde59384" score = 75 quality = 90 @@ -50696,8 +50696,8 @@ rule REVERSINGLABS_Cert_Blocklist_447F449121B883211663B7B7E2Ead868 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L16194-L16210" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L16194-L16210" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "f473a939d1a27cf53c09d0e4a3753a9444ae3674a55d5b0feafeef6b75dd487f" score = 75 quality = 90 @@ -50721,8 +50721,8 @@ rule REVERSINGLABS_Cert_Blocklist_6366A9Ac97Df4De17366943C9B291Aaa : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L16212-L16228" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L16212-L16228" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "dcdfb78d4d779b1cabcdf5b2da1fa27aaa9faaed4d4967630ce45f30304fe227" score = 75 quality = 90 @@ -50746,8 +50746,8 @@ rule REVERSINGLABS_Cert_Blocklist_66E3F0B4459F15Ac7F2A2B44990Dd709 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L16230-L16246" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L16230-L16246" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "a563f1485ae8887c46f45d1366f676894c7db55954671825b37372f786ce0d3d" score = 75 quality = 90 @@ -50771,8 +50771,8 @@ rule REVERSINGLABS_Cert_Blocklist_610039D6349Ee531E4Caa3A65D100C7D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L16248-L16264" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L16248-L16264" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "e6b6a90cf40283d2e4d2d9c5732a078c9f2f117e3639ab5c0dd6c5323cb7c9ff" score = 75 quality = 90 @@ -50796,8 +50796,8 @@ rule REVERSINGLABS_Cert_Blocklist_1Caa0D0Dadf32A2404A75195Ae47820A : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L16266-L16282" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L16266-L16282" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "ab71e485c0b541fae79d246d34b1f4fb146747c1c3fb723aa87a7a32378ff974" score = 75 quality = 90 @@ -50821,8 +50821,8 @@ rule REVERSINGLABS_Cert_Blocklist_140D2C515E8Ee9739Bb5F1B2637Dc478 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L16284-L16300" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L16284-L16300" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "e6724fe80959592c8741621ce604518d3e964cee5941257a99dda78b9c8bbdac" score = 75 quality = 90 @@ -50846,8 +50846,8 @@ rule REVERSINGLABS_Cert_Blocklist_58015Acd501Fc9C344264Eace2Ce5730 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L16302-L16318" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L16302-L16318" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "7c1bec5059d40fc326bb08775888ed169abc746228eeb42c897f479992c5acab" score = 75 quality = 90 @@ -50871,8 +50871,8 @@ rule REVERSINGLABS_Cert_Blocklist_0B7279068Beb15Ffe8060D2C56153C35 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L16320-L16336" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L16320-L16336" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "ca00f1adacd6ff16e54b85be38c3a4545a10c76548e0647f7f3f6cfa4dff412d" score = 75 quality = 90 @@ -50896,8 +50896,8 @@ rule REVERSINGLABS_Cert_Blocklist_0Bc0F18Da36702E302Db170D91Dc9202 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L16338-L16354" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L16338-L16354" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "d9ee2cf63a4edb28f894ea49a5b4df9b818d5764d9a74721b1d5222f53859462" score = 75 quality = 90 @@ -50921,8 +50921,8 @@ rule REVERSINGLABS_Cert_Blocklist_Ca9B6F49B8B41204A174C751C73Dc393 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L16356-L16374" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L16356-L16374" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "0b6558a7a1b78d471aaadced959ba91e411df50e3cc08e447fe9bd97f9e5cced" score = 75 quality = 90 @@ -50946,8 +50946,8 @@ rule REVERSINGLABS_Cert_Blocklist_Aaf65B8E7A2E68Bc8C9E8F27331B795C : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L16376-L16394" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L16376-L16394" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "390d074da09d8e5b4bb2a6f4157a5125474ab5c22de62729d4fc4075edade289" score = 75 quality = 90 @@ -50971,8 +50971,8 @@ rule REVERSINGLABS_Cert_Blocklist_C6Ed0Efe2844Fa44Aae350C6845C3331 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L16396-L16414" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L16396-L16414" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "5c4afcd8ceb5cc2f1df2303183ede2081b86365eeee7d4e1319a8ed9a45bbf0b" score = 75 quality = 90 @@ -50996,8 +50996,8 @@ rule REVERSINGLABS_Cert_Blocklist_Ede6Cfbf9Fa18337B0Fdb49C1F693020 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L16416-L16434" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L16416-L16434" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "a7f18d0028cbc0001a196bc915b7881244a5833dd65f96dd7d2e8ab1b0622e0c" score = 75 quality = 90 @@ -51021,8 +51021,8 @@ rule REVERSINGLABS_Cert_Blocklist_Eda0F47B3B38E781Cdf6Ef6Be5D3F6Ee : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L16436-L16454" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L16436-L16454" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "af3cd543a6feec3118ba4e5fdc8455584aa763bd8339f036ab332977fc0fb20e" score = 75 quality = 90 @@ -51046,8 +51046,8 @@ rule REVERSINGLABS_Cert_Blocklist_5Da173Eb1Ac76340Ac058E1Ff4Bf5E1B : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L16456-L16472" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L16456-L16472" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "71da69fca275caead6a822e6587e0a07fc882f712afeafe18f4a595c269f6737" score = 75 quality = 90 @@ -51071,8 +51071,8 @@ rule REVERSINGLABS_Cert_Blocklist_1380A7Ccf2Bf36Bc496B00D8 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L16474-L16490" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L16474-L16490" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "88708d7d139a9d6e92f78df460b527a1ae6a404d0bcccb801c8c8cb1263a46c6" score = 75 quality = 90 @@ -51096,8 +51096,8 @@ rule REVERSINGLABS_Cert_Blocklist_02Eaf27E6F1575E365Fc7Fe4E0Be43F7 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L16492-L16508" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L16492-L16508" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "333a43bdfbc400727b8eae1efeb03484b959fc45ed6b8b0dd5e6a553fa27e87f" score = 75 quality = 90 @@ -51121,8 +51121,8 @@ rule REVERSINGLABS_Cert_Blocklist_6Eb02Ac2Beb9611Ed57Eb12E : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L16510-L16526" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L16510-L16526" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "7f2a6c61ae82fec6829924d11190da776aebdd3d72c7e001fdc29b215649261c" score = 75 quality = 90 @@ -51146,8 +51146,8 @@ rule REVERSINGLABS_Cert_Blocklist_010000000001297Dba69Dd : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L16528-L16544" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L16528-L16544" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "bbc3e740d5043d1811ff44c7366c69192fb78c95215b30fd4f4c782812ad591c" score = 75 quality = 90 @@ -51171,8 +51171,8 @@ rule REVERSINGLABS_Cert_Blocklist_7Def22Ef4C645B1Decfb36B6D3539Dbf : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L16546-L16562" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L16546-L16562" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "655ed87ee65f937c7cec95085fe612f8d733e0853c87aa50b4aa1fda9e5f7a5d" score = 75 quality = 90 @@ -51196,8 +51196,8 @@ rule REVERSINGLABS_Cert_Blocklist_3E39C2Ccc494438Bb8C2560F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L16564-L16580" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L16564-L16580" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "3b4a55149b3895eeea5f96297d1fc9787eb74e2fcef8170148ef1a2ced334311" score = 75 quality = 90 @@ -51221,8 +51221,8 @@ rule REVERSINGLABS_Cert_Blocklist_6E3B09F43C3A0Fd53B7D600F08Fae2B5 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L16582-L16598" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L16582-L16598" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "86b06519858dce4b77cb870905297a1fd1c767053fd07c0b0469eb7fc3ba6b32" score = 75 quality = 90 @@ -51246,8 +51246,8 @@ rule REVERSINGLABS_Cert_Blocklist_21220646C639D62C16992F46 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L16600-L16616" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L16600-L16616" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "87202c29867e6410d59c1e3b5ab09a24ebac5c68c61d7b932b91a91dcf3707e2" score = 75 quality = 90 @@ -51271,8 +51271,8 @@ rule REVERSINGLABS_Cert_Blocklist_738663F2C9E4Adb3Ad5306Aa5E7Cc548 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L16618-L16634" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L16618-L16634" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "518a22e31432ee42e6aceb861815f7f9e84f2430b7fb3a78b498e45c584584ab" score = 75 quality = 90 @@ -51296,8 +51296,8 @@ rule REVERSINGLABS_Cert_Blocklist_4280F2C8Ce1D98E5F8Da7Ecb005Eeae5 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L16636-L16652" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L16636-L16652" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "4cc8f00a9704f595f3e48375942a19cd6f8d6c0e53afc932a61f5a4326be4bcb" score = 75 quality = 90 @@ -51321,8 +51321,8 @@ rule REVERSINGLABS_Cert_Blocklist_2946397Be9C5Ae44E95C99Af : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L16654-L16670" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L16654-L16670" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "b7b4925482fcc47dea81eb3d84af31cc572f1b19080b98dda330b0bf6d7c80f4" score = 75 quality = 90 @@ -51346,8 +51346,8 @@ rule REVERSINGLABS_Cert_Blocklist_2Df453588177Cf1C0C297Ff4 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L16672-L16688" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L16672-L16688" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "b0c82388fd87a89841d190ce4020cc5a2ea21c9d765ceca6bc25d64162479231" score = 75 quality = 90 @@ -51371,8 +51371,8 @@ rule REVERSINGLABS_Cert_Blocklist_0619C5E39A4Fc60A32F9B07F6A4Ca328 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L16690-L16706" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L16690-L16706" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "75e3dfd593d7fdc268de54430be617c015957a624f2ca36bc0036d4cbde5b686" score = 75 quality = 90 @@ -51396,8 +51396,8 @@ rule REVERSINGLABS_Cert_Blocklist_2Bffef48E6A321B418041310Fdb9B0D0 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L16708-L16724" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L16708-L16724" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "30a079b55b75b292f7af4f5ae99184cbb3cca1ce4cf20f2f5c961b533673db00" score = 75 quality = 90 @@ -51421,8 +51421,8 @@ rule REVERSINGLABS_Cert_Blocklist_34Ec9565805F34204C6966Fb81E36Ba1 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L16726-L16742" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L16726-L16742" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "e434a02f5b9b22a25d8fe7a0bb7bd81b1cd8bc5356b4b626e3bfceb3f554a085" score = 75 quality = 90 @@ -51446,8 +51446,8 @@ rule REVERSINGLABS_Cert_Blocklist_B2B934B7F01E0Ac1E577814992243709 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L16744-L16762" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L16744-L16762" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "37b254ab76d144c09cc7b622dba59f5e372bf01ae12ce260a06143abb52062f6" score = 75 quality = 90 @@ -51471,8 +51471,8 @@ rule REVERSINGLABS_Cert_Blocklist_3A1B397Fd9451E3B5891Fc69681Ed73D : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L16764-L16780" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L16764-L16780" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "ca43c7bacd8cb5a896c3135abf4a131bdb4a7f5093e64c8d1df743fad0c1c64a" score = 75 quality = 90 @@ -51496,8 +51496,8 @@ rule REVERSINGLABS_Cert_Blocklist_1Eb816Aa49E4894D9E9F78729E53Cd48 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L16782-L16798" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L16782-L16798" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "4e22568612aec050c7f78b81ba6749528a9c25c0ba43e14260a581a9bea7a2f0" score = 75 quality = 90 @@ -51521,8 +51521,8 @@ rule REVERSINGLABS_Cert_Blocklist_383Ca88D6D9379C740609560 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L16800-L16816" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L16800-L16816" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "ce41d046a7ca320d034fa226b5e8c22022cc6bfc97eb9ef294b1aca232aaacef" score = 75 quality = 90 @@ -51546,8 +51546,8 @@ rule REVERSINGLABS_Cert_Blocklist_6731Cb1430F18B8C0C43Ab40E1154169 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L16818-L16834" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L16818-L16834" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "c05349166919ffc18ac6ecb61b822a8365f87a82164c5e110ef94345bdc4de6f" score = 75 quality = 90 @@ -51571,8 +51571,8 @@ rule REVERSINGLABS_Cert_Blocklist_159505E6456B9A9352F7C47168D89B96 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L16836-L16852" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L16836-L16852" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "d6d0d5c86dd88afa29fb3c7cc3c0ab2e3401637a23e062ee9bab693a715cf16f" score = 75 quality = 90 @@ -51596,8 +51596,8 @@ rule REVERSINGLABS_Cert_Blocklist_04A0E92B0B9Ebbb797Df6Ef52Bd5Ad05 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L16854-L16870" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L16854-L16870" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "ff2a2d06c48bd3426fa42526d966152e3e7166c4170b4e08bb65ee5d876eda93" score = 75 quality = 90 @@ -51621,8 +51621,8 @@ rule REVERSINGLABS_Cert_Blocklist_25F222Ab2613Dc4270B2Aabc2519A101 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L16872-L16888" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L16872-L16888" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "2c6673f6821c4ba11fc015cf3e9edefeb7c45209bc9dcd18501c4681444a9b9e" score = 75 quality = 90 @@ -51646,8 +51646,8 @@ rule REVERSINGLABS_Cert_Blocklist_212Ca239866F88C3D5B000B3004A569C : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L16890-L16906" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L16890-L16906" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "23ab2343b17dce74fb4166a690ca5dd300b3ed20d3a6b43b922f456410d3035d" score = 75 quality = 90 @@ -51671,8 +51671,8 @@ rule REVERSINGLABS_Cert_Blocklist_18B700A319Aa98Ae71B279D4E8030B82 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L16908-L16924" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L16908-L16924" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "e201498acfd9afebc68321887a806bb5c1d74c64a7cd93530feae2a944bd30fa" score = 75 quality = 90 @@ -51696,8 +51696,8 @@ rule REVERSINGLABS_Cert_Blocklist_169138A86954Be1D9B264F47 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L16926-L16942" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L16926-L16942" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "1584e39b4e2025611bcb7bbbd92b97d25d12ddbb1e5c282db87730a03f7f56b1" score = 75 quality = 90 @@ -51721,8 +51721,8 @@ rule REVERSINGLABS_Cert_Blocklist_33412168Eeb3C0E4C7Dd0508A9Ffecd5 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L16944-L16960" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L16944-L16960" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "d634af0637c3349fe1718ee807b8a75007ab46b141494331901a22ce54e9fc5d" score = 75 quality = 90 @@ -51746,8 +51746,8 @@ rule REVERSINGLABS_Cert_Blocklist_422Ab71Ac7Fb125Ad7171B0C99510B0E : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L16962-L16978" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L16962-L16978" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "7366e5064a9a9f66260730575327e404eadea096ba3f6cf28c83c47bef9bca58" score = 75 quality = 90 @@ -51771,8 +51771,8 @@ rule REVERSINGLABS_Cert_Blocklist_6F18946E5B773B7E32D9E7B4Fb8D434C : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L16980-L16996" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L16980-L16996" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "fa285c17b43d1acdb05888074ecb16047209ade8f7f6191274f58eca7438dadf" score = 75 quality = 90 @@ -51796,8 +51796,8 @@ rule REVERSINGLABS_Cert_Blocklist_3596Dfc23B9A42C66700982250Da2906 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L16998-L17014" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L16998-L17014" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "1b69bf520fde5255069cf8752d5c67716e9bc297ddde1566551a563a563197ea" score = 75 quality = 90 @@ -51821,8 +51821,8 @@ rule REVERSINGLABS_Cert_Blocklist_486Bbddc8C5Ee99F051Ecaeb3F99D2A3 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L17016-L17032" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L17016-L17032" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "75855e26ba4e01b56a551a006e789c6032cfb02c6f6125a9bdf8becb848db5b2" score = 75 quality = 90 @@ -51846,8 +51846,8 @@ rule REVERSINGLABS_Cert_Blocklist_11211Eea9D0D1D1A325B5Eae1B2B1951120F : INFO FI date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L17034-L17050" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L17034-L17050" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "bafab986605be61d25a6764042937bc5d8c55196ea8ea9aa9360764d9681351b" score = 75 quality = 90 @@ -51871,8 +51871,8 @@ rule REVERSINGLABS_Cert_Blocklist_172Fea8Cb06Ffced6Bfac7F2F6B77754 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L17052-L17068" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L17052-L17068" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "8e1e3e7d002ce084600c5444dc9b0bad8771370cb7919a3bb5ebc899040e4cf2" score = 75 quality = 90 @@ -51896,8 +51896,8 @@ rule REVERSINGLABS_Cert_Blocklist_3Ee50Bb98Fadca2D662A0920E76685A2 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L17070-L17086" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L17070-L17086" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "d232923ed962fbf4a9a30890778c2380d6c6967a693c6f77c2f558bb4347e60e" score = 75 quality = 90 @@ -51921,8 +51921,8 @@ rule REVERSINGLABS_Cert_Blocklist_21Bfddb6A66435D1Adce2Ceb23Ed7C9A : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L17088-L17104" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L17088-L17104" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "22ad68974a1c6729da369c26372ba93c25ddf68df880580c727bf2d3ee2d3a86" score = 75 quality = 90 @@ -51946,8 +51946,8 @@ rule REVERSINGLABS_Cert_Blocklist_5B1C3F7Bbaa91Ca49B06A5C1004Ee5Be : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L17106-L17122" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L17106-L17122" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "9a8d9acc87668a6fbd9fdd52b6ef69d18de8f19d8f3d3ca8eeb630c6e8c25c65" score = 75 quality = 90 @@ -51971,8 +51971,8 @@ rule REVERSINGLABS_Cert_Blocklist_0A2089 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L17124-L17140" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L17124-L17140" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "07ce4d39af1e56fbbfa400cf139956826999043480f93c0fc43ed056f6420d7f" score = 75 quality = 90 @@ -51996,8 +51996,8 @@ rule REVERSINGLABS_Cert_Blocklist_1F84E030A0Ed10D5Ffe2B81B : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L17142-L17158" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L17142-L17158" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "097655cb2965ae71efb905ddf20ed30c240d25e03d08a1b6c87b472533ccc9d8" score = 75 quality = 90 @@ -52021,8 +52021,8 @@ rule REVERSINGLABS_Cert_Blocklist_88346267057C0A82E2F39851D1B9694C : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L17160-L17178" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L17160-L17178" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "60acdbad8ad3e1d4a863ce160d93abd0b5e2b214858cba84f7a1b907d2491486" score = 75 quality = 90 @@ -52046,8 +52046,8 @@ rule REVERSINGLABS_Cert_Blocklist_A46F9D8784778Baa48167C48Bbc56F30 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L17180-L17198" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L17180-L17198" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "fffb6309355bc6764b0ab033db5964599c86c9a2f6d8985975a07f6b3ebb40ed" score = 75 quality = 90 @@ -52071,8 +52071,8 @@ rule REVERSINGLABS_Cert_Blocklist_525B5529Db20D17A85Be284D6B7952Ea : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L17200-L17216" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L17200-L17216" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "8fd406004b634e4826659b1dff88c61074fd321969b9fd63ea45d8e9608b35f1" score = 75 quality = 90 @@ -52096,8 +52096,8 @@ rule REVERSINGLABS_Cert_Blocklist_70Ae0E517D2Ef6D5Eed06B56730A1A9A : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L17218-L17234" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L17218-L17234" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "017eed878daf706eb96b638a8d1f4428466bc1d00ce27f32628bd249a658a813" score = 75 quality = 90 @@ -52121,8 +52121,8 @@ rule REVERSINGLABS_Cert_Blocklist_57C3717C5E2Ce9A2E0Cf0340C03F458E : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L17236-L17252" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L17236-L17252" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "fd710146874528c43ad8a9f847b7704c44ba4564cf79e20e6b23aa98b0ee2ea5" score = 75 quality = 90 @@ -52146,8 +52146,8 @@ rule REVERSINGLABS_Cert_Blocklist_0761110Efe0B688C469D687512828C1F : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L17254-L17270" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L17254-L17270" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "0ba60e1f58c7335ba5aa261031d09ee83a0ee51e05f8f26078b2a5c776ad0add" score = 75 quality = 90 @@ -52171,8 +52171,8 @@ rule REVERSINGLABS_Cert_Blocklist_08Aa03F385F870E3A6D243B74B1Dadf6 : INFO FILE date = "2023-11-08" modified = "2023-11-08" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/certificate/blocklist.yara#L17272-L17288" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/certificate/blocklist.yara#L17272-L17288" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "ef49a28a93d31c55dd2dfd3bec645f757a0a1a7eb8718ce92cf47bf9af126aed" score = 75 quality = 90 @@ -52196,8 +52196,8 @@ rule REVERSINGLABS_Win32_Virus_Greenp : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/virus/Win32.Virus.Greenp.yara#L3-L46" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/virus/Win32.Virus.Greenp.yara#L3-L46" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "ca6df34ee2ad9d93e35b0d1a2d4765f681f3981ffe2786bbc822c3090212fd02" score = 75 quality = 90 @@ -52247,8 +52247,8 @@ rule REVERSINGLABS_Win32_Virus_Negt : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/virus/Win32.Virus.Negt.yara#L3-L94" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/virus/Win32.Virus.Negt.yara#L3-L94" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "43057ef111fc505678606386c8d428653da391f4b65844d81479ca05e3517346" score = 75 quality = 90 @@ -52340,8 +52340,8 @@ rule REVERSINGLABS_Win32_Virus_Deadcode : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/virus/Win32.Virus.DeadCode.yara#L3-L76" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/virus/Win32.Virus.DeadCode.yara#L3-L76" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "6ac2e48daaed222f0a19afd4d03a02834705e0e3762db3217f68569554171846" score = 75 quality = 90 @@ -52410,12 +52410,12 @@ rule REVERSINGLABS_Linux_Virus_Vit : TC_DETECTION MALICIOUS MALWARE FILE description = "Yara rule that detects Vit virus." author = "ReversingLabs" id = "4515fe43-4c5a-521d-82b7-273823f0c64e" - date = "2024-05-05" - date = "2024-05-05" + date = "2024-05-12" + date = "2024-05-12" modified = "2023-06-07" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/virus/Linux.Virus.Vit.yara#L3-L36" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/virus/Linux.Virus.Vit.yara#L3-L36" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "2fba7a081dfca85aee5c7f3b33414b799ed52ca6aa5bbf031da040aaa75acde9" score = 75 quality = 90 @@ -52453,8 +52453,8 @@ rule REVERSINGLABS_Win32_Virus_Awfull : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/virus/Win32.Virus.Awfull.yara#L3-L33" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/virus/Win32.Virus.Awfull.yara#L3-L33" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "84a4faee4cbbb3387ad25bd9230c6482b8db461bc008312bc782f23e3df2eae3" score = 75 quality = 90 @@ -52491,8 +52491,8 @@ rule REVERSINGLABS_Win32_Virus_Cmay : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/virus/Win32.Virus.Cmay.yara#L3-L73" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/virus/Win32.Virus.Cmay.yara#L3-L73" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "f3bdf772eb80c632a913621732d12ae4a02bc7d3ba41f51711aa329be2ca6220" score = 75 quality = 90 @@ -52567,8 +52567,8 @@ rule REVERSINGLABS_Win32_Virus_Mocket : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/virus/Win32.Virus.Mocket.yara#L3-L58" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/virus/Win32.Virus.Mocket.yara#L3-L58" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "af16974396efe7a1a46aa39b812482dcc49d0fe95db6640c1703db479e7ea9dc" score = 75 quality = 90 @@ -52629,8 +52629,8 @@ rule REVERSINGLABS_Win32_Virus_Elerad : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/virus/Win32.Virus.Elerad.yara#L3-L33" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/virus/Win32.Virus.Elerad.yara#L3-L33" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "930594bf99daf55ef02542ce7b393c1c23ead75946b3da3b555102a2e7142e33" score = 75 quality = 90 @@ -52667,8 +52667,8 @@ rule REVERSINGLABS_Win32_Exploit_CVE20200601 : TC_DETECTION MALICIOUS EXPLOIT CV date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/exploit/Win32.Exploit.CVE20200601.yara#L3-L253" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/exploit/Win32.Exploit.CVE20200601.yara#L3-L253" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "e4d915560ad72e0fde63276f9ffece00535c7983125efaa8298adc11d5e54817" score = 75 quality = 88 @@ -52884,6 +52884,165 @@ rule REVERSINGLABS_Win32_Exploit_CVE20200601 : TC_DETECTION MALICIOUS EXPLOIT CV condition: uint16(0)==0x5A4D and ($oid_prime_explicit) and ( any of ($ecc_public_key_*)) and (pe.number_of_signatures>0) } +rule REVERSINGLABS_Bytecode_MSIL_Backdoor_Menorah : TC_DETECTION MALICIOUS MALWARE FILE +{ + meta: + description = "Yara rule that detects Menorah backdoor." + author = "ReversingLabs" + id = "4f13a6c6-bd97-58aa-ac3b-399866b5c63b" + date = "2024-05-10" + modified = "2024-05-10" + reference = "ReversingLabs" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/backdoor/ByteCode.MSIL.Backdoor.Menorah.yara#L1-L169" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" + logic_hash = "770aefca192ceb3a778c0b1259105ace8e64cb35d0c34acb15c45fb6f22ad94b" + score = 75 + quality = 90 + tags = "TC_DETECTION, MALICIOUS, MALWARE, FILE" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + tc_detection_type = "Backdoor" + tc_detection_name = "Menorah" + tc_detection_factor = 5 + importance = 25 + + strings: + $send_fingerprint_to_c2_p1 = { + 28 ?? ?? ?? ?? 04 6F ?? ?? ?? ?? 02 7B ?? ?? ?? ?? 28 ?? ?? ?? ?? 28 ?? ?? ?? ?? 0A + 73 ?? ?? ?? ?? 19 1F 0E 6F ?? ?? ?? ?? 17 28 ?? ?? ?? ?? 1F 5B 13 ?? 12 ?? 28 ?? ?? + ?? ?? 1F 40 13 ?? 12 ?? 28 ?? ?? ?? ?? 1F 40 13 ?? 12 ?? 28 ?? ?? ?? ?? 1F 5D 13 ?? + 12 ?? 28 ?? ?? ?? ?? 28 ?? ?? ?? ?? 1B 8D ?? ?? ?? ?? 25 16 1F 5B 13 ?? 12 ?? 28 ?? + ?? ?? ?? A2 25 17 1F 40 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 18 06 A2 25 19 1F 40 13 ?? + 12 ?? 28 ?? ?? ?? ?? A2 25 1A 1F 5D 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 28 ?? ?? ?? ?? 6F + ?? ?? ?? ?? 0B 28 ?? ?? ?? ?? 07 6F ?? ?? ?? ?? 0C 72 ?? ?? ?? ?? 0D 1F 3F 13 ?? 12 + ?? 28 ?? ?? ?? ?? 17 16 28 ?? ?? ?? ?? 1F 3D 13 ?? 12 ?? 28 ?? ?? ?? ?? 17 16 28 ?? + ?? ?? ?? 28 ?? ?? ?? ?? 13 ?? 03 11 ?? 28 ?? ?? ?? ?? 28 ?? ?? ?? ?? 74 ?? ?? ?? ?? + 13 ?? 11 ?? 1F 50 13 ?? 12 ?? 28 ?? ?? ?? ?? 1F 4F 13 ?? 12 ?? 28 ?? ?? ?? ?? 1F 53 + 13 ?? 12 ?? 28 ?? ?? ?? ?? 1F 54 13 ?? 12 ?? 28 ?? ?? ?? ?? 28 ?? ?? ?? ?? 6F ?? ?? + ?? ?? 11 ?? 1F 21 8D ?? ?? ?? ?? 25 16 1F 61 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 17 1F + 70 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 18 1F 70 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 19 1F + 6C 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1A 1F 69 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1B 1F + 63 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1C 1F 61 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1D 1F + 74 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1E 1F 69 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1F 09 + } + $send_fingerprint_to_c2_p2 = { + 1F 6F 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1F 0A 1F 6E 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 + 1F 0B 1F 2F 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1F 0C 1F 78 13 ?? 12 ?? 28 ?? ?? ?? ?? + A2 25 1F 0D 1F 2D 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1F 0E 1F 77 13 ?? 12 ?? 28 ?? ?? + ?? ?? A2 25 1F 0F 1F 77 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1F 10 1F 77 13 ?? 12 ?? 28 + ?? ?? ?? ?? A2 25 1F 11 1F 2D 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1F 12 1F 66 13 ?? 12 + ?? 28 ?? ?? ?? ?? A2 25 1F 13 1F 6F 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1F 14 1F 72 13 + ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1F 15 1F 6D 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1F 16 1F + 2D 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1F 17 1F 75 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1F + 18 1F 72 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1F 19 1F 6C 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 + 25 1F 1A 1F 65 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1F 1B 1F 6E 13 ?? 12 ?? 28 ?? ?? ?? + ?? A2 25 1F 1C 1F 63 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1F 1D 1F 6F 13 ?? 12 ?? 28 ?? + ?? ?? ?? A2 25 1F 1E 1F 64 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1F 1F 1F 65 13 ?? 12 ?? + 28 ?? ?? ?? ?? A2 25 1F 20 1F 64 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 28 ?? ?? ?? ?? 6F ?? + ?? ?? ?? 11 ?? 08 8E 69 6A 6F ?? ?? ?? ?? 11 ?? 6F ?? ?? ?? ?? 25 08 16 08 8E 69 6F + ?? ?? ?? ?? 6F ?? ?? ?? ?? 11 ?? 6F ?? ?? ?? ?? 25 6F ?? ?? ?? ?? 73 ?? ?? ?? ?? 25 + 6F ?? ?? ?? ?? 0D 6F ?? ?? ?? ?? 6F ?? ?? ?? ?? 09 13 ?? DE ?? 26 7E ?? ?? ?? ?? 13 + ?? DE ?? 11 + } + $get_files_and_directories_p1 = { + 11 ?? 28 ?? ?? ?? ?? 13 ?? 28 ?? ?? ?? ?? 6F ?? ?? ?? ?? 13 ?? 11 ?? 8E 69 17 31 ?? + 11 ?? 17 9A 13 ?? 11 ?? 72 ?? ?? ?? ?? 72 ?? ?? ?? ?? 6F ?? ?? ?? ?? 13 ?? 1F 0F 8D + ?? ?? ?? ?? 25 16 1F 44 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 17 1F 69 13 ?? 12 ?? 28 ?? + ?? ?? ?? A2 25 18 1F 72 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 19 1F 65 13 ?? 12 ?? 28 ?? + ?? ?? ?? A2 25 1A 1F 63 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1B 1F 74 13 ?? 12 ?? 28 ?? + ?? ?? ?? A2 25 1C 1F 6F 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1D 1F 72 13 ?? 12 ?? 28 ?? + ?? ?? ?? A2 25 1E 1F 79 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1F 09 1F 20 13 ?? 12 ?? 28 + ?? ?? ?? ?? A2 25 1F 0A 1F 6F 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1F 0B 1F 66 13 ?? 12 + ?? 28 ?? ?? ?? ?? A2 25 1F 0C 1F 20 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1F 0D 11 ?? A2 + 25 1F 0E 72 ?? ?? ?? ?? A2 28 ?? ?? ?? ?? 13 ?? 11 ?? 28 ?? ?? ?? ?? 13 ?? 11 ?? 28 + ?? ?? ?? ?? 13 ?? 11 ?? 13 ?? 16 13 ?? 38 ?? ?? ?? ?? 11 ?? 11 ?? 9A 73 ?? ?? ?? ?? + 13 ?? 1F 0B 8D ?? ?? ?? ?? 25 16 11 ?? A2 25 17 11 ?? 6F ?? ?? ?? ?? 13 ?? 12 ?? 1F + 16 8D ?? ?? ?? ?? 25 16 1F 4D 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 17 1F 4D 13 ?? 12 ?? + 28 ?? ?? ?? ?? A2 25 18 1F 2F 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 19 1F 64 13 ?? 12 ?? + 28 ?? ?? ?? ?? A2 25 1A 1F 64 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1B 1F 2F 13 ?? 12 ?? + 28 ?? ?? ?? ?? A2 25 1C 1F 79 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1D 1F 79 13 ?? 12 + } + $get_files_and_directories_p2 = { + 28 ?? ?? ?? ?? A2 25 1E 1F 79 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1F ?? 1F 79 13 ?? 12 + ?? 28 ?? ?? ?? ?? A2 25 1F 0A 1F 20 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1F 0B 1F 68 13 + ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1F 0C 1F 68 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1F 0D 1F + 3A 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1F 0E 1F 6D 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1F + 0F 1F 6D 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1F 10 1F 3A 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 + 25 1F 11 1F 73 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1F 12 1F 73 13 ?? 12 ?? 28 ?? ?? ?? + ?? A2 25 1F 13 1F 20 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1F 14 1F 74 13 ?? 12 ?? 28 ?? + ?? ?? ?? A2 25 1F 15 1F 74 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 28 ?? ?? ?? ?? 28 ?? ?? ?? + ?? A2 25 18 72 ?? ?? ?? ?? A2 25 19 1F 3C 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1A 1F 44 + 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1B 1F 49 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1C 1F 52 + 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1D 1F 3E 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1E 72 ?? + ?? ?? ?? A2 25 1F 09 11 ?? 6F ?? ?? ?? ?? A2 25 1F 0A 72 ?? ?? ?? ?? A2 28 ?? ?? ?? + ?? 13 ?? 11 ?? 17 58 13 ?? 11 ?? 11 ?? 8E 69 3F ?? ?? ?? ?? 11 ?? 13 ?? 16 13 ?? 38 + ?? ?? ?? ?? 11 ?? 11 ?? 9A 73 ?? ?? ?? ?? 13 ?? 1F 0C 8D ?? ?? ?? ?? 25 16 11 ?? A2 + 25 17 11 ?? 6F ?? ?? ?? ?? 13 ?? 12 ?? 1F 16 8D ?? ?? ?? ?? 25 16 1F 4D 13 ?? 12 ?? + 28 ?? ?? ?? ?? A2 25 17 1F 4D 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 18 1F 2F 13 ?? 12 ?? + 28 ?? ?? ?? ?? A2 25 19 1F 64 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1A 1F 64 13 ?? 12 ?? + 28 ?? ?? ?? ?? A2 25 1B 1F 2F 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1C 1F 79 13 ?? 12 ?? + 28 ?? ?? ?? ?? A2 25 1D 1F 79 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1E 1F 79 13 ?? 12 ?? + 28 ?? ?? ?? ?? A2 25 1F 09 1F 79 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1F 0A 1F 20 13 + } + $get_files_and_directories_p3 = { + 12 ?? 28 ?? ?? ?? ?? A2 25 1F 0B 1F 68 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1F 0C 1F 68 + 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1F 0D 1F 3A 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1F 0E + 1F 6D 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1F 0F 1F 6D 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 + 1F 10 1F 3A 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1F 11 1F 73 13 ?? 12 ?? 28 ?? ?? ?? ?? + A2 25 1F 12 1F 73 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1F 13 1F 20 13 ?? 12 ?? 28 ?? ?? + ?? ?? A2 25 1F 14 1F 74 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1F 15 1F 74 13 ?? 12 ?? 28 + ?? ?? ?? ?? A2 28 ?? ?? ?? ?? 28 ?? ?? ?? ?? A2 25 18 72 ?? ?? ?? ?? A2 25 19 1F 46 + 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1A 1F 49 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1B 1F 4C + 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1C 1F 45 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1D 72 ?? + ?? ?? ?? A2 25 1E 11 ?? 6F ?? ?? ?? ?? 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1F 09 72 ?? + ?? ?? ?? A2 25 1F 0A 11 ?? 6F ?? ?? ?? ?? A2 25 1F 0B 72 ?? ?? ?? ?? A2 28 ?? ?? ?? + ?? 13 ?? 11 ?? 17 58 13 ?? 11 ?? 11 ?? 8E 69 3F ?? ?? ?? ?? 1F 0B 8D ?? ?? ?? ?? 25 + 16 11 ?? A2 25 17 72 ?? ?? ?? ?? A2 25 18 11 ?? 8E 69 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 + 25 19 1F 20 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1A 1F 44 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 + 25 1B 1F 69 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1C 1F 72 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 + 25 1D 1F 28 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1E 1F 73 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 + 25 1F 09 1F 29 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1F 0A 72 ?? ?? ?? ?? A2 28 ?? ?? ?? + ?? 13 ?? 1F 0B 8D ?? ?? ?? ?? 25 16 11 ?? A2 25 17 72 ?? ?? ?? ?? A2 25 18 11 ?? 8E + 69 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 19 1F 20 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1A 1F + } + $upload_file_to_c2_p1 = { + 11 ?? 28 ?? ?? ?? ?? 13 ?? 72 ?? ?? ?? ?? 13 ?? 11 ?? 8E 69 17 3E ?? ?? ?? ?? 11 ?? + 17 9A 17 8D ?? ?? ?? ?? 25 16 1F 22 9D 6F ?? ?? ?? ?? 13 ?? 11 ?? 28 ?? ?? ?? ?? 39 + ?? ?? ?? ?? 11 ?? 28 ?? ?? ?? ?? 13 ?? 11 ?? 28 ?? ?? ?? ?? 13 ?? 02 28 ?? ?? ?? ?? + 13 ?? 1F 0D 8D ?? ?? ?? ?? 25 16 1F 75 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 17 1F 40 13 + ?? 12 ?? 28 ?? ?? ?? ?? A2 25 18 11 ?? A2 25 19 1F 40 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 + 25 1A 28 ?? ?? ?? ?? A2 25 1B 1F 7C 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1C 28 ?? ?? ?? + ?? A2 25 1D 1F 40 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1E 11 ?? A2 25 1F 09 1F 40 13 ?? + 12 ?? 28 ?? ?? ?? ?? A2 25 1F 0A 1F 32 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1F 0B 1F 40 + 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1F 0C 11 ?? 28 ?? ?? ?? ?? A2 28 ?? ?? ?? ?? 13 ?? + 02 02 7B ?? ?? ?? ?? 11 ?? 28 ?? ?? ?? ?? 26 1F 1E 8D ?? ?? ?? ?? 25 16 1F 66 13 ?? + 12 ?? 28 ?? ?? ?? ?? A2 25 17 1F 69 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 18 1F 6C 13 ?? + 12 ?? 28 ?? ?? ?? ?? A2 25 19 1F 65 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1A 1F 5B 13 ?? + 12 ?? 28 ?? ?? ?? ?? A2 25 1B 11 ?? A2 25 1C 1F 5D 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 + 1D 1F 20 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1E 1F 69 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 + 1F 09 1F 73 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1F 0A 1F 20 13 ?? 12 ?? 28 + } + $upload_file_to_c2_p2 = { + A2 25 1F 0B 1F 75 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1F 0C 1F 70 13 ?? 12 ?? 28 ?? ?? + ?? ?? A2 25 1F 0D 1F 6C 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1F 0E 1F 6F 13 ?? 12 ?? 28 + ?? ?? ?? ?? A2 25 1F 0F 1F 61 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1F 10 1F 64 13 ?? 12 + ?? 28 ?? ?? ?? ?? A2 25 1F 11 1F 65 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1F 12 1F 64 13 + ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1F 13 1F 20 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1F 14 1F + 74 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1F 15 1F 6F 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1F + 16 1F 20 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1F 17 1F 73 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 + 25 1F 18 1F 65 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1F 19 1F 72 13 ?? 12 ?? 28 ?? ?? ?? + ?? A2 25 1F 1A 1F 76 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1F 1B 1F 65 13 ?? 12 ?? 28 ?? + ?? ?? ?? A2 25 1F 1C 1F 72 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1F 1D 1F 2E 13 ?? 12 ?? + 28 ?? ?? ?? ?? A2 28 ?? ?? ?? ?? 13 ?? 38 ?? ?? ?? ?? 1F 0F 8D ?? ?? ?? ?? 25 16 1F + 66 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 17 1F 69 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 18 1F + 6C 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 19 1F 65 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1A 1F + 20 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1B 1F 6E 13 ?? 12 ?? 28 ?? ?? ?? ?? A2 25 1C 1F + } + + condition: + uint16(0)==0x5A4D and ( all of ($send_fingerprint_to_c2_p*)) and ( all of ($get_files_and_directories_p*)) and ( all of ($upload_file_to_c2_p*)) +} rule REVERSINGLABS_Win64_Backdoor_Konni : TC_DETECTION MALICIOUS MALWARE FILE { meta: @@ -52893,8 +53052,8 @@ rule REVERSINGLABS_Win64_Backdoor_Konni : TC_DETECTION MALICIOUS MALWARE FILE date = "2023-12-07" modified = "2023-12-07" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/backdoor/Win64.Backdoor.Konni.yara#L1-L205" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/backdoor/Win64.Backdoor.Konni.yara#L1-L205" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "37c45e3ed23ca9f4de876f666c9f6d9bf7eee5cb1650b02cdd9f58e2ccc4b5cb" score = 75 quality = 90 @@ -53082,8 +53241,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Backdoor_Limerat : TC_DETECTION MALICIOUS MALWA date = "2024-03-04" modified = "2024-03-04" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/backdoor/ByteCode.MSIL.Backdoor.LimeRAT.yara#L1-L91" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/backdoor/ByteCode.MSIL.Backdoor.LimeRAT.yara#L1-L91" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "03eaa2ac41950f036601222b32a28c03aae3b3445501e988e2f87e231a1a1522" score = 75 quality = 90 @@ -53162,8 +53321,8 @@ rule REVERSINGLABS_Win32_Backdoor_Minodo : TC_DETECTION MALICIOUS MALWARE FILE date = "2023-06-07" modified = "2023-06-07" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/backdoor/Win64.Backdoor.Minodo.yara#L1-L110" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/backdoor/Win64.Backdoor.Minodo.yara#L1-L110" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "807408699fe00c8d1170598050e533dd0d79bb170f2538b6b6227cda7410060b" score = 75 quality = 90 @@ -53258,8 +53417,8 @@ rule REVERSINGLABS_Linux_Backdoor_Krasue : TC_DETECTION MALICIOUS MALWARE FILE date = "2024-03-04" modified = "2024-03-04" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/backdoor/Linux.Backdoor.Krasue.yara#L1-L127" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/backdoor/Linux.Backdoor.Krasue.yara#L1-L127" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "e2daa35ef9e0793062c9fb3bd8e4838e1e81ee3d228d8117b1c3b0e72eb8e151" score = 75 quality = 90 @@ -53369,8 +53528,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Backdoor_Agentracoon : TC_DETECTION MALICIOUS M date = "2023-12-15" modified = "2023-12-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/backdoor/ByteCode.MSIL.Backdoor.AgentRacoon.yara#L1-L128" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/backdoor/ByteCode.MSIL.Backdoor.AgentRacoon.yara#L1-L128" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "3ba73f19f59c2e5880df820c52f16997047d7299eb14d421ae2ed8f3790bcfe9" score = 75 quality = 90 @@ -53482,8 +53641,8 @@ rule REVERSINGLABS_Win64_Backdoor_Sidetwist : TC_DETECTION MALICIOUS MALWARE FIL date = "2024-03-18" modified = "2024-03-18" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/backdoor/Win64.Backdoor.SideTwist.yara#L1-L154" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/backdoor/Win64.Backdoor.SideTwist.yara#L1-L154" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "811fa73ede59493c71435743848a3fce3a1604ec4065ffcb0b43e9715dfa5c31" score = 75 quality = 90 @@ -53617,8 +53776,8 @@ rule REVERSINGLABS_Win32_Backdoor_Konni : TC_DETECTION MALICIOUS MALWARE FILE date = "2023-12-07" modified = "2023-12-07" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/backdoor/Win32.Backdoor.Konni.yara#L1-L190" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/backdoor/Win32.Backdoor.Konni.yara#L1-L190" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "7907a657d804d485718ba13bb23513de0b909e7d455c2b3ee193b5329edd3ac6" score = 75 quality = 90 @@ -53792,8 +53951,8 @@ rule REVERSINGLABS_Win32_Trojan_Caddywiper : TC_DETECTION MALICIOUS MALWARE FILE date = "2022-03-15" modified = "2022-03-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/trojan/Win32.Trojan.CaddyWiper.yara#L1-L95" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/trojan/Win32.Trojan.CaddyWiper.yara#L1-L95" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "178ff4171c09866f6b303bdff234beff1116d268995ee4dc236332e472d645b1" score = 75 quality = 90 @@ -53879,8 +54038,8 @@ rule REVERSINGLABS_Win32_Trojan_Isaacwiper : TC_DETECTION MALICIOUS MALWARE FILE date = "2022-03-02" modified = "2022-03-02" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/trojan/Win32.Trojan.IsaacWiper.yara#L1-L76" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/trojan/Win32.Trojan.IsaacWiper.yara#L1-L76" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "c9fa43f44c33816a66f61255d101294da63df1afc5a27ed5817072040cd1eec5" score = 75 quality = 90 @@ -53957,8 +54116,8 @@ rule REVERSINGLABS_Linux_Trojan_Bibiwiper : TC_DETECTION MALICIOUS MALWARE FILE date = "2023-11-28" modified = "2023-11-28" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/trojan/Linux.Trojan.BiBiWiper.yara#L1-L76" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/trojan/Linux.Trojan.BiBiWiper.yara#L1-L76" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "8f290141d5da660463dede6df571d774448e136e2993a0a4c706245464e1239e" score = 75 quality = 90 @@ -54033,8 +54192,8 @@ rule REVERSINGLABS_Win32_Trojan_Dridex : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-09-16" modified = "2020-09-16" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/trojan/Win32.Trojan.Dridex.yara#L1-L80" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/trojan/Win32.Trojan.Dridex.yara#L1-L80" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "7eddc8f33846dfb61302b7d7fddd8dec59a1bde05b14135c14131a02e2c19600" score = 75 quality = 90 @@ -54097,6 +54256,67 @@ rule REVERSINGLABS_Win32_Trojan_Dridex : TC_DETECTION MALICIOUS MALWARE FILE condition: uint16(0)==0x5A4D and ( any of ($resolve_api_wrapper_*) and any of ($find_first_file_snippet_*)) } +rule REVERSINGLABS_Linux_Trojan_Acidrain : TC_DETECTION MALICIOUS MALWARE FILE +{ + meta: + description = "Yara rule that detects AcidRain trojan." + author = "ReversingLabs" + id = "802c7eb7-d407-5b07-a6b4-4648d3ad80e9" + date = "2024-05-10" + modified = "2024-05-10" + reference = "ReversingLabs" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/trojan/Linux.Trojan.AcidRain.yara#L1-L67" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" + logic_hash = "5b47a0de8bda09d217f8a148e561f3da7ce4945f011f4a9b5dbbca88157d3080" + score = 75 + quality = 90 + tags = "TC_DETECTION, MALICIOUS, MALWARE, FILE" + status = "RELEASED" + sharing = "TLP:WHITE" + category = "MALWARE" + tc_detection_type = "Trojan" + tc_detection_name = "AcidRain" + tc_detection_factor = 5 + importance = 25 + + strings: + $destroy_files_using_ioctls = { + 55 89 E5 57 BF ?? ?? ?? ?? 56 53 81 EC ?? ?? ?? ?? 89 7C 24 ?? 8B 45 ?? 89 04 24 E8 + ?? ?? ?? ?? 85 C0 89 C3 78 ?? 8D 85 ?? ?? ?? ?? 89 44 24 ?? 89 1C 24 E8 ?? ?? ?? ?? + 8B 85 ?? ?? ?? ?? 25 ?? ?? ?? ?? 3D ?? ?? ?? ?? 74 ?? 81 C4 ?? ?? ?? ?? 5B 5E 5F 5D + C3 8D 45 ?? BE ?? ?? ?? ?? 89 44 24 ?? 89 74 24 ?? 89 1C 24 E8 ?? ?? ?? ?? 8B 4D ?? + 8B 55 ?? C7 45 ?? ?? ?? ?? ?? 85 C9 89 55 ?? 74 ?? 8D 75 ?? 8D B6 ?? ?? ?? ?? 8D BF + ?? ?? ?? ?? B8 ?? ?? ?? ?? 89 74 24 ?? 89 44 24 ?? 89 1C 24 E8 ?? ?? ?? ?? B8 ?? ?? + ?? ?? 89 74 24 ?? 89 44 24 ?? 89 1C 24 E8 ?? ?? ?? ?? 8B 45 ?? 8B 55 ?? 01 D0 39 45 + ?? 89 45 ?? 77 ?? 81 FA ?? ?? ?? ?? BF ?? ?? ?? ?? 0F 86 ?? ?? ?? ?? 8B 45 ?? C7 45 + ?? ?? ?? ?? ?? 85 C0 0F 84 ?? ?? ?? ?? 8D 75 ?? EB ?? 31 C9 89 4C 24 ?? 8B 45 ?? 89 + 1C 24 89 44 24 ?? E8 ?? ?? ?? ?? A1 ?? ?? ?? ?? 89 7C 24 ?? 89 1C 24 89 44 24 ?? E8 + ?? ?? ?? ?? 8B 55 ?? 8B 45 ?? 01 D0 39 45 ?? 89 45 ?? 76 ?? B8 ?? ?? ?? ?? 89 74 24 + ?? 89 44 24 ?? 89 1C 24 E8 ?? ?? ?? ?? B8 ?? ?? ?? ?? 89 74 24 ?? 89 44 24 ?? 89 1C + 24 E8 ?? ?? ?? ?? 80 7D ?? ?? 75 ?? A1 ?? ?? ?? ?? 89 7D ?? 89 45 ?? 8B 45 ?? 89 45 + ?? 8D 45 ?? 89 44 24 ?? B8 ?? ?? ?? ?? 89 44 24 ?? 89 1C 24 E8 ?? ?? ?? ?? 8B 55 ?? + 8B 45 ?? 01 D0 39 45 ?? 89 45 ?? 77 ?? 8D 74 26 ?? 8D BC 27 ?? ?? ?? ?? 31 FF 89 1C + 24 E8 ?? ?? ?? ?? 31 C0 89 44 24 ?? 89 7C 24 ?? 89 1C 24 E8 ?? ?? ?? ?? 8B 75 ?? C7 + 45 ?? ?? ?? ?? ?? 85 F6 74 ?? 8D 75 ?? 8D 76 ?? B9 ?? ?? ?? ?? 89 74 24 ?? 89 4C 24 + ?? 89 1C 24 E8 ?? ?? ?? ?? 8B 55 ?? 8B 45 ?? 01 D0 39 45 ?? 89 45 ?? 77 ?? 89 1C 24 + E8 ?? ?? ?? ?? 89 1C 24 E8 ?? ?? ?? ?? 81 C4 ?? ?? ?? ?? 5B 5E 5F 5D C3 + } + $destroy_files_using_overwrite = { + 55 89 E5 83 EC ?? 89 5D ?? 8B 5D ?? 8D 45 ?? 89 75 ?? 89 7D ?? C7 45 ?? ?? ?? ?? ?? + C7 45 ?? ?? ?? ?? ?? 89 44 24 ?? 89 1C 24 E8 ?? ?? ?? ?? 85 C0 75 ?? 8B 5D ?? 8B 75 + ?? 8B 7D ?? 89 EC 5D C3 + } + $redundant_reboot_attempts = { + C7 04 24 ?? ?? ?? ?? E8 ?? ?? ?? ?? C7 04 24 ?? ?? ?? ?? E8 ?? ?? ?? ?? C7 04 24 ?? + ?? ?? ?? E8 ?? ?? ?? ?? C7 04 24 ?? ?? ?? ?? E8 ?? ?? ?? ?? E8 ?? ?? ?? ?? 85 C0 0F + 84 ?? ?? ?? ?? 8D B6 ?? ?? ?? ?? E8 ?? ?? ?? ?? 85 C0 74 ?? E8 ?? ?? ?? ?? 85 C0 0F + 84 ?? ?? ?? ?? E8 ?? ?? ?? ?? 85 C0 8D 76 ?? 0F 84 ?? ?? ?? ?? A1 ?? ?? ?? ?? 89 04 + 24 E8 ?? ?? ?? ?? 31 D2 83 C4 ?? 89 D0 59 5B 5E 5F 5D 8D 61 ?? C3 + } + + condition: + uint32(0)==0x464C457F and ($destroy_files_using_ioctls) and ($destroy_files_using_overwrite) and ($redundant_reboot_attempts) +} rule REVERSINGLABS_Win32_Trojan_Bibiwiper : TC_DETECTION MALICIOUS MALWARE FILE { meta: @@ -54106,8 +54326,8 @@ rule REVERSINGLABS_Win32_Trojan_Bibiwiper : TC_DETECTION MALICIOUS MALWARE FILE date = "2023-11-28" modified = "2023-11-28" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/trojan/Win32.Trojan.BiBiWiper.yara#L1-L102" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/trojan/Win32.Trojan.BiBiWiper.yara#L1-L102" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "d75954c05a8f82ad90a4adf6a2a3748928488ddebe40d8f8a790bfcde0b02a11" score = 75 quality = 90 @@ -54204,8 +54424,8 @@ rule REVERSINGLABS_Win32_Trojan_Emotet : TC_DETECTION MALICIOUS MALWARE FILE date = "2021-11-16" modified = "2021-11-16" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/trojan/Win32.Trojan.Emotet.yara#L1-L182" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/trojan/Win32.Trojan.Emotet.yara#L1-L182" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "747d603c9849a66782c95050a4a634ffdb4ce2882adcfc5d63e1f1ea1651b25e" score = 75 quality = 90 @@ -54350,8 +54570,8 @@ rule REVERSINGLABS_Win32_Trojan_Trickbot : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-15" modified = "2020-07-15" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/trojan/Win32.Trojan.TrickBot.yara#L1-L46" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/trojan/Win32.Trojan.TrickBot.yara#L1-L46" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "e10f16c70f1ff7cf11d3e25f06e4c5d9e20c51688582d2b51322f768a8e06d7e" score = 75 quality = 90 @@ -54394,8 +54614,8 @@ rule REVERSINGLABS_Win32_Trojan_Hermeticwiper : TC_DETECTION MALICIOUS MALWARE F date = "2022-02-24" modified = "2022-02-24" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/trojan/Win32.Trojan.HermeticWiper.yara#L1-L50" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/trojan/Win32.Trojan.HermeticWiper.yara#L1-L50" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "0fa519ce8285ffe4e49c2a301e8a0fd0516a05dc6b41ee0b010fdc76dd6e195e" score = 75 quality = 90 @@ -54447,8 +54667,8 @@ rule REVERSINGLABS_Win32_Downloader_Dlmarlboro : TC_DETECTION MALICIOUS MALWARE date = "2020-07-23" modified = "2020-07-23" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/downloader/Win32.Downloader.dlMarlboro.yara#L1-L79" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/downloader/Win32.Downloader.dlMarlboro.yara#L1-L79" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "465a3b3a9686889001ac0b929d0349e44b6015eaeed3386361366def5013164a" score = 75 quality = 90 @@ -54529,8 +54749,8 @@ rule REVERSINGLABS_Win32_PUA_Domaiq : TC_DETECTION MALICIOUS MALWARE FILE date = "2020-07-28" modified = "2020-07-28" reference = "ReversingLabs" - source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/yara/pua/Win32.PUA.Domaiq.yara#L1-L169" - license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d5a78f30a1669a3dc576d45a77eeba9476795155/LICENSE" + source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/yara/pua/Win32.PUA.Domaiq.yara#L1-L169" + license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/a5d532bf2cd88e933a6745dd45880ba2c8604d71/LICENSE" logic_hash = "e291a639aa027a2257eec2853e40a222afabf23b32898326a1d5b48be823202c" score = 75 quality = 90 @@ -54668,9 +54888,9 @@ rule REVERSINGLABS_Win32_PUA_Domaiq : TC_DETECTION MALICIOUS MALWARE FILE * YARA Rule Set * Repository Name: Elastic * Repository: https://github.com/elastic/protections-artifacts/ - * Retrieval Date: 2024-05-05 - * Git Commit: f98777756fcfbe5ab05a296388044a2dbb962557 - * Number of Rules: 1615 + * Retrieval Date: 2024-05-12 + * Git Commit: 3bbef930abab9814b2fdb4704be075ab1daf2ea0 + * Number of Rules: 1635 * Skipped: 0 (age), 5 (quality), 0 (score), 0 (importance) * * @@ -54780,8 +55000,8 @@ rule ELASTIC_Macos_Backdoor_Keyboardrecord_832F7Bac : FILE date = "2021-11-11" modified = "2022-07-22" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/MacOS_Backdoor_Keyboardrecord.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/MacOS_Backdoor_Keyboardrecord.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "570cd76bf49cf52e0cb347a68bdcf0590b2eaece134e1b1eba7e8d66261bdbe6" logic_hash = "5719681d50134edacb5341034314c33ed27e9325de0ae26b2a01d350429c533b" score = 75 @@ -54813,8 +55033,8 @@ rule ELASTIC_Windows_Trojan_Vidar_9007Feb2 : FILE MEMORY date = "2021-06-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Vidar.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Vidar.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec" logic_hash = "fcdef7397f17ee402155e526c6fa8b51f3ea96e203a095b0b4c36cb7d3cc83d1" score = 75 @@ -54842,8 +55062,8 @@ rule ELASTIC_Windows_Trojan_Vidar_114258D5 : FILE MEMORY date = "2021-06-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Vidar.yar#L21-L44" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Vidar.yar#L21-L44" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec" logic_hash = "9ea3ea0533d14edd0332fa688497efd566a890d1507214fc8591a0a11433d060" score = 75 @@ -54876,8 +55096,8 @@ rule ELASTIC_Windows_Trojan_Vidar_32Fea8Da : FILE MEMORY date = "2023-05-04" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Vidar.yar#L46-L66" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Vidar.yar#L46-L66" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "6f5c24fc5af2085233c96159402cec9128100c221cb6cb0d1c005ced7225e211" logic_hash = "1a18cdc3bd533c34eb05b239830ecec418dc76ee9f4fcfc48afc73b07d55b3cd" score = 75 @@ -54907,8 +55127,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_A6E956C9 : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Metasploit.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Metasploit.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "fb4e3e54618075d5ef6ec98d1ba9c332ce9f677f0879e07b34a2ca08b2180dd9" score = 75 quality = 75 @@ -54936,8 +55156,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_38B8Ceec : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Metasploit.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Metasploit.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "8e3bc02661cedb9885467373f8120542bb7fc8b0944803bc01642fbc8426298b" score = 75 quality = 75 @@ -54965,8 +55185,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_7Bc0F998 : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Metasploit.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Metasploit.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "29cb48086dbcd48bd83c5042ed78370e127e1ea5170ee7383b88659b31e896b5" score = 75 quality = 75 @@ -54994,8 +55214,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_F7F826B4 : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Metasploit.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Metasploit.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "2f5264e07c65d5ef4efe49a48c24ccef9a4b9379db581d2cf18e1131982e6f2f" score = 75 quality = 75 @@ -55023,8 +55243,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_24338919 : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Metasploit.yar#L81-L99" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Metasploit.yar#L81-L99" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "af8cceebdebca863019860afca5d7c6400b68c8450bc17b7d7b74aeab2d62d16" score = 75 quality = 75 @@ -55052,8 +55272,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_0F5A852D : FILE MEMORY date = "2021-04-07" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Metasploit.yar#L101-L119" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Metasploit.yar#L101-L119" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "11cddf2191a2f70222a0c8c591e387b4b5667bc432a2f686629def9252361c1d" score = 75 quality = 75 @@ -55081,8 +55301,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_C9773203 : FILE MEMORY date = "2021-04-07" modified = "2021-08-23" reference = "https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Metasploit.yar#L121-L140" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Metasploit.yar#L121-L140" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "1d6503ccf05b8e8b4368ed0fb2e57aa2be94151ce7e2445b5face7b226a118e9" score = 75 quality = 75 @@ -55110,8 +55330,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_Dd5Ce989 : FILE MEMORY date = "2021-04-14" modified = "2021-08-23" reference = "https://www.rapid7.com/blog/post/2015/03/25/stageless-meterpreter-payloads/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Metasploit.yar#L142-L164" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Metasploit.yar#L142-L164" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "86cf98bf854b01a55e3f306597437900e11d429ac6b7781e090eeda3a5acb360" logic_hash = "5c094979be1cd347ffee944816b819b6fbb62804b183a6120cd3a93d2759155b" score = 75 @@ -55142,8 +55362,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_96233B6B : FILE MEMORY date = "2021-06-10" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Metasploit.yar#L166-L185" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Metasploit.yar#L166-L185" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "e7a2d966deea3a2df6ce1aeafa8c2caa753824215a8368e0a96b394fb46b753b" logic_hash = "09a2b9414a126367df65322966b671fe7ea963cd65ef48e316c9d139ee502d31" score = 75 @@ -55172,8 +55392,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_4A1C4Da8 : FILE MEMORY date = "2021-06-10" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Metasploit.yar#L187-L206" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Metasploit.yar#L187-L206" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "9582d37ed9de522472abe615dedef69282a40cfd58185813c1215249c24bbf22" logic_hash = "9d3a3164ed1019dcb557cf20734a81be9964a555ddb2e0104f7202880b2ed177" score = 75 @@ -55202,8 +55422,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_91Bc5D7D : FILE MEMORY date = "2021-08-02" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Metasploit.yar#L208-L226" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Metasploit.yar#L208-L226" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "0dd993ff3917dc56ef02324375165f0d66506c5a9b9548eda57c58e041030987" logic_hash = "74154902b03c36a4ee9bc54ae9399bae9e6afb7fe8d0fe232b88250afc368d6f" score = 75 @@ -55231,8 +55451,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_A91A6571 : FILE MEMORY date = "2022-06-08" modified = "2022-09-29" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Metasploit.yar#L228-L246" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Metasploit.yar#L228-L246" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "ff7795edff95a45b15b03d698cbdf70c19bc452daf4e2d5e86b2bbac55494472" logic_hash = "cc59320ba9f8907d1d9b9dc120d8b4807b419e49c55be1fd5d2cdbb0c5d4e5cc" score = 75 @@ -55260,8 +55480,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_B29Fe355 : FILE MEMORY date = "2022-06-08" modified = "2022-09-29" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Metasploit.yar#L248-L268" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Metasploit.yar#L248-L268" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "4f0ab4e42e6c10bc9e4a699d8d8819b04c17ed1917047f770dc6980a0a378a68" logic_hash = "7a2189b59175acb66a7497c692a43c413a476f5c4371f797bf03a8ddb550992c" score = 75 @@ -55291,8 +55511,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_66140F58 : FILE MEMORY date = "2022-08-15" modified = "2022-09-29" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Metasploit.yar#L270-L288" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Metasploit.yar#L270-L288" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "01a0c5630fbbfc7043d21a789440fa9dadc6e4f79640b370f1a21c6ebf6a710a" logic_hash = "0a855b7296f7cea39cc5d57b239d3906133ea43a0811ec60e4d91765cf89aced" score = 75 @@ -55320,8 +55540,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_2092C42A : FILE MEMORY date = "2023-05-09" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Metasploit.yar#L290-L309" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Metasploit.yar#L290-L309" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "e47d88c11a89dcc84257841de0c9f1ec388698006f55a0e15567354b33f07d3c" logic_hash = "83c46c6b957f10d406ea9985c518eb2fba3e82b9023bfdefa8bdd4be7fb67826" score = 75 @@ -55350,8 +55570,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_46E1C247 : FILE MEMORY date = "2023-05-10" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Metasploit.yar#L311-L330" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Metasploit.yar#L311-L330" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "ef70e1faa3b1f40d92b0a161c96e13c96c43ec6651e7c87ee3977ed07b950bab" logic_hash = "760a4e28e312a7d744208dc833ffad8d139ce7c536b407625a7fb0dff5ddb1d1" score = 75 @@ -55380,8 +55600,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_B62Aac1E : FILE MEMORY date = "2023-05-10" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Metasploit.yar#L332-L351" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Metasploit.yar#L332-L351" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "af9af81f7e46217330b447900f80c9ce38171655becb3b63e51f913b95c71e70" logic_hash = "3ef6b7fb258b060ae00b060dbf9b07620f8cda0d9a827985bbb3ed9617969ef6" score = 75 @@ -55410,8 +55630,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_47F5D54A : FILE MEMORY date = "2023-11-13" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Metasploit.yar#L353-L372" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Metasploit.yar#L353-L372" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "bc3754cf4a04491a7ad7a75f69dd3bb2ddf0d8592ce078b740d7c9c7bc85a7e1" logic_hash = "be080d0aae457348c4a02c204507a8cb14d1728d1bc50d7cf12b577aa06daf9f" score = 75 @@ -55440,8 +55660,8 @@ rule ELASTIC_Windows_Trojan_Lurker_0Ee51802 : FILE date = "2022-04-04" modified = "2022-06-09" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Lurker.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Lurker.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "5718fd4f807e29e48a8b6a6f4484426ba96c61ec8630dc78677686e0c9ba2b87" logic_hash = "782926c927dce82b95e51634d5607c474937e1edc0f7f739acefa0f4c03aa753" score = 75 @@ -55469,8 +55689,8 @@ rule ELASTIC_Windows_Trojan_Carberp_D6De82Ae : FILE MEMORY date = "2021-02-07" modified = "2021-08-23" reference = "https://github.com/m0n0ph1/malware-1/blob/master/Carberp%20Botnet/source%20-%20absource/pro/all%20source/hvnc_dll/HVNC%20Lib/vnc/xvnc.h#L342" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Carberp.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Carberp.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "f98fadb6feab71930bd5c08e85153898d686cc96c84fe349c00bf6d482de9b53" logic_hash = "085020755c77b299b2bfd18b34af6c68450c29de67b8ae32ddf2b26299b923ae" score = 75 @@ -55500,8 +55720,8 @@ rule ELASTIC_Multi_Ransomware_Blackcat_Aaf312C3 : FILE MEMORY date = "2022-02-02" modified = "2023-09-20" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Multi_Ransomware_BlackCat.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Multi_Ransomware_BlackCat.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "0c6f444c6940a3688ffc6f8b9d5774c032e3551ebbccb64e4280ae7fc1fac479" logic_hash = "0771ab5a795af164a568bda036cccf08afeb33458f2cd5a7240349fca9b60ead" score = 75 @@ -55530,8 +55750,8 @@ rule ELASTIC_Multi_Ransomware_Blackcat_00E525D7 : FILE MEMORY date = "2022-02-02" modified = "2022-08-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Multi_Ransomware_BlackCat.yar#L22-L43" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Multi_Ransomware_BlackCat.yar#L22-L43" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "0c6f444c6940a3688ffc6f8b9d5774c032e3551ebbccb64e4280ae7fc1fac479" logic_hash = "e44625d0fa8308b9d4d63a9e6920b4da4a2ce124437f122b2c8fe5cf0ab85a6b" score = 75 @@ -55562,8 +55782,8 @@ rule ELASTIC_Multi_Ransomware_Blackcat_C4B043E6 : FILE MEMORY date = "2022-09-12" modified = "2022-09-29" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Multi_Ransomware_BlackCat.yar#L45-L63" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Multi_Ransomware_BlackCat.yar#L45-L63" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "45b8678f74d29c87e2d06410245ab6c2762b76190594cafc9543fb9db90f3d4f" logic_hash = "1262ca76581920f08a6482ead68023fdfff08a9ddd19e00230054e3167dc184c" score = 75 @@ -55591,8 +55811,8 @@ rule ELASTIC_Multi_Ransomware_Blackcat_70171625 : FILE MEMORY date = "2023-01-05" modified = "2023-09-20" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Multi_Ransomware_BlackCat.yar#L65-L91" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Multi_Ransomware_BlackCat.yar#L65-L91" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "0c6f444c6940a3688ffc6f8b9d5774c032e3551ebbccb64e4280ae7fc1fac479" logic_hash = "fd07acd7c8627754f000c44827848bf65bcaa96f2dfb46e41542f3c9b40eee78" score = 75 @@ -55628,8 +55848,8 @@ rule ELASTIC_Multi_Ransomware_Blackcat_E066D802 : FILE MEMORY date = "2023-07-27" modified = "2023-09-20" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Multi_Ransomware_BlackCat.yar#L93-L113" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Multi_Ransomware_BlackCat.yar#L93-L113" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "00360830bf5886288f23784b8df82804bf6f22258e410740db481df8a7701525" logic_hash = "00fbb8013faf26c35b6cd8a72ebc246444c37c5ec7a0df2295830e96c01c8720" score = 75 @@ -55659,8 +55879,8 @@ rule ELASTIC_Linux_Exploit_CVE_2021_3490_D369D615 : FILE MEMORY CVE_2021_3490 date = "2021-11-12" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_CVE_2021_3490.yar#L1-L30" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_CVE_2021_3490.yar#L1-L30" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "e65ba616942fd1e893e10898d546fe54458debbc42e0d6826aff7a4bb4b2cf19" logic_hash = "6fa4b36366d2c255f5ccf0e22a06c7e17df74fddd06963787dbcd713b3e8aca6" score = 75 @@ -55699,8 +55919,8 @@ rule ELASTIC_Windows_Vulndriver_Powerprofiler_2Eedff78 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_VulnDriver_PowerProfiler.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_VulnDriver_PowerProfiler.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "0af5ccb3d33a9ba92071c9637be6254030d61998733a5eb3583e865e17844e05" logic_hash = "c4a7ae2ffdf70984cea5b543af93b202c78b6108da1e442186d24071b44d6259" score = 75 @@ -55730,8 +55950,8 @@ rule ELASTIC_Windows_Ransomware_Avoslocker_7Ae4D4F2 : FILE MEMORY date = "2021-07-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Avoslocker.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Avoslocker.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "43b7a60c0ef8b4af001f45a0c57410b7374b1d75a6811e0dfc86e4d60f503856" logic_hash = "c87faf6f128fd6a8cabd68ec8de72fb10e6be42bdbe23ece374dd8f3cf0c1b15" score = 75 @@ -55763,8 +55983,8 @@ rule ELASTIC_Linux_Hacktool_Fontonlake_68Ad8568 : FILE MEMORY date = "2021-10-12" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Hacktool_Fontonlake.yar#L1-L30" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Hacktool_Fontonlake.yar#L1-L30" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "717953f52318e7687fc95626561cc607d4875d77ff7e3cf5c7b21cf91f576fa4" logic_hash = "63dd5769305c715e27e3c62160f7b0f65b57204009ed46383b5b477c67cfac8e" score = 75 @@ -55803,8 +56023,8 @@ rule ELASTIC_Linux_Exploit_Sorso_Ecf99F8F : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_Sorso.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_Sorso.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "c0f0a7b45fb91bc18264d901c20539dd32bc03fa5b7d839a0ef5012fb0d895cd" logic_hash = "c771ff109e548e37134cd76ac668f0d4abafcf262de12b00236ad94fc11a99d1" score = 75 @@ -55832,8 +56052,8 @@ rule ELASTIC_Linux_Exploit_Sorso_91A4D487 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_Sorso.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_Sorso.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "c0f0a7b45fb91bc18264d901c20539dd32bc03fa5b7d839a0ef5012fb0d895cd" logic_hash = "bb58c78ae3cc730aa1ef32974f65adabd63972ef181696aeb79954f904f2f405" score = 75 @@ -55861,8 +56081,8 @@ rule ELASTIC_Linux_Exploit_Sorso_61Eae7Dd : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_Sorso.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_Sorso.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "c0f0a7b45fb91bc18264d901c20539dd32bc03fa5b7d839a0ef5012fb0d895cd" logic_hash = "a8bc8a2c8405b80b160ad21898003781405a762c0e627f13b34e9362e0aa51a1" score = 75 @@ -55890,8 +56110,8 @@ rule ELASTIC_Windows_Trojan_Dustywarehouse_A6Cfc9F7 : FILE MEMORY date = "2023-08-25" modified = "2023-11-02" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_DustyWarehouse.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_DustyWarehouse.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "8c4de69e89dcc659d2fff52d695764f1efd7e64e0a80983ce6d0cb9eeddb806c" logic_hash = "2b4cd9316e2fda882c95673edecb9c82a03ef4fdcc2d2e25783644cc5dfb5bf0" score = 75 @@ -55923,8 +56143,8 @@ rule ELASTIC_Windows_Trojan_Amadey_7Abb059B : FILE MEMORY date = "2021-06-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Amadey.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Amadey.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e" logic_hash = "23b75d6df9e2a7f8e1efee46ecaf1fc84247312b19a8a1941ddbca1b2ce5e1db" score = 75 @@ -55952,8 +56172,8 @@ rule ELASTIC_Windows_Trojan_Amadey_C4Df8D4A : FILE MEMORY date = "2021-06-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Amadey.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Amadey.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "9039d31d0bd88d0c15ee9074a84f8d14e13f5447439ba80dd759bf937ed20bf2" logic_hash = "7f96c4de585223033fb7e7906be6d6898651ecf30be51ed01abde18ef52c0e1e" score = 75 @@ -55981,8 +56201,8 @@ rule ELASTIC_Windows_Packer_Scrubcrypt_6A75A4Bb : FILE MEMORY date = "2023-04-18" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Packer_ScrubCrypt.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Packer_ScrubCrypt.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "05c1eea2ff8c31aa5baf1dfd8015988f7e737753275ed1c8c29013a3a7414b50" logic_hash = "edcaa6f1cc85ef084ae5bf2524f39869a90b008dce85e72bca4835565f067ca7" score = 75 @@ -56011,8 +56231,8 @@ rule ELASTIC_Windows_Vulndriver_Fiddrv_E7875A5A : FILE date = "2023-07-25" modified = "2023-07-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Vulndriver_FidDrv.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Vulndriver_FidDrv.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "4bf4cced4209c73aa37a9e2bf9ff27d458d8d7201eefa6f6ad4849ee276ad158" logic_hash = "aa1635c651c8364ad2ee93b369dd583fce699001d753e46de013c476d185eef1" score = 75 @@ -56044,8 +56264,8 @@ rule ELASTIC_Windows_Trojan_Glupteba_70557305 : FILE MEMORY date = "2021-08-08" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Glupteba.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Glupteba.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "3ad13fd7968f9574d2c822e579291c77a0c525991cfb785cbe6cdd500b737218" logic_hash = "f3eee9808a1e8a2080116dda7ce795815e1179143c756ea8fdd26070f1f8f74a" score = 75 @@ -56078,8 +56298,8 @@ rule ELASTIC_Windows_Trojan_Glupteba_4669Dcd6 : FILE MEMORY date = "2021-08-08" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Glupteba.yar#L26-L44" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Glupteba.yar#L26-L44" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "1b55042e06f218546db5ddc52d140be4303153d592dcfc1ce90e6077c05e77f7" logic_hash = "64b2099f40f94b17bc5860b41773c41322420500696d320399ff1c016cb56e15" score = 75 @@ -56107,8 +56327,8 @@ rule ELASTIC_Windows_Trojan_Babylonrat_0F66E73B : FILE MEMORY date = "2021-09-02" modified = "2022-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Babylonrat.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Babylonrat.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "4278064ec50f87bb0471053c068b13955ed9d599434e687a64bf2060438a7511" logic_hash = "66223dc9e2ef7330e26c91f0c82c555e96e4c794a637ab2cbe36410f3eca202a" score = 75 @@ -56130,6 +56350,59 @@ rule ELASTIC_Windows_Trojan_Babylonrat_0F66E73B : FILE MEMORY condition: all of them } +rule ELASTIC_Windows_Hacktool_Coffloader_81Ba13B8 : FILE MEMORY +{ + meta: + description = "Detects Windows Hacktool Coffloader (Windows.Hacktool.COFFLoader)" + author = "Elastic Security" + id = "81ba13b8-8994-4fe9-98e5-44514c554e8b" + date = "2024-04-22" + modified = "2024-05-08" + reference = "https://github.com/elastic/protections-artifacts/" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Hacktool_COFFLoader.yar#L1-L43" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" + hash = "c2e03659eb1594dc958e01344cfa9ba126d66736b089db5e3dd1b1c3e3e7d2f7" + logic_hash = "d4f061af200a0ae9f3276fd6dfcb09ecdf662f29b7c43ea47c69a53d9fe66793" + score = 75 + quality = 73 + tags = "FILE, MEMORY" + fingerprint = "ef9f11d9cd6c3b46f7d13ea039dcad6fa24515495466b1102ec8c1c8bed8853e" + severity = 100 + arch_context = "x86" + scan_context = "file, memory" + license = "Elastic License v2" + os = "windows" + + strings: + $a1 = "BeaconDataParse" ascii fullword + $a2 = "BeaconDataInt" ascii fullword + $a3 = "BeaconDataShort" ascii fullword + $a4 = "BeaconDataLength" ascii fullword + $a5 = "BeaconDataExtract" ascii fullword + $a6 = "BeaconFormatAlloc" ascii fullword + $a7 = "BeaconFormatReset" ascii fullword + $a8 = "BeaconFormatFree" ascii fullword + $a9 = "BeaconFormatAppend" ascii fullword + $a10 = "BeaconFormatPrintf" ascii fullword + $a11 = "BeaconFormatToString" ascii fullword + $a12 = "BeaconFormatInt" ascii fullword + $a13 = "BeaconPrintf" ascii fullword + $a14 = "BeaconOutput" ascii fullword + $a15 = "BeaconUseToken" ascii fullword + $a16 = "BeaconRevertToken" ascii fullword + $a17 = "BeaconDataParse" ascii fullword + $a18 = "BeaconIsAdmin" ascii fullword + $a19 = "BeaconGetSpawnTo" ascii fullword + $a20 = "BeaconSpawnTemporaryProcess" ascii fullword + $a21 = "BeaconInjectProcess" ascii fullword + $a22 = "BeaconInjectTemporaryProcess" ascii fullword + $a23 = "BeaconCleanupProcess" ascii fullword + $b1 = "COFFLoader.x64.dll" + $b2 = "COFFLoader.x86.dll" + + condition: + 5 of ($a*) or 1 of ($b*) +} rule ELASTIC_Windows_Trojan_Protects_9F6Eaa90 : FILE { meta: @@ -56139,8 +56412,8 @@ rule ELASTIC_Windows_Trojan_Protects_9F6Eaa90 : FILE date = "2022-04-04" modified = "2022-06-09" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_ProtectS.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_ProtectS.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "c0330e072b7003f55a3153ac3e0859369b9c3e22779b113284e95ce1e2ce2099" logic_hash = "ddc8c97598b2d961dc51bdf2c7ab96abcec63824acd39b767bc175371844c1e5" score = 75 @@ -56168,8 +56441,8 @@ rule ELASTIC_Linux_Downloader_Generic_0Bd15Ae0 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Downloader_Generic.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Downloader_Generic.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "e511efb068e76a4a939c2ce2f2f0a089ef55ca56ee5f2ba922828d23e6181f09" logic_hash = "c9558562d9e9d3b55bd1fba9e55b332e6b4db5a170e0dd349bef1e35f0c7fd21" score = 75 @@ -56197,8 +56470,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_83715433 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Gafgyt.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Gafgyt.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "3648a407224634d76e82eceec84250a7506720a7f43a6ccf5873f478408fedba" logic_hash = "7a7328322c2c1e128e267e92de0964e78ad9f49b7de8ec69d7f0632c69723a7d" score = 75 @@ -56226,8 +56499,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_28A2Fe0C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Gafgyt.yar#L21-L38" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Gafgyt.yar#L21-L38" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "04bbc6c40cdd71b4185222a822d18b96ec8427006221f213a1c9e4d9c689ce5c" score = 75 quality = 73 @@ -56254,8 +56527,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_Eb96Cc26 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Gafgyt.yar#L40-L58" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Gafgyt.yar#L40-L58" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "440318179ba2419cfa34ea199b49ee6bdecd076883d26329bbca6dca9d39c500" logic_hash = "3d8740a6cca4856a73ea745877a3eb39cbf3ad4ca612daabd197f551116efa04" score = 75 @@ -56283,8 +56556,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_5008Aee6 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Gafgyt.yar#L60-L78" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Gafgyt.yar#L60-L78" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "b32cd71fcfda0a2fcddad49d8c5ba8d4d68867b2ff2cb3b49d1a0e358346620c" logic_hash = "538bae17dcf0298e379f656e1dba794b75af6c7448a23253a51994bde9d30524" score = 75 @@ -56312,8 +56585,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_6321B565 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Gafgyt.yar#L80-L98" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Gafgyt.yar#L80-L98" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "cd48addd392e7912ab15a5464c710055f696990fab564f29f13121e7a5e93730" logic_hash = "ad5c73ab68059101acf2fd8cfb3d676fd1ff58811e1c4b9008c291361ee951b8" score = 75 @@ -56341,8 +56614,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_A6A2Adb9 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Gafgyt.yar#L100-L118" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Gafgyt.yar#L100-L118" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df" logic_hash = "8f5fc4cb1ad51178701509a44a793e119fe7e7fad97eafcac8be14fce64e3b7b" score = 75 @@ -56370,8 +56643,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_C573932B : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Gafgyt.yar#L120-L138" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Gafgyt.yar#L120-L138" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68" logic_hash = "174a3fcebc1e17cc35ddc11fde1798164b5783fc51fdf16581a9690c3b4d6549" score = 75 @@ -56399,8 +56672,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_A10161Ce : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Gafgyt.yar#L140-L157" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Gafgyt.yar#L140-L157" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "12ba13a746300d1ab1d0386b86ec224eebf4e6d0b3688495c2fee6a7eccc361d" score = 75 quality = 75 @@ -56427,8 +56700,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_Ae01D978 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Gafgyt.yar#L159-L176" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Gafgyt.yar#L159-L176" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "c6c22b11dc1f0d4996e5da92c6edf58b7d21d7be40da87ddd39ed0e2d4c84072" score = 75 quality = 75 @@ -56455,8 +56728,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_9E9530A7 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Gafgyt.yar#L178-L196" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Gafgyt.yar#L178-L196" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961" logic_hash = "6a5a80e58c86a80f8954e678a2cc26b258d7d7c50047a3e71f3580f1780e3454" score = 75 @@ -56484,8 +56757,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_5Bf62Ce4 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Gafgyt.yar#L198-L216" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Gafgyt.yar#L198-L216" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68" logic_hash = "848e0c796584cfa21afc182da5f417f5467ae84c74f52cabc13e0f5de4990232" score = 75 @@ -56513,8 +56786,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_F3D83A74 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Gafgyt.yar#L218-L236" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Gafgyt.yar#L218-L236" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df" logic_hash = "2db46180e66c9268a97d63cd1c4eb8439e6882b4e3277bc4848e940e4d25482f" score = 75 @@ -56542,8 +56815,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_807911A2 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Gafgyt.yar#L238-L255" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Gafgyt.yar#L238-L255" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "66b15304d5ed22daea666bd0e2b18726b8a058361ff8d69b974bfded933a4d8c" score = 75 quality = 75 @@ -56570,8 +56843,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_9C18716C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Gafgyt.yar#L257-L274" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Gafgyt.yar#L257-L274" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "0e70dc82b2049a6f5efcc501e18e6f87e04a2d50efcb5143240c68c4a924de52" score = 75 quality = 75 @@ -56598,8 +56871,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_Fbed4652 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Gafgyt.yar#L276-L294" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Gafgyt.yar#L276-L294" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "2ea21358205612f5dc0d5f417c498b236c070509531621650b8c215c98c49467" logic_hash = "fc1f501123ab7421034e183186b077f65838b475f883d4ff04e8fc8a283424ef" score = 75 @@ -56627,8 +56900,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_94A44Aa5 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Gafgyt.yar#L296-L314" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Gafgyt.yar#L296-L314" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "a7694202f9c32a9d73a571a30a9e4a431d5dfd7032a500084756ba9a48055dba" logic_hash = "deb46c2960dc4868b7bac1255d8753895950bc066dec03674a714860ff72ef2c" score = 60 @@ -56656,8 +56929,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_E0673A90 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Gafgyt.yar#L316-L334" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Gafgyt.yar#L316-L334" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "c5a317d0d8470814ff343ce78ad2428ebb3f036763fcf703a589b6c4d33a3ec6" logic_hash = "149147eedd66f9ca2dad9cb69f37abc849d44331ec1b5d2917ab3867ced0b274" score = 75 @@ -56685,8 +56958,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_821173Df : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Gafgyt.yar#L336-L354" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Gafgyt.yar#L336-L354" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "de7d1aff222c7d474e1a42b2368885ef16317e8da1ca3a63009bf06376026163" logic_hash = "1c6c7666983c43176aa1a9628fb4352f8f11729e02dda13669ca2e62aed5f4ee" score = 75 @@ -56714,8 +56987,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_31796A40 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Gafgyt.yar#L356-L374" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Gafgyt.yar#L356-L374" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "227c7f13f7bdadf6a14cc85e8d2106b9d69ab80abe6fc0056af5edef3621d4fb" logic_hash = "0e0e901d12edd77e77a205f8547f891f483fc8676493e9b7a324e970225af3c9" score = 75 @@ -56743,8 +57016,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_750Fe002 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Gafgyt.yar#L376-L394" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Gafgyt.yar#L376-L394" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68" logic_hash = "eb9907d8a63822c2e3ab57d43dca8ede7876610f029e2f9c10c9eeace9ea0078" score = 75 @@ -56772,8 +57045,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_6122Acdf : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Gafgyt.yar#L396-L413" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Gafgyt.yar#L396-L413" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "140b32a8f2b7493b068e63a05b3d9baec6ec14c9f2062c7e760dde96335e29f1" score = 75 quality = 75 @@ -56800,8 +57073,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_A0A4De11 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Gafgyt.yar#L415-L433" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Gafgyt.yar#L415-L433" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "cf1ca1d824c8687e87a5b0275a0e39fa101442b4bbf470859ddda9982f9b3417" logic_hash = "220c6ba82b906f070123b3bae9aafa72c0fb3bc8d5858a4f4bd65567076eb73d" score = 75 @@ -56829,8 +57102,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_A473Dcb6 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Gafgyt.yar#L435-L453" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Gafgyt.yar#L435-L453" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "7ba74e3cb0d633de0e8dbe6cfc49d4fc77dd0c02a5f1867cc4a1f1d575def97d" logic_hash = "106ee9cd9c368674ae08b835f54dbb6918b553e3097aae9b0de88f55420f046b" score = 75 @@ -56858,8 +57131,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_30444846 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Gafgyt.yar#L455-L473" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Gafgyt.yar#L455-L473" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "c84b81d79d437bb9b8a6bad3646aef646f2a8e1f1554501139648d2f9de561da" logic_hash = "26bc95efb2ea69fece52cf3ab38ce35891c77fc0dac3e26e5580ba3a88e112e9" score = 75 @@ -56887,8 +57160,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_Ea92Cca8 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Gafgyt.yar#L475-L492" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Gafgyt.yar#L475-L492" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "5a9598b3fd37b15444063403a481df1a43894ddcbbd343961e1c770cb74180c9" score = 75 quality = 73 @@ -56915,8 +57188,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_D4227Dbf : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Gafgyt.yar#L494-L512" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Gafgyt.yar#L494-L512" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961" logic_hash = "7953b8d08834315a6ca2c0c8ac1ec7b74a6ffcb71cec4fc053c24e1b59232c0c" score = 75 @@ -56944,8 +57217,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_09C3070E : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Gafgyt.yar#L514-L532" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Gafgyt.yar#L514-L532" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df" logic_hash = "f8f8e8883cf1e51fbaef81b8334ac5fa45a54682d285282da62c80e4aa50a48d" score = 75 @@ -56973,8 +57246,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_Fa19B8Fc : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Gafgyt.yar#L534-L552" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Gafgyt.yar#L534-L552" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "a7cfc16ec33ec633cbdcbff3c4cefeed84d7cbe9ca1f4e2a3b3e43d39291cd6b" logic_hash = "cddf3b9948b9bc685ff7d4c00377d0f80861169707777022297e549bd166dbf0" score = 75 @@ -57002,8 +57275,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_Eaa9A668 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Gafgyt.yar#L554-L572" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Gafgyt.yar#L554-L572" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "409c55110d392aed1a9ec98a6598fb8da86ab415534c8754aa48e3949e7c4b62" logic_hash = "05e9047342a9d081a09f8514f0ec32d72bc43a286035014ada90b0243f92cfa8" score = 75 @@ -57031,8 +57304,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_46Eec778 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Gafgyt.yar#L574-L592" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Gafgyt.yar#L574-L592" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "9526277255a8d632355bfe54d53154c9c54a4ab75e3ba24333c73ad0ed7cadb1" logic_hash = "08e77a31005e14a06197857301e22d20334c1f2ef7fc06a4208643438377f4c4" score = 75 @@ -57060,8 +57333,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_F51C5Ac3 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Gafgyt.yar#L594-L612" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Gafgyt.yar#L594-L612" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "899c072730590003b98278bdda21c15ecaa2f49ad51e417ed59e88caf054a72d" logic_hash = "e82b5ddb760d5bdcd146e1de12ec34c4764e668543420765146e22dee6f5732b" score = 75 @@ -57089,8 +57362,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_71E487Ea : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Gafgyt.yar#L614-L632" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Gafgyt.yar#L614-L632" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "b8d044f2de21d20c7e4b43a2baf5d8cdb97fba95c3b99816848c0f214515295b" logic_hash = "3de9e0e3334e9e6e5906886f95ff8ce3596f85772dc25021fb0ee148281cf81c" score = 75 @@ -57118,8 +57391,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_6620Ec67 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Gafgyt.yar#L634-L652" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Gafgyt.yar#L634-L652" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "b91eb196605c155c98f824abf8afe122f113d1fed254074117652f93d0c9d6b2" logic_hash = "2df2c8cdc2cb545f916159d44a800708b55a2993cd54a4dcf920a6a8dc6361e7" score = 75 @@ -57147,8 +57420,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_D996D335 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Gafgyt.yar#L654-L672" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Gafgyt.yar#L654-L672" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda" logic_hash = "212c75ab61eac8b3ed2049966628dfc81ae5a620b4a4b38aaa0696d594910dea" score = 75 @@ -57176,8 +57449,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_D0C57A2E : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Gafgyt.yar#L674-L691" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Gafgyt.yar#L674-L691" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "2ac51f0943d573fdc9a39837aeefd9158c27a4b3f35fbbb0a058a88392a53c14" score = 75 quality = 75 @@ -57204,8 +57477,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_751Acb94 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Gafgyt.yar#L693-L710" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Gafgyt.yar#L693-L710" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "1963351d209168f4ae2268d245cfd5320e4442d00746d021088ffae98e5da454" score = 75 quality = 75 @@ -57232,8 +57505,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_656Bf077 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Gafgyt.yar#L712-L730" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Gafgyt.yar#L712-L730" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "c5a317d0d8470814ff343ce78ad2428ebb3f036763fcf703a589b6c4d33a3ec6" logic_hash = "0c9728304e720eb2cd00afad8d16f309514473dece48fa94af6a72ca41705a36" score = 75 @@ -57261,8 +57534,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_E6D75E6F : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Gafgyt.yar#L732-L750" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Gafgyt.yar#L732-L750" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "48b15093f33c18778724c48c34199a420be4beb0d794e36034097806e1521eb8" logic_hash = "339dd33a3313a4a94d2515cd4c2100ac6b9d5e0029881494c28dc3e7c8a05798" score = 75 @@ -57290,8 +57563,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_7167D08F : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Gafgyt.yar#L752-L770" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Gafgyt.yar#L752-L770" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68" logic_hash = "88c07bf06801192f38ef66229a0aa5c1ef6242caeb080ce1c7cd13ad0d540c82" score = 75 @@ -57319,8 +57592,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_27De1106 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Gafgyt.yar#L772-L790" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Gafgyt.yar#L772-L790" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "899c072730590003b98278bdda21c15ecaa2f49ad51e417ed59e88caf054a72d" logic_hash = "4e266e1ae31d7d86866b112a04ca38c0a8185c18ebb10ac6497bbaa69f51b2fd" score = 75 @@ -57348,8 +57621,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_148B91A2 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Gafgyt.yar#L792-L810" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Gafgyt.yar#L792-L810" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "d5b2bde0749ff482dc2389971e2ac76c4b1e7b887208a538d5555f0fe6984825" logic_hash = "1a974c0882c2d088c978a52e5b535807c86f117cf2f05c40c084e849b1849f5b" score = 75 @@ -57377,8 +57650,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_20F5E74F : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Gafgyt.yar#L812-L830" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Gafgyt.yar#L812-L830" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "9084b00f9bb71524987dc000fb2bc6f38e722e2be2832589ca4bb1671e852f5b" logic_hash = "067f1c15961c1ddceecb490b338db9f5b8501d89b38e870edfa628d21527dc1c" score = 75 @@ -57406,8 +57679,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_1B2E2A3A : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Gafgyt.yar#L832-L850" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Gafgyt.yar#L832-L850" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "899c072730590003b98278bdda21c15ecaa2f49ad51e417ed59e88caf054a72d" logic_hash = "6f40f868d20f0125721eb2a7934b356d69b695d4a558155a2ddcd0107d3f8c30" score = 75 @@ -57435,8 +57708,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_620087B9 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Gafgyt.yar#L852-L870" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Gafgyt.yar#L852-L870" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961" logic_hash = "411451ea326498a25af8be5cd43fe0b98973af354706268c89828b88ece5e497" score = 75 @@ -57464,8 +57737,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_Dd0D6173 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Gafgyt.yar#L872-L890" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Gafgyt.yar#L872-L890" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "c5a317d0d8470814ff343ce78ad2428ebb3f036763fcf703a589b6c4d33a3ec6" logic_hash = "7061edef1981e2b93bcdd8be47c0f6067acc140a543eed748bf0513f182e0a59" score = 75 @@ -57493,8 +57766,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_779E142F : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Gafgyt.yar#L892-L910" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Gafgyt.yar#L892-L910" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df" logic_hash = "80ba5a1cf333fafc6a1d7823ca4a8d5c30c1c07a01d6d681c22dd29e197089f1" score = 75 @@ -57522,8 +57795,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_Cf84C9F2 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Gafgyt.yar#L912-L930" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Gafgyt.yar#L912-L930" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df" logic_hash = "9af164ece7e7e0f33dc32f18735a8f655593ae6cde34e05108f3221b71aa8676" score = 75 @@ -57551,8 +57824,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_0Cd591Cd : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Gafgyt.yar#L932-L949" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Gafgyt.yar#L932-L949" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "4300bdd173dfb33ca34c0f2fe4fa6ee071e99d5db201262e914721aad0ad433b" score = 75 quality = 75 @@ -57579,8 +57852,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_859042A0 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Gafgyt.yar#L951-L969" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Gafgyt.yar#L951-L969" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "41615d3f3f27f04669166fdee3996d77890016304ee87851a5f90804d6d4a0b0" logic_hash = "b8daa4a136a6511472703687fe56fbca2bd005a1373802a46c8d211b6d039d75" score = 75 @@ -57608,8 +57881,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_33B4111A : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Gafgyt.yar#L971-L989" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Gafgyt.yar#L971-L989" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961" logic_hash = "a08c0f7be26e2e9abfaa392712895bb3ce1d12583da4060ebe41e1a9c1491b7c" score = 75 @@ -57637,8 +57910,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_4F43B164 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Gafgyt.yar#L991-L1009" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Gafgyt.yar#L991-L1009" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "f0fdb3de75f85e199766bbb39722865cac578cde754afa2d2f065ef028eec788" logic_hash = "79a17e70e9b7af6e53f62211c33355a4c46a82e7c4e80c20ffe9684e24155808" score = 75 @@ -57666,8 +57939,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_E4A1982B : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Gafgyt.yar#L1011-L1028" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Gafgyt.yar#L1011-L1028" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "4cd7aa205b3571cffca208e315d6311fa92a5993e2a8e40d342d6184811f42f0" score = 75 quality = 75 @@ -57694,8 +57967,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_862C4E0E : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Gafgyt.yar#L1030-L1048" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Gafgyt.yar#L1030-L1048" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "9526277255a8d632355bfe54d53154c9c54a4ab75e3ba24333c73ad0ed7cadb1" logic_hash = "a1dce44e76f9d2a517c4849c58dfecb07e1ef0d78fddff10af601184d636583f" score = 75 @@ -57723,8 +57996,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_9127F7Be : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Gafgyt.yar#L1050-L1068" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Gafgyt.yar#L1050-L1068" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "899c072730590003b98278bdda21c15ecaa2f49ad51e417ed59e88caf054a72d" logic_hash = "2b1fa115598561e081dfb9b5f24f6728b0d52cb81ac7933728d81646f461bcae" score = 75 @@ -57752,8 +58025,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_0E03B7D3 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Gafgyt.yar#L1070-L1087" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Gafgyt.yar#L1070-L1087" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "845be03fac893f8e914aabda5206000dc07947ade0b8f46cc5d58d8458f035f6" score = 75 quality = 75 @@ -57780,8 +58053,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_32Eb0C81 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Gafgyt.yar#L1089-L1107" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Gafgyt.yar#L1089-L1107" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df" logic_hash = "a06d9e1190ba79b0e19cab7468f01a49359629a6feb27b7d72f3d1d52d1483d7" score = 75 @@ -57809,8 +58082,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_9Abf7E0C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Gafgyt.yar#L1109-L1126" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Gafgyt.yar#L1109-L1126" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "00276330e388d07368577c4134343cb9fc11957dba6cff5523331199f1ed04aa" score = 75 quality = 75 @@ -57837,8 +58110,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_33801844 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Gafgyt.yar#L1128-L1146" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Gafgyt.yar#L1128-L1146" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "2ceff60e88c30c02c1c7b12a224aba1895669aad7316a40b575579275b3edbb3" logic_hash = "20b8ebce14776e48310be099afd0dca0f28778d0024318b339b75e2689f70128" score = 75 @@ -57866,8 +58139,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_A33A8363 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Gafgyt.yar#L1148-L1165" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Gafgyt.yar#L1148-L1165" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "3fe17dc43f07dacdad6ababf141983854b977e244c0af824fea0ab953ad70fee" score = 75 quality = 75 @@ -57894,8 +58167,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_9A62845F : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Gafgyt.yar#L1167-L1185" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Gafgyt.yar#L1167-L1185" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "f67f8566beab9d7494350923aceb0e76cd28173bdf2c4256e9d45eff7fc8cb41" logic_hash = "b3ab125c8bfb5b7a0be0e92cf5a50057e403ab3597698ec2e7a8bafa0d3a8b80" score = 75 @@ -57923,8 +58196,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_4D81Ad42 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Gafgyt.yar#L1187-L1205" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Gafgyt.yar#L1187-L1205" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "3021a861e6f03df3e7e3919e6255bdae6e48163b9a8ba4f1a5c5dced3e3e368b" logic_hash = "57b54eed37690949ba2d4eff713691f16f00207d7b374beb7dfa2e368588dbb0" score = 75 @@ -57952,8 +58225,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_6A510422 : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "14cc92b99daa0c91aa09d9a7996ee5549a5cacd7be733960b2cf3681a7c2b628" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Gafgyt.yar#L1207-L1225" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Gafgyt.yar#L1207-L1225" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "4384536817bf5df223d4cf145892b7714f2dbd1748930b6cd43152d4e35c9e56" score = 75 quality = 75 @@ -57980,8 +58253,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_D2953F92 : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "14cc92b99daa0c91aa09d9a7996ee5549a5cacd7be733960b2cf3681a7c2b628" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Gafgyt.yar#L1227-L1245" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Gafgyt.yar#L1227-L1245" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "d0af462d26f6ffe469c57d63f1f7d551e3fb9cc39c7e4c35b3e71f659c01c076" score = 75 quality = 75 @@ -58008,8 +58281,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_6Ae4B580 : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "14cc92b99daa0c91aa09d9a7996ee5549a5cacd7be733960b2cf3681a7c2b628" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Gafgyt.yar#L1247-L1265" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Gafgyt.yar#L1247-L1265" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "eb0fe44df1c995c5d4e3a361c3e466f78cb70bffbc76d1b7b345ee651b313b9e" score = 75 quality = 75 @@ -58036,8 +58309,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_D608Cf3B : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "14cc92b99daa0c91aa09d9a7996ee5549a5cacd7be733960b2cf3681a7c2b628" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Gafgyt.yar#L1267-L1285" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Gafgyt.yar#L1267-L1285" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "ad5b7d32c85adc7f778a8f4815e595b90a6f15dec048bcf97c6ab179582eb4f7" score = 75 quality = 75 @@ -58064,8 +58337,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_3F8Cf56E : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "1878f0783085cc6beb2b81cfda304ec983374264ce54b6b98a51c09aea9f750d" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Gafgyt.yar#L1287-L1305" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Gafgyt.yar#L1287-L1305" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "b2cf8b1913a88e6a6346f0ac8cd2e7c33b41d44bf60ff7327ae40a2d54748bd9" score = 75 quality = 75 @@ -58092,8 +58365,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_Fb14E81F : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "0fd07e6068a721774716eb4940e2c19faef02d5bdacf3b018bf5995fa98a3a27" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Gafgyt.yar#L1307-L1325" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Gafgyt.yar#L1307-L1325" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "2efb958c269640c374485502611372f4404cf35d7ab704d20ce37b8c1f69645d" score = 75 quality = 75 @@ -58120,8 +58393,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_E09726Dc : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "1e64187b5e3b5fe71d34ea555ff31961404adad83f8e0bd1ce0aad056a878d73" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Gafgyt.yar#L1327-L1345" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Gafgyt.yar#L1327-L1345" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "ebd00e593a7fcd46e36fd0ca213e1f82c0f4a94448b6fd605d35cea45a490493" score = 75 quality = 75 @@ -58148,8 +58421,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_Ad12B9B6 : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "f0411131acfddb40ac8069164ce2808e9c8928709898d3fb5dc88036003fe9c8" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Gafgyt.yar#L1347-L1365" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Gafgyt.yar#L1347-L1365" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "72a85d14eb8ab78364ea2e8b89d9409c0046b14602f4a3415d829f4985fb2de3" score = 75 quality = 75 @@ -58176,8 +58449,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_0535Ebf7 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Gafgyt.yar#L1367-L1385" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Gafgyt.yar#L1367-L1385" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "77e18bb5479b644ba01d074057c9e2bd532717f6ab3bb88ad2b7497b85d2a5de" logic_hash = "eb574468e9d371def0da74e6aba827272181399a84388a14ffb167ec6ebd40d1" score = 75 @@ -58205,8 +58478,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_32A7Edd2 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Gafgyt.yar#L1387-L1405" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Gafgyt.yar#L1387-L1405" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "79a75c8aa5aa0d1edef5965e1bcf8ba2f2a004a77833a74870b8377d7fde89cf" logic_hash = "af26549c1cad0975735e2c233bc71e5e1b0e283d02552fdaea02656332ecd854" score = 75 @@ -58234,8 +58507,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_D7F35B54 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Gafgyt.yar#L1407-L1425" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Gafgyt.yar#L1407-L1425" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "79a75c8aa5aa0d1edef5965e1bcf8ba2f2a004a77833a74870b8377d7fde89cf" logic_hash = "d827e21c09b8dce65db293aa57b39f49f034537bb708471989ad64e653c479be" score = 75 @@ -58263,8 +58536,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_F11E98Be : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Gafgyt.yar#L1427-L1445" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Gafgyt.yar#L1427-L1445" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "79a75c8aa5aa0d1edef5965e1bcf8ba2f2a004a77833a74870b8377d7fde89cf" logic_hash = "9b9122f0897610dff6b37446b3cecbfcec3dce8dc7e1934e78cc32d5f6ac9648" score = 75 @@ -58292,8 +58565,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_8D4E4F4A : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Gafgyt.yar#L1447-L1465" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Gafgyt.yar#L1447-L1465" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "79a75c8aa5aa0d1edef5965e1bcf8ba2f2a004a77833a74870b8377d7fde89cf" logic_hash = "11ee101a936f8e6949701e840ef48a0fe102099ea3b71c790b9a5128e5c59029" score = 75 @@ -58321,8 +58594,8 @@ rule ELASTIC_Linux_Exploit_Lotoor_03C81Bd9 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_Lotoor.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_Lotoor.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "3fc701a2caab0297112501f55eaeb05264c5e4099c411dcadc7095627e19837a" logic_hash = "dc2dfa128f509221cae8bae9864190e8316bb7a5ae081da1076081b5f4fdc870" score = 75 @@ -58350,8 +58623,8 @@ rule ELASTIC_Linux_Exploit_Lotoor_757637D9 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_Lotoor.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_Lotoor.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "0762fa4e0d74e3c21b2afc8e4c28e2292d1c3de3683c46b5b77f0f9fe1faeec7" logic_hash = "b1f1784aae5958740d03ca50d0b9731e8db7d86d918d16e82cf6fc1e1bf663a9" score = 75 @@ -58379,8 +58652,8 @@ rule ELASTIC_Linux_Exploit_Lotoor_78543893 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_Lotoor.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_Lotoor.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "ff5b02d2b4dfa9c3d53e7218533f3c57e82315be8f62aa17e26eda55a3b53479" logic_hash = "4bb6a6e063fd00569b04f4514ec1731357aa8e8ce4cfee354fdd86773a4358da" score = 75 @@ -58408,8 +58681,8 @@ rule ELASTIC_Linux_Exploit_Lotoor_4F8D83D2 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_Lotoor.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_Lotoor.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "d78128eca706557eeab8a454cf875362a097459347ddc32118f71bd6c73d5bbd" logic_hash = "6fee488d97fe1d4be558b6886c603010c6d1423a750783b38a65d2fb3eeb76f4" score = 75 @@ -58437,8 +58710,8 @@ rule ELASTIC_Linux_Exploit_Lotoor_F4Afd230 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_Lotoor.yar#L81-L99" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_Lotoor.yar#L81-L99" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "805e900ffc9edb9f550dcbc938a3b06d28e9e7d3fb604ff68a311a0accbcd2b1" logic_hash = "9aba4ebbf946f07071bfb94fa50c6981ae8c659aca9ee6e05c7ef214432d7466" score = 75 @@ -58466,8 +58739,8 @@ rule ELASTIC_Linux_Exploit_Lotoor_Bb384Bc9 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_Lotoor.yar#L101-L119" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_Lotoor.yar#L101-L119" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "ecc6635117b99419255af5d292a7af3887b06d5f3b0f59d158281eebfe606445" logic_hash = "1e9faba4f245d8b0d6944430286a5fc3e11cd7e036a4151b29fc2c5f037894fb" score = 75 @@ -58495,8 +58768,8 @@ rule ELASTIC_Linux_Exploit_Lotoor_B293F6Ec : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_Lotoor.yar#L121-L139" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_Lotoor.yar#L121-L139" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "d1fa8520d3c3811d29c3d5702e7e0e7296b3faef0553835c495223a2bc015214" logic_hash = "0e310082714f5283f9b4ccde5a8e17994e3bc4acf3d744b22734c136dde7cebb" score = 75 @@ -58524,8 +58797,8 @@ rule ELASTIC_Linux_Exploit_Lotoor_C5983669 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_Lotoor.yar#L141-L159" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_Lotoor.yar#L141-L159" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "d08be92a484991afae3567256b6cec60a53400e0e9b6f6b4d5c416a22ccca1cf" logic_hash = "ff673070969f1ededf8ff2c7cadfc251c7d2e52da58906b15cfc04593a755d55" score = 75 @@ -58553,8 +58826,8 @@ rule ELASTIC_Linux_Exploit_Lotoor_Fbff22Da : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_Lotoor.yar#L161-L179" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_Lotoor.yar#L161-L179" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "0762fa4e0d74e3c21b2afc8e4c28e2292d1c3de3683c46b5b77f0f9fe1faeec7" logic_hash = "d3e3037593f5714dfb49c6e19631fd46331e2702c8bf6d6099bb5b34158321a9" score = 75 @@ -58582,8 +58855,8 @@ rule ELASTIC_Linux_Exploit_Lotoor_E2D5Fad8 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_Lotoor.yar#L181-L199" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_Lotoor.yar#L181-L199" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "7e54e57db3de32555c15e529c04b35f52d75af630e45b5f8d6c21149866b6929" logic_hash = "b294ce1c4d928d73342bb6260456d850f9c59f3c48c7c4ffbce32ea9238f6eee" score = 75 @@ -58611,8 +58884,8 @@ rule ELASTIC_Linux_Exploit_Lotoor_F2F8Eb6B : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_Lotoor.yar#L201-L219" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_Lotoor.yar#L201-L219" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "01721b9c024ca943f42c402a57f45bd4c77203a604c5c2cd26e5670df76a95b2" logic_hash = "b6555e69b663591550976fd44352ecbdf0a0aef1e07a64396a576125a4fe4ba6" score = 75 @@ -58640,8 +58913,8 @@ rule ELASTIC_Linux_Exploit_Lotoor_89671B03 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_Lotoor.yar#L241-L259" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_Lotoor.yar#L241-L259" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "001098473574cfac1edaca9f1180ab2005569e094be63186c45b48c18f880cf8" logic_hash = "dfa7027c4fa0cbde33df87063fea4ecf51a085f3cc1805123c62747882d0a07e" score = 75 @@ -58669,8 +58942,8 @@ rule ELASTIC_Linux_Exploit_Lotoor_Dbc73Db0 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_Lotoor.yar#L261-L279" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_Lotoor.yar#L261-L279" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "9fe78e4dd7975856a74d8dfd83e69793a769143e0fe6994cbc3ef28ea37d6cf8" logic_hash = "4a7453342fd72dacb781919d3fac3bab02e7ef7c882d5938a2e0e1274c704705" score = 75 @@ -58698,8 +58971,8 @@ rule ELASTIC_Linux_Exploit_Lotoor_Ec339160 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_Lotoor.yar#L281-L299" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_Lotoor.yar#L281-L299" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "0002b469972f5c77a29e2a2719186059a3e96a6f4b1ef2d18a68fee3205ea0ba" logic_hash = "9c1d1254093b172798024c42a6d78f5e6720d20b8c2a8ad4ca26c8e88e42f0e8" score = 75 @@ -58727,8 +59000,8 @@ rule ELASTIC_Linux_Exploit_Lotoor_7Cd57E18 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_Lotoor.yar#L301-L319" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_Lotoor.yar#L301-L319" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "1eecf16dae302ae788d1bc81278139cd9f6af52d7bed48b8677b35ba5eb14e30" logic_hash = "97604cdc9daa9993b9a18dc5df7ab105a5e6001129bcfcfeeb86640bee26f59d" score = 75 @@ -58756,8 +59029,8 @@ rule ELASTIC_Windows_Ransomware_Generic_99F5A632 : FILE MEMORY date = "2022-02-24" modified = "2022-02-24" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Generic.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Generic.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382" logic_hash = "2284cfc91d17816f1733e8fe319af52bc66af467364d27f84e213082c216ae8b" score = 75 @@ -58788,8 +59061,8 @@ rule ELASTIC_Linux_Trojan_Patpooty_E2E0Dff1 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Patpooty.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Patpooty.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "d38b9e76cbc863f69b29fc47262ceafd26ac476b0ae6283d3fa50985f93bedf3" logic_hash = "ec7d12296383ca0ed20e3221fb96b9dbdaf6cc7f07f5c8383e43489a9fd6fcfe" score = 75 @@ -58817,8 +59090,8 @@ rule ELASTIC_Linux_Trojan_Patpooty_F90C7E43 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Patpooty.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Patpooty.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "79475a66be8741d9884bc60f593c81a44bdb212592cd1a7b6130166a724cb3d3" logic_hash = "2d995722b06ce51a5378e395896764421f84afcf6b13855a87ed43d9b9e38982" score = 75 @@ -58846,8 +59119,8 @@ rule ELASTIC_Windows_Trojan_Bughatch_21269Be4 : FILE MEMORY date = "2022-05-09" modified = "2022-06-09" reference = "https://www.elastic.co/security-labs/bughatch-malware-analysis" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Bughatch.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Bughatch.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "b495456a2239f3ba48e43ef295d6c00066473d6a7991051e1705a48746e8051f" logic_hash = "a8a2cae51a31e48ffe729df61ec96e3257f9c997ad5234075f85ed55de96f11d" score = 75 @@ -58877,8 +59150,8 @@ rule ELASTIC_Windows_Trojan_Bughatch_98F3C0Be : FILE MEMORY date = "2022-05-09" modified = "2022-06-09" reference = "https://www.elastic.co/security-labs/bughatch-malware-analysis" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Bughatch.yar#L24-L51" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Bughatch.yar#L24-L51" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "b495456a2239f3ba48e43ef295d6c00066473d6a7991051e1705a48746e8051f" logic_hash = "d578515fece7bd464bb09cc5ddb5caf70f4022e8b10388db689e67e662d57f66" score = 75 @@ -58914,8 +59187,8 @@ rule ELASTIC_Linux_Exploit_CVE_2009_2908_406C2Fef : FILE MEMORY CVE_2009_2908 date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_CVE_2009_2908.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_CVE_2009_2908.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "1e05a23f5b3b9cfde183aec26b723147e1816b95dc0fb7f9ac57376efcb22fcd" logic_hash = "ae379ca7564eb97f141f6ad71ca12973bf1a38cda4bc03e3f4dca1939a9b6b38" score = 75 @@ -58943,8 +59216,8 @@ rule ELASTIC_Linux_Trojan_Dnsamp_C31Eebd4 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Dnsamp.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Dnsamp.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "4b86de97819a49a90961d59f9c3ab9f8e57e19add9fe1237d2a2948b4ff22de6" logic_hash = "b998065eff9f67a1cdf19644a13edb0cef3c619d8b6e16c412d58f5d538e4617" score = 75 @@ -58972,8 +59245,8 @@ rule ELASTIC_Linux_Trojan_Orbit_57C23178 : FILE MEMORY date = "2022-07-20" modified = "2022-08-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Orbit.yar#L1-L40" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Orbit.yar#L1-L40" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "40b5127c8cf9d6bec4dbeb61ba766a95c7b2d0cafafcb82ede5a3a679a3e3020" logic_hash = "25b29e874ea9d400662418ddbb1c995a5a5b49f8ba6f51f59f7aa57cdda74054" score = 75 @@ -59022,8 +59295,8 @@ rule ELASTIC_Windows_Trojan_Bandook_38497690 : FILE MEMORY date = "2022-08-10" modified = "2022-09-29" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Bandook.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Bandook.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "4d079586a51168aac708a9ab7d11a5a49dfe7a16d9ced852fbbc5884020c0c97" logic_hash = "199614993f63636764808313f25199348afdf4d537c8dca06f673559e34636b8" score = 75 @@ -59056,8 +59329,8 @@ rule ELASTIC_Windows_Trojan_Agenttesla_D3Ac2B2F : FILE MEMORY date = "2021-03-22" modified = "2022-06-20" reference = "https://www.elastic.co/security-labs/attack-chain-leads-to-xworm-and-agenttesla" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_AgentTesla.yar#L1-L58" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_AgentTesla.yar#L1-L58" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4" logic_hash = "9c13a99107593d476de1522ced10aa43d34535b844e8c3ae871b22358137c926" score = 75 @@ -59123,8 +59396,8 @@ rule ELASTIC_Windows_Trojan_Agenttesla_E577E17E : FILE MEMORY date = "2022-03-11" modified = "2022-04-12" reference = "https://www.elastic.co/security-labs/attack-chain-leads-to-xworm-and-agenttesla" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_AgentTesla.yar#L60-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_AgentTesla.yar#L60-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "ed43ddb536e6c3f8513213cd6eb2e890b73e26d5543c0ba1deb2690b5c0385b6" logic_hash = "84c5f1096735cee0f0f4ad41a81286c0a60dc17c276f23568b855271d996c8a2" score = 75 @@ -59152,8 +59425,8 @@ rule ELASTIC_Windows_Trojan_Agenttesla_F2A90D14 : FILE MEMORY date = "2022-03-11" modified = "2022-04-12" reference = "https://www.elastic.co/security-labs/attack-chain-leads-to-xworm-and-agenttesla" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_AgentTesla.yar#L81-L100" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_AgentTesla.yar#L81-L100" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "ed43ddb536e6c3f8513213cd6eb2e890b73e26d5543c0ba1deb2690b5c0385b6" logic_hash = "3f39b773f2b1524b05d3c1d9aa1fb54594ec9003d2e9da342b6d17ba885f5a03" score = 75 @@ -59181,8 +59454,8 @@ rule ELASTIC_Windows_Trojan_Agenttesla_A2D69E48 : FILE MEMORY date = "2023-05-01" modified = "2023-06-13" reference = "https://www.elastic.co/security-labs/attack-chain-leads-to-xworm-and-agenttesla" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_AgentTesla.yar#L102-L122" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_AgentTesla.yar#L102-L122" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "edef51e59d10993155104d90fcd80175daa5ade63fec260e3272f17b237a6f44" logic_hash = "1f90be86b7afa7f518a3dcec55028bfc915cf6d4fed1350a56e351946cc55f41" score = 75 @@ -59211,8 +59484,8 @@ rule ELASTIC_Windows_Trojan_Agenttesla_Ebf431A8 : FILE MEMORY date = "2023-12-01" modified = "2024-01-12" reference = "https://www.elastic.co/security-labs/attack-chain-leads-to-xworm-and-agenttesla" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_AgentTesla.yar#L124-L148" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_AgentTesla.yar#L124-L148" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "0cb3051a80a0515ce715b71fdf64abebfb8c71b9814903cb9abcf16c0403f62b" logic_hash = "b02d6e2d68b336aaa37336e0c0c3ffa6c7a126bfcdb6cb6ad5a3432004c6030c" score = 75 @@ -59245,8 +59518,8 @@ rule ELASTIC_Windows_Ransomware_Maze_61254061 : BETA FILE MEMORY date = "2020-04-18" modified = "2021-08-23" reference = "https://www.bleepingcomputer.com/news/security/it-services-giant-cognizant-suffers-maze-ransomware-cyber-attack/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Maze.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Maze.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "b8537add953cdd7bc6adbff97f7f5a94de028709f0bd71102ee96d26d55f4f20" score = 75 quality = 75 @@ -59275,8 +59548,8 @@ rule ELASTIC_Windows_Ransomware_Maze_46F40C40 : BETA FILE MEMORY date = "2020-04-18" modified = "2021-10-04" reference = "https://www.bleepingcomputer.com/news/security/it-services-giant-cognizant-suffers-maze-ransomware-cyber-attack/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Maze.yar#L23-L44" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Maze.yar#L23-L44" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "99180f41aaaf1dfb0a8a40709dcc392fdbc2b2d3a4d4b4a1ab160dd5f2b4c703" score = 75 quality = 75 @@ -59306,8 +59579,8 @@ rule ELASTIC_Windows_Ransomware_Maze_20Caee5B : BETA FILE MEMORY date = "2020-04-18" modified = "2021-08-23" reference = "https://www.bleepingcomputer.com/news/security/it-services-giant-cognizant-suffers-maze-ransomware-cyber-attack/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Maze.yar#L46-L71" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Maze.yar#L46-L71" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "e09c059b285d2176aeba1a1f70d39f13cef4e05dc023c7db25fb9d92bd9a67d9" score = 75 quality = 75 @@ -59341,8 +59614,8 @@ rule ELASTIC_Windows_Ransomware_Maze_F88F136F : BETA FILE MEMORY date = "2020-04-18" modified = "2021-08-23" reference = "https://www.bleepingcomputer.com/news/security/it-services-giant-cognizant-suffers-maze-ransomware-cyber-attack/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Maze.yar#L73-L94" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Maze.yar#L73-L94" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "5587f332a076650f6ad7b1e3b464ef6085d960e6dacf53607cf75c9f9ad07628" score = 75 quality = 75 @@ -59372,8 +59645,8 @@ rule ELASTIC_Linux_Trojan_Sdbot_98628Ea1 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Sdbot.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Sdbot.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "5568ae1f8a1eb879eb4705db5b3820e36c5ecea41eb54a8eef5b742f477cbdd8" logic_hash = "55b8e3fa755965b85a043015f9303644b8e06fe8bfdc0e2062de75bdc2881541" score = 75 @@ -59401,8 +59674,8 @@ rule ELASTIC_Windows_Vulndriver_Arpot_09C714C5 : FILE date = "2022-04-27" modified = "2022-05-03" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_VulnDriver_ArPot.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_VulnDriver_ArPot.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "4b5229b3250c8c08b98cb710d6c056144271de099a57ae09f5d2097fc41bd4f1" logic_hash = "e5f972ad9a31aefbd20237e6ea3dd19a025c2e3487fa080e9f9b8acf1e3f58e6" score = 75 @@ -59432,8 +59705,8 @@ rule ELASTIC_Linux_Exploit_Race_758A0884 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_Race.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_Race.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "a4966baaa34b05cb782071ef114a53cac164e6dece275c862fe96a2cff4a6f06" logic_hash = "ccba0e2ddefd53939cda6b4985def2d487ac5916cbad7374ac3143f02b9f7ff5" score = 75 @@ -59461,8 +59734,8 @@ rule ELASTIC_Windows_Trojan_Zloader_5Dd0A0Bf : FILE MEMORY date = "2022-03-03" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Zloader.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Zloader.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "161e657587361b29cdb883a6836566a946d9d3e5175e166a9fe54981d0c667fa" logic_hash = "1446a4147e1b06fa66907de857011079c55a8e6bf84276eb8518d33468ba1f83" score = 75 @@ -59490,8 +59763,8 @@ rule ELASTIC_Windows_Trojan_Zloader_4Fe0F7F1 : FILE MEMORY date = "2022-03-03" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Zloader.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Zloader.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "161e657587361b29cdb883a6836566a946d9d3e5175e166a9fe54981d0c667fa" logic_hash = "b20fafc9db08c7668b49e18f45632594c3a69ec65fe865e79379c544fc424f8d" score = 75 @@ -59519,8 +59792,8 @@ rule ELASTIC_Windows_Trojan_Zloader_363C65Ed : FILE MEMORY date = "2022-03-03" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Zloader.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Zloader.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "161e657587361b29cdb883a6836566a946d9d3e5175e166a9fe54981d0c667fa" logic_hash = "d3c530f9929db709067a9e1cc59b9cda9dcd8e19352c79ddaf7af6c91b242afd" score = 75 @@ -59548,8 +59821,8 @@ rule ELASTIC_Windows_Trojan_Zloader_79535191 : FILE MEMORY date = "2022-03-03" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Zloader.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Zloader.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "161e657587361b29cdb883a6836566a946d9d3e5175e166a9fe54981d0c667fa" logic_hash = "c398a8ca46c6fe3e59481a092867be77a94809b1568cea918aa6450374063857" score = 75 @@ -59577,8 +59850,8 @@ rule ELASTIC_Windows_Trojan_Raccoon_Af6Decc6 : FILE MEMORY date = "2021-06-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Raccoon.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Raccoon.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "fe09bef10b21f085e9ca411e24e0602392ab5044b7268eaa95fb88790f1a124d" logic_hash = "50ec446e8fd51129c7333c943dfe62db099fe1379530441f6b102fcbe3bc0dbd" score = 75 @@ -59607,8 +59880,8 @@ rule ELASTIC_Windows_Trojan_Raccoon_58091F64 : FILE MEMORY date = "2021-06-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Raccoon.yar#L22-L40" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Raccoon.yar#L22-L40" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "fe09bef10b21f085e9ca411e24e0602392ab5044b7268eaa95fb88790f1a124d" logic_hash = "8a7388e9c3dd0dd1a79215dbabcd964a0afa883490611afb6bb500635fbfff9a" score = 75 @@ -59636,8 +59909,8 @@ rule ELASTIC_Windows_Trojan_Raccoon_Deb6325C : FILE MEMORY date = "2022-06-28" modified = "2022-07-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Raccoon.yar#L42-L63" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Raccoon.yar#L42-L63" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "f7b1aaae018d5287444990606fc43a0f2deb4ac0c7b2712cc28331781d43ae27" logic_hash = "94f70c60ed4fab021e013cf6a632321e0e1bdeef25a48a598d9e7388e7e445ca" score = 75 @@ -59668,8 +59941,8 @@ rule ELASTIC_Windows_Trojan_Xworm_732E6C12 : FILE MEMORY date = "2023-04-03" modified = "2023-04-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Xworm.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Xworm.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "bf5ea8d5fd573abb86de0f27e64df194e7f9efbaadd5063dee8ff9c5c3baeaa2" logic_hash = "6aa72029eeeb2edd2472bf0db80b9c0ae4033d7d977cbee75ac94414d1cdff7a" score = 75 @@ -59703,8 +59976,8 @@ rule ELASTIC_Windows_Ransomware_Hellokitty_8859E8E8 : FILE MEMORY date = "2021-05-03" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Hellokitty.yar#L1-L32" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Hellokitty.yar#L1-L32" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "3ae7bedf236d4e53a33f3a3e1e80eae2d93e91b1988da2f7fcb8fde5dcc3a0e9" logic_hash = "72cc718724d9d9a391a9f7a0932ebf397c2ab79558437533bef6e380b06baff9" score = 75 @@ -59745,8 +60018,8 @@ rule ELASTIC_Windows_Ransomware_Hellokitty_4B668121 : FILE MEMORY date = "2021-05-03" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Hellokitty.yar#L34-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Hellokitty.yar#L34-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "9a7daafc56300bd94ceef23eac56a0735b63ec6b9a7a409fb5a9b63efe1aa0b0" logic_hash = "00c7a492c304f12b9909e35cf069618a1103311a69e3e8951ca196c3c663b12a" score = 75 @@ -59781,8 +60054,8 @@ rule ELASTIC_Windows_Ransomware_Hellokitty_D9391A1A : FILE MEMORY date = "2021-05-03" modified = "2023-01-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Hellokitty.yar#L61-L80" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Hellokitty.yar#L61-L80" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "10887d13dba1f83ef34e047455a04416d25a83079a7f3798ce3483e0526e3768" logic_hash = "074ca47c0526d9828f3c07c7d6dbdd1cec609670d70340b022ae2c712ad80305" score = 75 @@ -59811,8 +60084,8 @@ rule ELASTIC_Linux_Backdoor_Fontonlake_Fe916A45 : FILE MEMORY date = "2021-10-12" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Backdoor_Fontonlake.yar#L1-L29" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Backdoor_Fontonlake.yar#L1-L29" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "8a0a9740cf928b3bd1157a9044c6aced0dfeef3aa25e9ff9c93e113cbc1117ee" logic_hash = "590b28264345ea0bdbd53791f422cb4f1fad143df2b790824fc182356a568d7d" score = 75 @@ -59850,8 +60123,8 @@ rule ELASTIC_Windows_Hacktool_Sharphound_5Adf9D6D : FILE MEMORY date = "2022-10-20" modified = "2022-11-24" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Hacktool_SharpHound.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Hacktool_SharpHound.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "1f74ed6e61880d19e53cde5b0d67a0507bfda0be661860300dcb0f20ea9a45f4" logic_hash = "2c9f38187866985109a42ffdf8940b5d195aadd3815b2de952b190d4b0b95c3c" score = 75 @@ -59883,8 +60156,8 @@ rule ELASTIC_Windows_Hacktool_Darkloadlibrary_C25Ee4Eb : FILE MEMORY date = "2022-12-02" modified = "2023-01-11" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Hacktool_DarkLoadLibrary.yar#L1-L29" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Hacktool_DarkLoadLibrary.yar#L1-L29" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "5546194a71bc449789c3697f9c106860ac0a21e1ccf2b1196120b3f92f4b5306" logic_hash = "c585abbe72834e9ba2e5f1c8070a43b0f10c2b574c72ffe1def4bfd431096415" score = 75 @@ -59922,8 +60195,8 @@ rule ELASTIC_Windows_Vulndriver_Gdrv_5368078B : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_VulnDriver_GDrv.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_VulnDriver_GDrv.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "31f4cfb4c71da44120752721103a16512444c13c2ac2d857a7e6f13cb679b427" logic_hash = "f4d43ac4a4b6d879ffb5ba637b38ec75c8b57f531db644015c1a71c2cdea45d5" score = 75 @@ -59953,8 +60226,8 @@ rule ELASTIC_Linux_Backdoor_Generic_Babf9101 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Backdoor_Generic.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Backdoor_Generic.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "9ea73d2c2a5f480ae343846e2b6dd791937577cb2b3d8358f5b6ede8f3696b86" logic_hash = "40084f3bed66c1d4a1cd2ffca99fd6789c8ed2db04031e4d4a4926b41d622355" score = 75 @@ -59982,8 +60255,8 @@ rule ELASTIC_Linux_Backdoor_Generic_5776Ae49 : FILE MEMORY date = "2021-04-06" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Backdoor_Generic.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Backdoor_Generic.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "e247a5decb5184fd5dee0d209018e402c053f4a950dae23be59b71c082eb910c" logic_hash = "b606f12c47182d80e07f8715639c3cc73753274bd8833cb9f6380879356a2b12" score = 75 @@ -60011,8 +60284,8 @@ rule ELASTIC_Windows_Ransomware_Sodinokibi_83F05Fbe : BETA FILE MEMORY date = "2020-06-18" modified = "2021-08-23" reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.revil" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Sodinokibi.yar#L1-L34" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Sodinokibi.yar#L1-L34" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "c88fc2690deae3700e605b2affb5ecac3d1ffc92435f33209f31897d28715b8c" score = 75 quality = 73 @@ -60053,8 +60326,8 @@ rule ELASTIC_Windows_Ransomware_Sodinokibi_182B2Cea : BETA FILE MEMORY date = "2020-06-18" modified = "2021-10-04" reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.revil" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Sodinokibi.yar#L36-L62" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Sodinokibi.yar#L36-L62" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "1c23effe5f8b35c5e03ebd5e57664c8937259d464f92dda0a9df344b982e8f8c" score = 75 quality = 75 @@ -60088,8 +60361,8 @@ rule ELASTIC_Windows_Ransomware_Sodinokibi_A282Ba44 : BETA FILE MEMORY date = "2020-06-18" modified = "2021-08-23" reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.revil" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Sodinokibi.yar#L64-L91" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Sodinokibi.yar#L64-L91" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "3a583069c9ab851a90f3a61c9c4fa67f8b918b8d168fcf7f25b2a3ae3465c596" score = 75 quality = 75 @@ -60124,8 +60397,8 @@ rule ELASTIC_Windows_Vulndriver_Mhyprot_26214176 : FILE date = "2022-08-25" modified = "2022-08-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_VulnDriver_Mhyprot.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_VulnDriver_Mhyprot.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "509628b6d16d2428031311d7bd2add8d5f5160e9ecc0cd909f1e82bbbb3234d6" logic_hash = "61d1713c689b9d663f2d3360d07735b07ca10365b5ce424b2df726bd6cc434d3" score = 75 @@ -60156,8 +60429,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_825B6808 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Hacktool_Flooder.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Hacktool_Flooder.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "7db9a0760dd16e23cb299559a0e31a431b836a105d5309a9880fa4b821937659" logic_hash = "f5f997d8401f1505e81072dcb0e24ad7a78f0b56133698b70d8dd93ef25ddaf3" score = 75 @@ -60185,8 +60458,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_A44Ab8Cd : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Hacktool_Flooder.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Hacktool_Flooder.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "4b2068a4a666b0279358b8eb4f480d2df4c518a8b4518d0d77c6687c3bff0a32" logic_hash = "a0501f76aff532366292189d34a57844ba999748b94f349be2f391dfd96e2106" score = 75 @@ -60214,8 +60487,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_7026F674 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Hacktool_Flooder.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Hacktool_Flooder.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "b7a77ebb66664c54d01a57abed5bb034ef2933a9590b595bba0566938b099438" logic_hash = "ec8ece1f922260f620fb30d82469f77a4d0239da536fc464fc37a3943cd6e463" score = 75 @@ -60243,8 +60516,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_761Ad88E : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Hacktool_Flooder.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Hacktool_Flooder.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "1d88971f342e4bc4e6615e42080a3b6cec9f84912aa273c36fc46aaf86ff6771" logic_hash = "2b0c64da713e2f8ff671cbe086638810bc02a983d42851e78c68a57bde9f023c" score = 75 @@ -60272,8 +60545,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_B93655D3 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Hacktool_Flooder.yar#L81-L98" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Hacktool_Flooder.yar#L81-L98" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "34cb06385543c6c2c562f757df2f641d8402e7c9f95fa924e17652a1c38d695f" score = 75 quality = 75 @@ -60300,8 +60573,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_Af9F75E6 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Hacktool_Flooder.yar#L100-L118" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Hacktool_Flooder.yar#L100-L118" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "bf6f3ffaf94444a09b69cbd4c8c0224d7eb98eb41514bdc3f58c1fb90ac0e705" logic_hash = "b74f5fad3c7219038e51eb4fa12fb9d55d7f65a9f4bab0adff8609fabb0afdab" score = 75 @@ -60329,8 +60602,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_1Bf0E994 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Hacktool_Flooder.yar#L120-L138" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Hacktool_Flooder.yar#L120-L138" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "1ea2dc13eec0d7a8ec20307f5afac8e9344d827a6037bb96a54ad7b12f65b59c" logic_hash = "2c1099b8078ac306f7cb67be5b5b5e34f57414b9aa26bdd6c26d3636c80846cd" score = 75 @@ -60358,8 +60631,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_D710A5Da : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Hacktool_Flooder.yar#L140-L158" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Hacktool_Flooder.yar#L140-L158" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "ba895a9c449bf9bf6c092df88b6d862a3e8ed4079ef795e5520cb163a45bcdb4" logic_hash = "118a29cc0ccd191181dabc134de282ba134e041113faaa4d95e0aa201646438b" score = 75 @@ -60387,8 +60660,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_F434A3Fb : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Hacktool_Flooder.yar#L160-L178" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Hacktool_Flooder.yar#L160-L178" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "ba895a9c449bf9bf6c092df88b6d862a3e8ed4079ef795e5520cb163a45bcdb4" logic_hash = "11b173f73b87f50775be50c6b4528bd9b148ea4266297aec76ae126cab0facb0" score = 75 @@ -60416,8 +60689,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_A2795A4C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Hacktool_Flooder.yar#L180-L198" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Hacktool_Flooder.yar#L180-L198" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "9a564d6b29d2aaff960e6f84cd0ef4c701fefa2a62e2ea690106f3fdbabb0d71" logic_hash = "18e15b8a417f9ff2fd9277a01eb3224c761807ce9541ece568f4525ae66eb81f" score = 75 @@ -60445,8 +60718,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_678C1145 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Hacktool_Flooder.yar#L200-L218" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Hacktool_Flooder.yar#L200-L218" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "559793b9cb5340478f76aaf5f81c8dbfbcfa826657713d5257dac3c496b243a6" logic_hash = "5ff15c8d92bca62700bbb67aeebc41fd603687dbc0c93733955bf59375df40a1" score = 60 @@ -60474,8 +60747,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_3Cbdfb1F : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Hacktool_Flooder.yar#L220-L238" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Hacktool_Flooder.yar#L220-L238" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "bd40ac964f3ad2011841c7eb4bf7cab332d4d95191122e830ab031dc9511c079" logic_hash = "38e8ca59bf55c32b99aa76a89f60edcf09956b7cad0b4745fab92eca327c52db" score = 75 @@ -60503,8 +60776,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_8B63Ff02 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Hacktool_Flooder.yar#L240-L258" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Hacktool_Flooder.yar#L240-L258" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "a57de6cd3468f55b4bfded5f1eed610fdb2cbffbb584660ae000c20663d5b304" logic_hash = "3b68353c8eeb21a3eba7a02ae76b66b4f094ec52d5309582544d247cc6548da3" score = 75 @@ -60532,8 +60805,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_30973084 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Hacktool_Flooder.yar#L260-L278" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Hacktool_Flooder.yar#L260-L278" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "a22ffa748bcaaed801f48f38b26a9cfdd5e62183a9f6f31c8a1d4a8443bf62a4" logic_hash = "d965a032c0fb6020c6187aa3117f7251dd8c9287c45453e3d5ae2ac62b3067bb" score = 75 @@ -60561,8 +60834,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_1Cfa95Dd : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Hacktool_Flooder.yar#L280-L298" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Hacktool_Flooder.yar#L280-L298" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "1d88971f342e4bc4e6615e42080a3b6cec9f84912aa273c36fc46aaf86ff6771" logic_hash = "f73a96cc379c8dc060bfe5668ef7e47c5bcd037b3f41c300ef20c2f2f653cb00" score = 75 @@ -60590,8 +60863,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_25C48456 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Hacktool_Flooder.yar#L300-L318" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Hacktool_Flooder.yar#L300-L318" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "eba6f3e4f7b53e22522d82bdbdf5271c3fc701cbe07e9ecb7b4c0b85adc9d6b4" logic_hash = "4ed4b901fccaed834b9908fb447da1521bf31f283ae55b6d8f6090814cf8fcd2" score = 75 @@ -60619,8 +60892,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_B1Ca2Abd : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Hacktool_Flooder.yar#L320-L338" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Hacktool_Flooder.yar#L320-L338" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "1d88971f342e4bc4e6615e42080a3b6cec9f84912aa273c36fc46aaf86ff6771" logic_hash = "05b906a9823bf9ba25ba1ed490beb8f338429cbc744ca230c5c4cbb41ab9f140" score = 75 @@ -60648,8 +60921,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_Cce8C792 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Hacktool_Flooder.yar#L340-L358" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Hacktool_Flooder.yar#L340-L358" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "ea56da9584fc36dc67cb1e746bd13c95c4d878f9d594e33221baad7e01571ee6" logic_hash = "14700d24e8682ec04f2aae02f5820c4d956db60583b1bc61038b47e709705d0d" score = 75 @@ -60677,8 +60950,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_4Bcea1C4 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Hacktool_Flooder.yar#L360-L378" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Hacktool_Flooder.yar#L360-L378" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "9a564d6b29d2aaff960e6f84cd0ef4c701fefa2a62e2ea690106f3fdbabb0d71" logic_hash = "76019729a3a33fc04ff983f38b4fbf174a66da7ffc05cd07eb93e3cd5aecaaa2" score = 75 @@ -60706,8 +60979,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_Ab561A1B : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Hacktool_Flooder.yar#L380-L398" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Hacktool_Flooder.yar#L380-L398" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "1b7df0d491974bead05d04ede6cf763ecac30ecff4d27bb4097c90cc9c3f4155" logic_hash = "5720d2ada4b33514f2d528417876606d2951786df8b0512f9e8833b8ec87127a" score = 75 @@ -60735,8 +61008,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_1A4Eb229 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Hacktool_Flooder.yar#L400-L418" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Hacktool_Flooder.yar#L400-L418" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "bf6f3ffaf94444a09b69cbd4c8c0224d7eb98eb41514bdc3f58c1fb90ac0e705" logic_hash = "83b04e366a05a46ad67b9aaf6b9658520e119003cd65941dd69416cbc5229c30" score = 75 @@ -60764,8 +61037,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_51Ef0659 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Hacktool_Flooder.yar#L420-L438" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Hacktool_Flooder.yar#L420-L438" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "b7a2bc75dd9c44c38b2a6e4e7e579142ece92a75b8a3f815940c5aa31470be2b" logic_hash = "26dd95cb1cdaec10d408e294a3baca85d741cf5e56649cdcc79ef7216e4cb440" score = 75 @@ -60793,8 +61066,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_D90C4Cbe : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Hacktool_Flooder.yar#L440-L458" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Hacktool_Flooder.yar#L440-L458" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "409c55110d392aed1a9ec98a6598fb8da86ab415534c8754aa48e3949e7c4b62" logic_hash = "145d32f8a06af18e6f13b0905cc51fd7b1a9e00b41b0f0a5d537ada2b54a94b5" score = 75 @@ -60822,8 +61095,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_C680C9Fd : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Hacktool_Flooder.yar#L460-L478" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Hacktool_Flooder.yar#L460-L478" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "ea56da9584fc36dc67cb1e746bd13c95c4d878f9d594e33221baad7e01571ee6" logic_hash = "a283132ffdd109b8b1f01e5a3e2700b70b742945c7ae8b15b2b244fb249a5e3d" score = 75 @@ -60851,8 +61124,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_E63396F4 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Hacktool_Flooder.yar#L480-L498" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Hacktool_Flooder.yar#L480-L498" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "913e6d2538bd7eed3a8f3d958cf445fe11c5c299a70e5385e0df6a9b2f638323" logic_hash = "d3f7c62a7411caf86ee574a686b4b1972066602f89d39ae9e49ba66d9917c7c9" score = 75 @@ -60880,8 +61153,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_7D5355Da : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "03397525f90c8c2242058d2f6afc81ceab199c5abcab8fd460fabb6b083d8d20" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Hacktool_Flooder.yar#L500-L518" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Hacktool_Flooder.yar#L500-L518" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "b4540f941ca1a36c460d056ef263ebd67c6388f3f6f373f50371f7cca2739bc4" score = 75 quality = 75 @@ -60908,8 +61181,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_A9E8A90F : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "0558cf8cab0ba1515b3b69ac32975e5e18d754874e7a54d19098e7240ebf44e4" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Hacktool_Flooder.yar#L520-L538" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Hacktool_Flooder.yar#L520-L538" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "8f1fcb736a9363142a25426ef2d166f92526bffaf8069f1b12056c9cf5825379" score = 75 quality = 75 @@ -60936,8 +61209,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_A598192A : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "101f2240cd032831b9c0930a68ea6f74688f68ae801c776c71b488e17bc71871" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Hacktool_Flooder.yar#L540-L558" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Hacktool_Flooder.yar#L540-L558" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "19909f53acca8c84125c95fc651765a25162c5f916366da8351e67675393e583" score = 75 quality = 75 @@ -60964,8 +61237,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_53Bf4E37 : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "101f2240cd032831b9c0930a68ea6f74688f68ae801c776c71b488e17bc71871" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Hacktool_Flooder.yar#L560-L578" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Hacktool_Flooder.yar#L560-L578" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "d1aabf8067b74dac114e197722d51c4bbb9a78e6ba9b5401399930c29d55bdcc" score = 75 quality = 75 @@ -60992,8 +61265,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_50158A6E : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "1e0cdb655e48d21a6b02d2e1e62052ffaaec9fdfe65a3d180fc8afabc249e1d8" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Hacktool_Flooder.yar#L580-L598" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Hacktool_Flooder.yar#L580-L598" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "67c22fcf514a3e8c2c27817798c796aacf00ba82e1090894aa2c1170a1e2a096" score = 75 quality = 75 @@ -61020,8 +61293,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_F454Ec10 : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "0297e1ad6e180af85256a175183102776212d324a2ce0c4f32e8a44a2e2e9dad" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Hacktool_Flooder.yar#L600-L618" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Hacktool_Flooder.yar#L600-L618" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "e5afb215632ad6359ba95df86316d496ea5e36edb79901c34e0710a6bd9c97d1" score = 75 quality = 75 @@ -61048,8 +61321,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_9417F77B : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "60ff13e27dad5e6eadb04011aa653a15e1a07200b6630fdd0d0d72a9ba797d68" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Hacktool_Flooder.yar#L620-L638" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Hacktool_Flooder.yar#L620-L638" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "470b7e44cd875b1f6abcfa5e4d33d2808a65630dc914b38643c9efb14db5f1ff" score = 75 quality = 75 @@ -61076,8 +61349,8 @@ rule ELASTIC_Windows_Trojan_Darkcloud_9905Abce : FILE MEMORY date = "2023-05-03" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_DarkCloud.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_DarkCloud.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "500cb8459c19acd5a1144c4b509c14dbddec74ad623896bfe946fde1cd99a571" logic_hash = "27d3841d6acf87f5c9c03d643c7859d9eaf42e49ed0241b761f858c669c4e931" score = 75 @@ -61106,8 +61379,8 @@ rule ELASTIC_Windows_Trojan_Xtremerat_Cd5B60Be : FILE MEMORY date = "2022-03-15" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_XtremeRAT.yar#L1-L28" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_XtremeRAT.yar#L1-L28" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "735f7bf255bdc5ce8e69259c8e24164e5364aeac3ee78782b7b5275c1d793da8" logic_hash = "a6997ae4842bd45c440925ef2a5848b57c58e2373c0971ce6b328ea297ee97b4" score = 75 @@ -61144,8 +61417,8 @@ rule ELASTIC_Linux_Cryptominer_Miancha_646803Ef : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Miancha.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Miancha.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "4c7761c9376ed065887dc6ce852491641419eb2d1f393c37ed0a5cb29bd108d4" logic_hash = "8fd386c0e7037565e8ab206642cc8c11f05ca727b365b94ffdd991f4bed95556" score = 75 @@ -61173,8 +61446,8 @@ rule ELASTIC_Linux_Trojan_Dofloo_Be1973Ed : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Dofloo.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Dofloo.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "88d826bac06c29e1b9024baaf90783e15d87d2a5c8c97426cbd5a70ae0f99461" logic_hash = "65f9daabf44006fe4405032bf93570185248bc62cd287650c68f854b23aa2158" score = 75 @@ -61202,8 +61475,8 @@ rule ELASTIC_Linux_Trojan_Dofloo_1D057993 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Dofloo.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Dofloo.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "88d826bac06c29e1b9024baaf90783e15d87d2a5c8c97426cbd5a70ae0f99461" logic_hash = "c5e15e21946816052d5a8dc293db3830f1d6d06cdbf22eb8667b655206dbbc1f" score = 75 @@ -61231,8 +61504,8 @@ rule ELASTIC_Linux_Trojan_Dofloo_29C12775 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Dofloo.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Dofloo.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "88d826bac06c29e1b9024baaf90783e15d87d2a5c8c97426cbd5a70ae0f99461" logic_hash = "a8eb79fdf57811f4ffd5a7c5ec54cf46c06281f8cd4d677aec1ad168d6648a08" score = 75 @@ -61260,8 +61533,8 @@ rule ELASTIC_Linux_Hacktool_Exploitscan_4327F817 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Hacktool_Exploitscan.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Hacktool_Exploitscan.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "66c6d0e58916d863a1a973b4f5cb7d691fbd01d26b408dbc8c74f0f1e4088dfb" logic_hash = "7797d9bd75dff355e1ee84b856e77cf9e886dfe727fb8ce7a6fdbe5ed1eb0985" score = 75 @@ -61289,8 +61562,8 @@ rule ELASTIC_Windows_Trojan_Diamondfox_18Bc11E3 : FILE MEMORY date = "2022-03-02" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_DiamondFox.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_DiamondFox.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "a44c46d4b9cf1254aaabd1e689f84c4d2c3dd213597f827acabface03a1ae6d1" logic_hash = "c64e4b3349b33cfd0fec1fe41f91ad819bb6b6751e822d7ab8d14638ad27571d" score = 75 @@ -61322,8 +61595,8 @@ rule ELASTIC_Windows_Hacktool_Cheatengine_Fedac96D : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Hacktool_CheatEngine.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Hacktool_CheatEngine.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "b20b339a7b61dc7dbc9a36c45492ba9654a8b8a7c8cbc202ed1dfed427cfd799" logic_hash = "426b6d388f86dd935d8165af0fb7c8491c987542755ec4c7c53a35a9003f8680" score = 75 @@ -61352,8 +61625,8 @@ rule ELASTIC_Windows_Trojan_Stealc_B8Ab9Ab5 : FILE MEMORY date = "2024-03-13" modified = "2024-03-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Stealc.yar#L1-L27" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Stealc.yar#L1-L27" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "0d1c07c84c54348db1637e21260dbed09bd6b7e675ef58e003d0fe8f017fd2c8" logic_hash = "5fc5d5cea481d1d204d1aa6c52679a23eb59438df2fe547d14c00524772867bb" score = 75 @@ -61389,8 +61662,8 @@ rule ELASTIC_Windows_Trojan_Stealc_A2B71Dc4 : FILE MEMORY date = "2024-03-13" modified = "2024-03-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Stealc.yar#L29-L50" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Stealc.yar#L29-L50" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "0d1c07c84c54348db1637e21260dbed09bd6b7e675ef58e003d0fe8f017fd2c8" logic_hash = "b79ac3e65cd7d2819d6a49f59ec661241c97174f66a7c4ada91932f10fc43583" score = 75 @@ -61421,8 +61694,8 @@ rule ELASTIC_Windows_Ransomware_Wannacry_D9855102 : FILE MEMORY date = "2022-08-29" modified = "2022-09-29" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_WannaCry.yar#L1-L26" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_WannaCry.yar#L1-L26" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "0b7878babbaf7c63d808f3ce32c7306cb785fdfb1ceb73be07fb48fdd091fdfb" logic_hash = "5edf6a42c9f20de3819b46f24be243940b79e7e9004fee3d601794ea0b534cf1" score = 75 @@ -61457,8 +61730,8 @@ rule ELASTIC_Windows_Ransomware_Blackbasta_494D3C54 : FILE MEMORY date = "2022-08-06" modified = "2022-08-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_BlackBasta.yar#L1-L27" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_BlackBasta.yar#L1-L27" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "357fe8c56e246ffacd54d12f4deb9f1adb25cb772b5cd2436246da3f2d01c222" logic_hash = "1ecb3c95a2d3f91d267f0b625fffc8477612fde9de3942eff8eb13115c0af6b8" score = 75 @@ -61494,8 +61767,8 @@ rule ELASTIC_Windows_Trojan_Formbook_1112E116 : FILE MEMORY date = "2021-06-14" modified = "2021-08-23" reference = "https://www.elastic.co/security-labs/formbook-adopts-cab-less-approach" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Formbook.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Formbook.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a" logic_hash = "ec307a8681fa01fc0c7c0579b0e3eff10e7f373159ad58dae0a358ff16fbc10b" score = 75 @@ -61526,8 +61799,8 @@ rule ELASTIC_Windows_Trojan_Formbook_772Cc62D : FILE MEMORY date = "2022-05-23" modified = "2022-07-18" reference = "https://www.elastic.co/security-labs/formbook-adopts-cab-less-approach" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Formbook.yar#L25-L46" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Formbook.yar#L25-L46" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "db9ab8df029856fc1c210499ed8e1b92c9722f7aa2264363670c47b51ec8fa83" score = 75 quality = 25 @@ -61557,8 +61830,8 @@ rule ELASTIC_Windows_Trojan_Formbook_5799D1F2 : FILE MEMORY date = "2022-06-08" modified = "2022-09-29" reference = "https://www.elastic.co/security-labs/formbook-adopts-cab-less-approach" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Formbook.yar#L48-L67" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Formbook.yar#L48-L67" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "8555a6d313cb17f958fc2e08d6c042aaff9ceda967f8598ac65ab6333d14efd9" logic_hash = "8e61eabd11beb9fb35c016983cfb3085f5ceddfc8268522f3b48d20be5b5df6a" score = 75 @@ -61586,8 +61859,8 @@ rule ELASTIC_Linux_Ransomware_Echoraix_Ea9532Df : FILE MEMORY date = "2023-07-27" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Ransomware_EchoRaix.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Ransomware_EchoRaix.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "dfe32d97eb48fb2afc295eecfda3196cba5d27ced6217532d119a764071c6297" logic_hash = "4944f5a2632bfe0abebfa6f658ed3f71e4d97efcb428ed0987e2071dfd66e6a9" score = 75 @@ -61615,8 +61888,8 @@ rule ELASTIC_Linux_Ransomware_Echoraix_Ee0C719A : FILE MEMORY date = "2023-07-29" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Ransomware_EchoRaix.yar#L21-L40" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Ransomware_EchoRaix.yar#L21-L40" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "e711b2d9323582aa390cf34846a2064457ae065c7d2ee1a78f5ed0859b40f9c0" logic_hash = "3ca12ea0f1794935ea570dda83f33d04ffb19b6664cc1c8b1cbeed59ac04a01a" score = 75 @@ -61645,8 +61918,8 @@ rule ELASTIC_Windows_Ransomware_Royal_B7D42109 : FILE MEMORY date = "2022-11-04" modified = "2022-12-20" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Royal.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Royal.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "491c2b32095174b9de2fd799732a6f84878c2e23b9bb560cd3155cbdc65e2b80" logic_hash = "06f4a1487e97e0b8c1f5df380ab4f90b37ef0a508aba7dac272c16c8371d8143" score = 75 @@ -61677,8 +61950,8 @@ rule ELASTIC_Linux_Ransomware_Redalert_39642D52 : FILE MEMORY date = "2022-07-06" modified = "2022-08-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Ransomware_RedAlert.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Ransomware_RedAlert.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "039e1765de1cdec65ad5e49266ab794f8e5642adb0bdeb78d8c0b77e8b34ae09" logic_hash = "fa8fc16f0c8a55dd78781d334d7f55db6aa5e60f76cebf5282150af8ceb08dc3" score = 75 @@ -61710,8 +61983,8 @@ rule ELASTIC_Windows_Trojan_Oskistealer_A158B1E3 : FILE MEMORY date = "2022-03-21" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_OskiStealer.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_OskiStealer.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "568cd515c9a3bce7ef21520761b02cbfc95d8884d5b2dc38fc352af92356c694" logic_hash = "0ddbe0b234ed60f5a3fc537cdaebf39f639ee24fd66143c9036a9f4786d4c51b" score = 75 @@ -61743,8 +62016,8 @@ rule ELASTIC_Linux_Trojan_Shellbot_65Aa6568 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Shellbot.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Shellbot.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "457d1f4e1db41a9bdbfad78a6815f42e45da16ad0252673b9a2b5dcefc02c47b" logic_hash = "46558801151ddc2f25bf46a278719f027acca2a18d2a9fcb275f4d787fbb1f0b" score = 75 @@ -61772,8 +62045,8 @@ rule ELASTIC_Windows_Trojan_Plugx_5F3844Ff : FILE MEMORY date = "2023-08-28" modified = "2023-09-20" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_PlugX.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_PlugX.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "a823380e46878dfa8deb3ca0dc394db1db23bb2544e2d6e49c0eceeffb595875" logic_hash = "a1a484f4cf00ec0775a3f322bae66ce5f9cc52f08306b38f079445233c49bf52" score = 75 @@ -61805,8 +62078,8 @@ rule ELASTIC_Windows_Trojan_Matanbuchus_B521801B : FILE MEMORY date = "2022-03-17" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Matanbuchus.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Matanbuchus.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2" logic_hash = "609a0941b118d737124a5cd9c98c007e21557a239cfa3cf97cd3b4348c934f03" score = 75 @@ -61837,8 +62110,8 @@ rule ELASTIC_Windows_Trojan_Matanbuchus_4Ce9Affb : FILE MEMORY date = "2022-03-17" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Matanbuchus.yar#L24-L42" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Matanbuchus.yar#L24-L42" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2" logic_hash = "16441eb4617b6b3cb1e7d600959a5cbfe15c72c00361b45551b7ef4c81f78462" score = 75 @@ -61866,8 +62139,8 @@ rule ELASTIC_Windows_Trojan_Matanbuchus_58A61Aaa : FILE MEMORY date = "2022-03-17" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Matanbuchus.yar#L44-L62" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Matanbuchus.yar#L44-L62" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2" logic_hash = "7226e2f61bd6f1cca15c1f3f8d8697cb277d1e214f756295ffda5bc16304cc49" score = 75 @@ -61895,8 +62168,8 @@ rule ELASTIC_Windows_Trojan_Matanbuchus_C7811Ccc : FILE MEMORY date = "2022-03-17" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Matanbuchus.yar#L64-L82" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Matanbuchus.yar#L64-L82" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2" logic_hash = "e65dc05f6d9289a42c05afdc4da0ce1c18c1129dd87688a277ece925e83d7ef1" score = 75 @@ -61924,8 +62197,8 @@ rule ELASTIC_Windows_Trojan_Avemaria_31D2Bce9 : FILE MEMORY date = "2021-05-30" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_AveMaria.yar#L1-L31" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_AveMaria.yar#L1-L31" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "5767bca39fa46d32a6cb69ef7bd1feaac949874768dac192dbf1cf43336b3d7b" logic_hash = "7ba59c3be07e35b415719b60b14a0f629619e5729c20f50f00dbea0c2f8bd026" score = 75 @@ -61965,8 +62238,8 @@ rule ELASTIC_Linux_Trojan_Sckit_A244328F : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Sckit.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Sckit.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "685da66303a007322d235b7808190c3ea78a828679277e8e03e6d8d511df0a30" logic_hash = "8001c9fcf9f8b70c3e27554156b0b26ddcd6cab36bf97cf3b89a4c43c9ad883c" score = 75 @@ -61994,8 +62267,8 @@ rule ELASTIC_Linux_Ransomware_Monti_9C64F016 : FILE MEMORY date = "2023-07-27" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Ransomware_Monti.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Ransomware_Monti.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "ad8d1b28405d9aebae6f42db1a09daec471bf342e9e0a10ab4e0a258a7fa8713" logic_hash = "c22a4efaaf97d68deaf1978e637dd7f790541e5007c6323629bcc9e3d4eecd06" score = 75 @@ -62026,8 +62299,8 @@ rule ELASTIC_Multi_Trojan_Coreimpact_37703Dc3 : FILE MEMORY date = "2022-08-10" modified = "2022-09-29" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Multi_Trojan_Coreimpact.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Multi_Trojan_Coreimpact.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "2d954908da9f63cd3942c0df2e8bb5fe861ac5a336ddef2bd0a977cebe030ad7" logic_hash = "0695f22d6eb8c1b335c43213087539db419562bebd6f5b948cbb168c454bd37c" score = 75 @@ -62059,8 +62332,8 @@ rule ELASTIC_Linux_Trojan_Connectback_Bf194C93 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Connectback.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Connectback.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "6784cb86460bddf1226f71f5f5361463cbda487f813d19cd88e8a4a1eb1a417b" logic_hash = "148626e05caee4a2b2542726ea4e4dab074eeab0572a65fdbd32f5d96544daf8" score = 75 @@ -62088,8 +62361,8 @@ rule ELASTIC_Linux_Exploit_Moogrey_81131B66 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_Moogrey.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_Moogrey.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "cc27b9755bd9feb1fb2c510f66e36c20a1503e6769cdaeee2bea7fe962d22ccc" logic_hash = "dc2fe7caa38f665d24bbc673ff63491ebdeec8d56a420092243ce241238846cf" score = 75 @@ -62117,8 +62390,8 @@ rule ELASTIC_Windows_Vulndriver_Procexp_Aeb4E5C0 : FILE date = "2022-04-04" modified = "2022-10-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_VulnDriver_ProcExp.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_VulnDriver_ProcExp.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "440883cd9d6a76db5e53517d0ec7fe13d5a50d2f6a7f91ecfc863bc3490e4f5c" logic_hash = "827bb2efb6d3442233f81e87a42a3f5ee5caaeadc459070c6d347c6515866c93" score = 75 @@ -62148,8 +62421,8 @@ rule ELASTIC_Windows_Trojan_Pingpull_09Dd9559 : FILE MEMORY date = "2022-06-16" modified = "2022-07-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Pingpull.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Pingpull.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "de14f22c88e552b61c62ab28d27a617fb8c0737350ca7c631de5680850282761" logic_hash = "114674b1a9acfc7643138d3b07885343a50c9d319b8d22a6ef34e916685c4469" score = 75 @@ -62183,8 +62456,8 @@ rule ELASTIC_Windows_Vulndriver_Sandra_5D112Feb : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_VulnDriver_Sandra.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_VulnDriver_Sandra.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "3a364a7a3f6c0f2f925a060e84fb18b16c118125165b5ea6c94363221dc1b6de" logic_hash = "d234a1e74234400f51c2aa7a9fb1549be1bc422bdf585db7d2ec9ad1ec75e490" score = 75 @@ -62214,8 +62487,8 @@ rule ELASTIC_Windows_Vulndriver_Sandra_612A7A16 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_VulnDriver_Sandra.yar#L23-L42" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_VulnDriver_Sandra.yar#L23-L42" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "8fda0e1775d903b73836d4103f6e8b0e2f052026b3acdb07bd345b9ddb3c873a" score = 75 quality = 75 @@ -62244,8 +62517,8 @@ rule ELASTIC_Linux_Exploit_CVE_2014_3153_1C1E02Ad : FILE MEMORY CVE_2014_3153 date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_CVE_2014_3153.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_CVE_2014_3153.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "64b8c61b73f0c0c0bd44ea5c2bcfb7b665fcca219dbe074a4a16ae20cd565812" logic_hash = "42e9de7f306343c4c3e7fd02b414b429faacb837fb2910f98f0c1519da40074c" score = 75 @@ -62273,8 +62546,8 @@ rule ELASTIC_Windows_Ransomware_Dharma_Aa5Eefed : BETA FILE MEMORY date = "2020-06-25" modified = "2021-08-23" reference = "https://blog.malwarebytes.com/threat-analysis/2019/05/threat-spotlight-crysis-aka-dharma-ransomware-causing-a-crisis-for-businesses/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Dharma.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Dharma.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "bbafc2eac17562f315b09fa42eb601d0140152917d7962429df3a378abe67732" score = 75 quality = 75 @@ -62303,8 +62576,8 @@ rule ELASTIC_Windows_Ransomware_Dharma_B31Cac3F : BETA FILE MEMORY date = "2020-06-25" modified = "2021-08-23" reference = "https://blog.malwarebytes.com/threat-analysis/2019/05/threat-spotlight-crysis-aka-dharma-ransomware-causing-a-crisis-for-businesses/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Dharma.yar#L23-L44" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Dharma.yar#L23-L44" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "30500e35721e9db3d63cafa5ca10818557fa9f4e0bda9c0d02283183508cf7b5" score = 75 quality = 75 @@ -62334,8 +62607,8 @@ rule ELASTIC_Windows_Ransomware_Dharma_E9319E4A : BETA FILE MEMORY date = "2020-06-25" modified = "2021-08-23" reference = "https://blog.malwarebytes.com/threat-analysis/2019/05/threat-spotlight-crysis-aka-dharma-ransomware-causing-a-crisis-for-businesses/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Dharma.yar#L46-L65" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Dharma.yar#L46-L65" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "182ed508d645a0b1fab80fb6f975a05d33b64c43005bd3656df6470934cd71f4" score = 75 quality = 75 @@ -62363,8 +62636,8 @@ rule ELASTIC_Windows_Ransomware_Dharma_942142E3 : BETA FILE MEMORY date = "2020-06-25" modified = "2021-08-23" reference = "https://blog.malwarebytes.com/threat-analysis/2019/05/threat-spotlight-crysis-aka-dharma-ransomware-causing-a-crisis-for-businesses/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Dharma.yar#L67-L86" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Dharma.yar#L67-L86" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "af5068ef3442964e4d1c5e27090fb84eaf762ff23463b7a0c2902e523ae601c1" score = 75 quality = 75 @@ -62392,8 +62665,8 @@ rule ELASTIC_Windows_Remoteadmin_Ultravnc_965F054A : FILE MEMORY date = "2023-03-18" modified = "2023-04-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_RemoteAdmin_UltraVNC.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_RemoteAdmin_UltraVNC.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "59bddb5ccdc1c37c838c8a3d96a865a28c75b5807415fd931eaff0af931d1820" logic_hash = "a9b9d0958f09b23fa7b27ef7ec32b3feb98edca3be5a21552a3a2f50e3fd41c1" score = 75 @@ -62427,8 +62700,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_4557_B7E15F5E : FILE MEMORY CVE_2016_4557 date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_CVE_2016_4557.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_CVE_2016_4557.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "bbed2f81104b5eb4a8475deff73b29a350dc8b0f96dcc4987d0112b993675271" logic_hash = "9c40233fec9607404ca4f78313e0f62922180e5ef88dbf801dd60725af61bdde" score = 75 @@ -62456,8 +62729,8 @@ rule ELASTIC_Linux_Ransomware_Blacksuit_9F53E7E5 : FILE MEMORY date = "2023-07-27" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Ransomware_BlackSuit.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Ransomware_BlackSuit.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "1c849adcccad4643303297fb66bfe81c5536be39a87601d67664af1d14e02b9e" logic_hash = "121e0139385cfef5dff394c4ea36d950314b00c6d7021cf2ca667ee942e74763" score = 75 @@ -62487,8 +62760,8 @@ rule ELASTIC_Macos_Virus_Pirrit_271B8Ed0 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/MacOS_Virus_Pirrit.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/MacOS_Virus_Pirrit.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "7feda05d41b09c06a08c167c7f4dde597ac775c54bf0d74a82aa533644035177" logic_hash = "cb77f6df1403afbc7f45d30551559b6de7eb1c3434778b46d31754da0a1b1f10" score = 75 @@ -62516,8 +62789,8 @@ rule ELASTIC_Windows_Vulndriver_Viragt_5F92F226 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_VulnDriver_Viragt.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_VulnDriver_Viragt.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "e05eeb2b8c18ad2cb2d1038c043d770a0d51b96b748bc34be3e7fc6f3790ce53" logic_hash = "e7ade7aec563c1dc602dfd7fda8c063058f47ae2a915959468792fce389b38f1" score = 75 @@ -62547,8 +62820,8 @@ rule ELASTIC_Windows_Vulndriver_Viragt_84D508Ad : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_VulnDriver_Viragt.yar#L23-L43" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_VulnDriver_Viragt.yar#L23-L43" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "58a74dceb2022cd8a358b92acd1b48a5e01c524c3b0195d7033e4bd55eff4495" logic_hash = "a3e1b41155c7dd347976a1057cb763ab60c50c34e981fef050bd54f060a412fc" score = 75 @@ -62578,8 +62851,8 @@ rule ELASTIC_Windows_Trojan_Azorult_38Fce9Ea : FILE MEMORY date = "2021-08-05" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Azorult.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Azorult.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "405d1e6196dc5be1f46a1bd07c655d1d4b36c32f965d9a1b6d4859d3f9b84491" logic_hash = "e23b21992b7ff577d4521c733929638522f4bf57b54c72e5e46196d028d6be26" score = 75 @@ -62611,8 +62884,8 @@ rule ELASTIC_Windows_Vulndriver_Atillk_18316Dd9 : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_VulnDriver_Atillk.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_VulnDriver_Atillk.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "ad40e6d0f77c0e579fb87c5106bf6de3d1a9f30ee2fbf8c9c011f377fa05f173" logic_hash = "02d218d0a0ea447e4ad0b03bff50c307ca5f36b8ed268787cd73c88a05aa4214" score = 75 @@ -62642,8 +62915,8 @@ rule ELASTIC_Windows_Ransomware_Ragnarok_1Cab7Ea1 : BETA FILE MEMORY date = "2020-05-03" modified = "2021-08-23" reference = "https://twitter.com/malwrhunterteam/status/1256263426441125888?s=20" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Ragnarok.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Ragnarok.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "8bae3ea4304473209fc770673b680154bf227ce30f6299101d93fe830da0fe91" score = 75 quality = 73 @@ -62671,8 +62944,8 @@ rule ELASTIC_Windows_Ransomware_Ragnarok_7E802F95 : BETA FILE MEMORY date = "2020-05-03" modified = "2021-08-23" reference = "https://twitter.com/malwrhunterteam/status/1256263426441125888?s=20" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Ragnarok.yar#L22-L42" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Ragnarok.yar#L22-L42" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "8f293cdbdc3c395e18c304dfa43d0dcdb52b18bde5b5d084190ceec70aea6cbd" score = 75 quality = 75 @@ -62701,8 +62974,8 @@ rule ELASTIC_Windows_Ransomware_Ragnarok_Efafbe48 : BETA FILE MEMORY date = "2020-05-03" modified = "2021-08-23" reference = "https://twitter.com/malwrhunterteam/status/1256263426441125888?s=20" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Ragnarok.yar#L44-L71" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Ragnarok.yar#L44-L71" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "c9d203620e0e6e04d717595ca70a5e5efa74abfc11e4e732d729caab2d246c27" score = 75 quality = 75 @@ -62738,8 +63011,8 @@ rule ELASTIC_Windows_Ransomware_Ragnarok_5625D3F6 : BETA FILE MEMORY date = "2020-05-03" modified = "2021-08-23" reference = "https://twitter.com/malwrhunterteam/status/1256263426441125888?s=20" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Ragnarok.yar#L73-L95" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Ragnarok.yar#L73-L95" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "8c22cf9dfbeba7391f6d2370c88129650ef4c778464e676752de1d0fd9c5b34e" score = 75 quality = 75 @@ -62770,8 +63043,8 @@ rule ELASTIC_Windows_Ransomware_Haron_A1C12E7E : FILE MEMORY date = "2021-08-03" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Haron.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Haron.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "6e6b78a1df17d6718daa857827a2a364b7627d9bfd6672406ad72b276014209c" logic_hash = "84df5a13495acee5dc2007cf1d6e1828a832d46fcbad2ca8676643fd47756248" score = 75 @@ -62800,8 +63073,8 @@ rule ELASTIC_Windows_Ransomware_Haron_23B76Cb7 : FILE MEMORY date = "2021-08-03" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Haron.yar#L22-L41" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Haron.yar#L22-L41" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "6e6b78a1df17d6718daa857827a2a364b7627d9bfd6672406ad72b276014209c" logic_hash = "e53c92be617444da0057680ee1ac45cbc1f707194281644bececa44e4ebe3580" score = 75 @@ -62830,8 +63103,8 @@ rule ELASTIC_Windows_Trojan_Pandastealer_8B333E76 : FILE MEMORY date = "2021-09-02" modified = "2022-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Pandastealer.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Pandastealer.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "ec346bd56be375b695b4bc76720959fa07d1357ffc3783eb61de9b8d91b3d935" logic_hash = "5878799338fc18bac0f946faeadd59c921dee32c9391fc12d22c72c0cd6733a8" score = 75 @@ -62863,8 +63136,8 @@ rule ELASTIC_Windows_Vulndriver_Rweverything_Aee156A5 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_VulnDriver_RWEverything.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_VulnDriver_RWEverything.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "3c5bf92c26398695f9ced7ce647a7e9f6ddcc89eea66b45aa3607196a187431b" logic_hash = "46b7f2ad46564c6b99f0df6146dff7c88ccbe3ad6c6d1bcbefe756606c4fe40e" score = 75 @@ -62893,8 +63166,8 @@ rule ELASTIC_Linux_Trojan_Mobidash_52A15A93 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mobidash.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mobidash.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "6694640e7df5308a969ef40f86393a65febe51639069cb7eaa5650f62c1f4083" logic_hash = "ceaf5b06108baa6043e31010d777099ed6ac9b4054e86d41309bd7c2b0ffda11" score = 75 @@ -62922,8 +63195,8 @@ rule ELASTIC_Linux_Trojan_Mobidash_D0Ad9C82 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mobidash.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mobidash.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "6694640e7df5308a969ef40f86393a65febe51639069cb7eaa5650f62c1f4083" logic_hash = "8351cb61f5b712c65962e734a7c29271fa4805720e14b6badc9bc1c0364778f8" score = 75 @@ -62951,8 +63224,8 @@ rule ELASTIC_Linux_Trojan_Mobidash_E2C89606 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mobidash.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mobidash.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "6694640e7df5308a969ef40f86393a65febe51639069cb7eaa5650f62c1f4083" logic_hash = "64cb8d8ec04a53f663b216208279afba3c10f148fe99822f9a45100a4f73ed28" score = 75 @@ -62980,8 +63253,8 @@ rule ELASTIC_Linux_Trojan_Mobidash_82B4E3F3 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mobidash.yar#L61-L78" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mobidash.yar#L61-L78" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "8c91f85bc807605a3233d28a5eb8b6e1cf847fb288cbc4427e86226eed7a2055" score = 75 quality = 75 @@ -63008,8 +63281,8 @@ rule ELASTIC_Linux_Trojan_Mobidash_601352Dc : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mobidash.yar#L80-L98" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mobidash.yar#L80-L98" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "5714e130075f4780e025fb3810f58a63e618659ac34d12abe211a1b6f2f80269" logic_hash = "adeeea73b711fc867b88775c06a14011380118ed85691660ba771381e51160e3" score = 75 @@ -63037,8 +63310,8 @@ rule ELASTIC_Linux_Trojan_Mobidash_Ddca1181 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mobidash.yar#L100-L117" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mobidash.yar#L100-L117" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "076d4ac69f6bc29975b22e19d429c25ef357443ec8fcaf5165e0a8069112af74" score = 75 quality = 75 @@ -63065,8 +63338,8 @@ rule ELASTIC_Linux_Trojan_Mobidash_65E666C0 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mobidash.yar#L119-L137" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mobidash.yar#L119-L137" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "19f9b5382d3e8e604be321aefd47cb72c2337a170403613b853307c266d065dd" logic_hash = "2d2bec8f89986b19bf1c806b6654405ac6523f49aeafd759b7631d9587d780c8" score = 75 @@ -63094,8 +63367,8 @@ rule ELASTIC_Linux_Trojan_Mobidash_494D5B0F : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mobidash.yar#L139-L157" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mobidash.yar#L139-L157" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "7e08df5279f4d22f1f27553946b0dadd60bb8242d522a8dceb45ab7636433c2f" logic_hash = "6ddb94f9f44fe749a442592d491343a99bd870ea2d79596631d857516425e72b" score = 75 @@ -63123,8 +63396,8 @@ rule ELASTIC_Linux_Trojan_Mobidash_Bb4F7F39 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mobidash.yar#L159-L177" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mobidash.yar#L159-L177" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "6694640e7df5308a969ef40f86393a65febe51639069cb7eaa5650f62c1f4083" logic_hash = "33e8fcbb29cc38b4a8365845eb3a1488e13be964f7383b28a158a98fb259acb4" score = 75 @@ -63152,8 +63425,8 @@ rule ELASTIC_Linux_Trojan_Mobidash_8679E1Cb : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mobidash.yar#L179-L196" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mobidash.yar#L179-L196" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "6055ac4800397f6582e60cdf15fa74584986e1e7cf49a541b0ec746445834819" score = 75 quality = 75 @@ -63180,8 +63453,8 @@ rule ELASTIC_Linux_Trojan_Mobidash_29B86E6A : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mobidash.yar#L198-L215" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mobidash.yar#L198-L215" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "dd5f44249cc4c91f39a0e7d0b236ebeed8f78d5fcb03c7ebc80ef1c738b18336" score = 75 quality = 75 @@ -63208,8 +63481,8 @@ rule ELASTIC_Linux_Trojan_Mobidash_E3086563 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mobidash.yar#L217-L235" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mobidash.yar#L217-L235" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "6694640e7df5308a969ef40f86393a65febe51639069cb7eaa5650f62c1f4083" logic_hash = "5545f7ce8fa45dc56bc4bb5140ce1db527997dfaa1dd2bbb1e4a12af45300065" score = 75 @@ -63237,8 +63510,8 @@ rule ELASTIC_Linux_Trojan_Mobidash_2F114992 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mobidash.yar#L237-L255" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mobidash.yar#L237-L255" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "6694640e7df5308a969ef40f86393a65febe51639069cb7eaa5650f62c1f4083" logic_hash = "f93fe72e08c8ec135cccc8cdab2ecedbb694e9ad39f2572d060864bb3290e25c" score = 75 @@ -63257,6 +63530,42 @@ rule ELASTIC_Linux_Trojan_Mobidash_2F114992 : FILE MEMORY condition: all of them } +rule ELASTIC_Windows_Trojan_Falsefont_D1F0D357 : FILE MEMORY +{ + meta: + description = "Detects Windows Trojan Falsefont (Windows.Trojan.FalseFont)" + author = "Elastic Security" + id = "d1f0d357-26cb-4dab-8ca6-65f17109982b" + date = "2024-03-26" + modified = "2024-05-08" + reference = "https://github.com/elastic/protections-artifacts/" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_FalseFont.yar#L1-L26" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" + hash = "364275326bbfc4a3b89233dabdaf3230a3d149ab774678342a40644ad9f8d614" + logic_hash = "af356dec77f773cec01626a3823dbea7e9d3719b9d152ec4057c0b97efabf0df" + score = 75 + quality = 75 + tags = "FILE, MEMORY" + fingerprint = "ad63447832e9a160d479fccd780de89b9c29b9697f69ac3553e39bc388d49b83" + severity = 100 + arch_context = "x86" + scan_context = "file, memory" + license = "Elastic License v2" + os = "windows" + + strings: + $s1 = "KillById" + $s2 = "KillByName" + $s3 = "SignalRHub" + $s4 = "ExecUseShell" + $s5 = "ExecAndKeepAlive" + $s6 = "SendAllDirectoryWithStartPath" + $s7 = "AppLiveDirectorySendHard" + $s8 = "AppLiveDirectorySendScreen" + + condition: + 4 of them +} rule ELASTIC_Linux_Hacktool_Aduh_6Cae7C78 : FILE MEMORY { meta: @@ -63266,8 +63575,8 @@ rule ELASTIC_Linux_Hacktool_Aduh_6Cae7C78 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Hacktool_Aduh.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Hacktool_Aduh.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "9c67207546ad274dc78a0819444d1c8805537f9ac36d3c53eba9278ed44b360c" logic_hash = "130df108de5b6cdfb9227f96301bdaa1e272d47b8cb9ad96c3aa574bf65870b2" score = 75 @@ -63295,8 +63604,8 @@ rule ELASTIC_Windows_Virus_Floxif_493D1897 : FILE MEMORY date = "2023-09-26" modified = "2023-11-02" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Virus_Floxif.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Virus_Floxif.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "e628b7973ee25fdfd8f849fdf5923c6fba48141de802b0b4ce3e9ad2e40fe470" logic_hash = "d3f516966bd4423c49771251075a1ea2f725aec91615f7f44dd098da2a4f3574" score = 75 @@ -63324,8 +63633,8 @@ rule ELASTIC_Linux_Exploit_Intfour_0Ca45Cd3 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_Intfour.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_Intfour.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "9d32c5447aa5182b4be66b7a283616cf531a2fd3ba3dde1bc363b24d8b22682f" logic_hash = "088d8daa9ba4f53c8de229282ed8a7b30b1e567687e7807ac6c3df9524dabba9" score = 75 @@ -63353,8 +63662,8 @@ rule ELASTIC_Windows_Vulndriver_Tmcomm_333F3851 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_VulnDriver_TmComm.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_VulnDriver_TmComm.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "cc687fe3741bbde1dd142eac0ef59fd1d4457daee43cdde23bb162ef28d04e64" logic_hash = "a4464fb7edbacb6d9c8d6b385f9cc28685f0bed40876eecd5a7c87e0707e3025" score = 75 @@ -63384,8 +63693,8 @@ rule ELASTIC_Windows_Trojan_Xpertrat_Ce03C41D : FILE MEMORY date = "2021-08-06" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Xpertrat.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Xpertrat.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "d7f2fddb43eb63f9246f0a4535dfcca6da2817592455d7eceaacde666cf1aaae" logic_hash = "f6ff0a11f261bc75c9d0015131f177d39bb9e8e30346a75209ba8fa808ac4fcb" score = 75 @@ -63415,8 +63724,8 @@ rule ELASTIC_Windows_Exploit_Eternalblue_Ead33Bf8 : FILE date = "2021-01-12" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Exploit_Eternalblue.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Exploit_Eternalblue.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "a1340e418c80be58fb6bbb48d4e363de8c6d62ea59730817d5eda6ba17b2c7a7" logic_hash = "4d0ab8bd7ef5b20e656110ac3c78b08803539387cb4fe1425a284d39c42aa199" score = 75 @@ -63444,8 +63753,8 @@ rule ELASTIC_Linux_Cryptominer_Zexaf_B90E7683 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Zexaf.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Zexaf.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "98650ebb7e463a06e737bcea4fd2b0f9036fafb0638ba8f002e6fe141b9fecfe" logic_hash = "d8485d8fbf00d5c828d7c6c80fef61f228f308e3d27a762514cfb3f00053b30b" score = 75 @@ -63473,8 +63782,8 @@ rule ELASTIC_Macos_Cryptominer_Generic_D3F68E29 : FILE MEMORY date = "2021-09-30" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/MacOS_Cryptominer_Generic.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/MacOS_Cryptominer_Generic.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "d9c78c822dfd29a1d9b1909bf95cab2a9550903e8f5f178edeb7a5a80129fbdb" logic_hash = "cc336e536e0f8dda47f9551dfabfc50c2094fffe4a69cdcec23824dd063dede0" score = 75 @@ -63504,8 +63813,8 @@ rule ELASTIC_Macos_Cryptominer_Generic_365Ecbb9 : FILE MEMORY date = "2021-09-30" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/MacOS_Cryptominer_Generic.yar#L23-L41" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/MacOS_Cryptominer_Generic.yar#L23-L41" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "e2562251058123f86c52437e82ea9ff32aae5f5227183638bc8aa2bc1b4fd9cf" logic_hash = "66f16c8694c5cfde1b5e4eea03c530fa32a15022fa35acdbb676bb696e7deae2" score = 75 @@ -63533,8 +63842,8 @@ rule ELASTIC_Macos_Cryptominer_Generic_4E7D4488 : FILE MEMORY date = "2021-09-30" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/MacOS_Cryptominer_Generic.yar#L43-L61" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/MacOS_Cryptominer_Generic.yar#L43-L61" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "e2562251058123f86c52437e82ea9ff32aae5f5227183638bc8aa2bc1b4fd9cf" logic_hash = "708b21b687c8b853a9b5f8a50d31119e4f0a02a5b63f81ba1cac8c06acd19214" score = 75 @@ -63562,8 +63871,8 @@ rule ELASTIC_Windows_Hacktool_Clroxide_D92D9575 : FILE MEMORY date = "2024-02-29" modified = "2024-03-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Hacktool_ClrOxide.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Hacktool_ClrOxide.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "f3a4900eff80563bff586ced172c3988347980f902aceef2f9f9f6d188fac8e3" logic_hash = "01bb071e1286bb139c5e1c37e421153ef1b28a5994feeaedf6ad27ad7dade5e9" score = 75 @@ -63597,8 +63906,8 @@ rule ELASTIC_Linux_Trojan_Ddostf_E4874Cd4 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Ddostf.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Ddostf.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "1015b9aef1f749dfc31eb33528c4a4169035b6d73542e068b617965d3e948ef2" logic_hash = "1523fe8f7bbbc7e42f8c2efe5b28dd381007846a1ba7078a6f1a30aedace884b" score = 75 @@ -63626,8 +63935,8 @@ rule ELASTIC_Linux_Trojan_Ddostf_32C35334 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Ddostf.yar#L21-L38" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Ddostf.yar#L21-L38" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "d62d450d48756c09f8788b27301de889c864e597924a0526a325fa602f91f376" score = 75 quality = 75 @@ -63654,8 +63963,8 @@ rule ELASTIC_Linux_Trojan_Ddostf_6Dc1Caab : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Ddostf.yar#L40-L58" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Ddostf.yar#L40-L58" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "f4587bd45e57d4106ebe502d2eaa1d97fd68613095234038d67490e74c62ba70" logic_hash = "fd70960ed6e06f4d152bbd211fbe491dad596010da12cd53c93b577b551b8053" score = 75 @@ -63683,8 +63992,8 @@ rule ELASTIC_Linux_Trojan_Ddostf_Dc47A873 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Ddostf.yar#L60-L78" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Ddostf.yar#L60-L78" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "1015b9aef1f749dfc31eb33528c4a4169035b6d73542e068b617965d3e948ef2" logic_hash = "2f5bd9e012fd778388074cf29b56c7cd59391840f994835d087b7b661445d316" score = 75 @@ -63712,8 +64021,8 @@ rule ELASTIC_Linux_Trojan_Ddostf_Cb0358A0 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Ddostf.yar#L80-L98" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Ddostf.yar#L80-L98" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "1015b9aef1f749dfc31eb33528c4a4169035b6d73542e068b617965d3e948ef2" logic_hash = "1f152b69bf0b2bfa539fdd42c432e456b9efb3766a450333a987313bb12c1826" score = 75 @@ -63741,8 +64050,8 @@ rule ELASTIC_Linux_Ransomware_Sodinokibi_2883D7Cd : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Ransomware_Sodinokibi.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Ransomware_Sodinokibi.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "a322b230a3451fd11dcfe72af4da1df07183d6aaf1ab9e062f0e6b14cf6d23cd" logic_hash = "97d6b1b641c4b5b596b67a809e8e70bb0bccb9219282cd6c41bc905e2ea44c84" score = 75 @@ -63770,8 +64079,8 @@ rule ELASTIC_Windows_Trojan_Bloodalchemy_3793364E : FILE MEMORY date = "2023-09-25" modified = "2023-09-25" reference = "https://www.elastic.co/security-labs/disclosing-the-bloodalchemy-backdoor" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_BloodAlchemy.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_BloodAlchemy.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "c9f03767b92bb2c44f6b386e1f0a521f1a7a063cf73799844cc3423d4a7de7be" score = 75 quality = 75 @@ -63799,8 +64108,8 @@ rule ELASTIC_Windows_Trojan_Bloodalchemy_E510798D : FILE MEMORY date = "2023-09-25" modified = "2023-09-25" reference = "https://www.elastic.co/security-labs/disclosing-the-bloodalchemy-backdoor" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_BloodAlchemy.yar#L22-L41" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_BloodAlchemy.yar#L22-L41" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "7919bb5f19745a1620e6be91622c40083cbd2ddb02905215736a2ed11e9af5c4" score = 75 quality = 75 @@ -63828,8 +64137,8 @@ rule ELASTIC_Windows_Trojan_Bloodalchemy_63084Eea : FILE MEMORY date = "2023-09-25" modified = "2023-09-25" reference = "https://www.elastic.co/security-labs/disclosing-the-bloodalchemy-backdoor" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_BloodAlchemy.yar#L43-L61" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_BloodAlchemy.yar#L43-L61" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "3fe64502992281511e942b8f4541d61b33e900dbe23ea9f976c7eb9522ce4cbd" score = 75 quality = 75 @@ -63856,8 +64165,8 @@ rule ELASTIC_Windows_Trojan_Bloodalchemy_C2D80609 : FILE MEMORY date = "2023-09-25" modified = "2023-09-25" reference = "https://www.elastic.co/security-labs/disclosing-the-bloodalchemy-backdoor" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_BloodAlchemy.yar#L63-L81" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_BloodAlchemy.yar#L63-L81" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "694a0f917f106fbdde4c8e5dd8f9cdce56e9423ce5a7c3a5bf30bf43308d42e9" score = 75 quality = 75 @@ -63884,8 +64193,8 @@ rule ELASTIC_Windows_Trojan_Bloodalchemy_De591C5A : FILE MEMORY date = "2023-09-25" modified = "2023-11-02" reference = "https://www.elastic.co/security-labs/disclosing-the-bloodalchemy-backdoor" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_BloodAlchemy.yar#L83-L106" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_BloodAlchemy.yar#L83-L106" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "fd5cfe2558a7c02a617003140cdcf477ec451ecea4adf2808bef8f93673c28f1" score = 75 quality = 75 @@ -63917,8 +64226,8 @@ rule ELASTIC_Linux_Trojan_Banload_D5E1C189 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Banload.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Banload.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "48bf0403f777db5da9c6a7eada17ad4ddf471bd73ea6cf02817dd202b49204f4" logic_hash = "3f0bee251152a8c835a3bf71dc33c2e150705713c50ca2cfdbeb69361ed91a09" score = 75 @@ -63946,8 +64255,8 @@ rule ELASTIC_Macos_Trojan_Eggshell_Ddacf7B9 : FILE MEMORY date = "2021-09-30" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/MacOS_Trojan_Eggshell.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/MacOS_Trojan_Eggshell.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "6d93a714dd008746569c0fbd00fadccbd5f15eef06b200a4e831df0dc8f3d05b" logic_hash = "f986f7d1e3a68e27f82048017c6d6381a0354ffad2cd10f3eee69bbbfa940abd" score = 75 @@ -63979,8 +64288,8 @@ rule ELASTIC_Linux_Trojan_Asacub_D3C4Aa41 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Asacub.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Asacub.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "15044273a506f825859e287689a57c6249b01bb0a848f113c946056163b7e5f1" logic_hash = "3645e10e5ef8c50e5e82d749da07f5669c5162cb95aa5958ce45a414b870f619" score = 75 @@ -64008,8 +64317,8 @@ rule ELASTIC_Linux_Cryptominer_Bulz_2Aa8Fbb5 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Bulz.yar#L1-L18" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Bulz.yar#L1-L18" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "21d8bec73476783e01d2a51a99233f186d7c72b49c9292c42e19e1aa6397d415" score = 75 quality = 75 @@ -64036,8 +64345,8 @@ rule ELASTIC_Linux_Cryptominer_Bulz_0998F811 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Bulz.yar#L20-L37" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Bulz.yar#L20-L37" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "178f6c42582dd99cc5418388d020d4d76f2a9204297a673359fe0a300121c35b" score = 75 quality = 75 @@ -64064,8 +64373,8 @@ rule ELASTIC_Windows_Trojan_Servhelper_F4Dee200 : FILE MEMORY date = "2022-03-22" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_ServHelper.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_ServHelper.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "05d183430a7afe16a3857fc4e87568fcc18518e108823c37eabf0514660aa17c" logic_hash = "abab541ebddf36c05e351d506d4f978a30d8a44ff09233a667d62a1692dabe15" score = 75 @@ -64094,8 +64403,8 @@ rule ELASTIC_Windows_Trojan_Servhelper_370C5287 : FILE MEMORY date = "2022-03-24" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_ServHelper.yar#L22-L40" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_ServHelper.yar#L22-L40" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "05d183430a7afe16a3857fc4e87568fcc18518e108823c37eabf0514660aa17c" logic_hash = "8a2934c28efef6a5fed26dc88d074aee15b0869370c66f6a4d6eaedf070eaa9e" score = 75 @@ -64123,8 +64432,8 @@ rule ELASTIC_Windows_Trojan_Doorme_246Eda61 : FILE MEMORY date = "2022-12-09" modified = "2022-12-15" reference = "https://www.elastic.co/security-labs/update-to-the-REF2924-intrusion-set-and-related-campaigns" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_DoorMe.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_DoorMe.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "96b226e1dcfb8ea2155c2fa508125472c8c767569d009a881ab4c39453e4fe7f" logic_hash = "01240f2e23904498c34ec805cc8bc3e9ac7b76c6519685ef6b367066f1a0bc5b" score = 75 @@ -64157,8 +64466,8 @@ rule ELASTIC_Windows_Trojan_Deimos_F53Aee03 : FILE MEMORY date = "2021-09-18" modified = "2022-01-13" reference = "https://www.elastic.co/security-labs/going-coast-to-coast-climbing-the-pyramid-with-the-deimos-implant" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Deimos.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Deimos.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "2c1941847f660a99bbc6de16b00e563f70d900f9dbc40c6734871993961d3d3e" logic_hash = "07675844a8790f8485b6545e7466cdef8ac4f92dec4cd8289aeaad2a0a448691" score = 75 @@ -64188,8 +64497,8 @@ rule ELASTIC_Windows_Trojan_Deimos_C70677B4 : FILE MEMORY date = "2021-09-18" modified = "2022-01-13" reference = "https://www.elastic.co/security-labs/going-coast-to-coast-climbing-the-pyramid-with-the-deimos-implant" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Deimos.yar#L24-L44" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Deimos.yar#L24-L44" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "2c1941847f660a99bbc6de16b00e563f70d900f9dbc40c6734871993961d3d3e" logic_hash = "c969221f025b114b9d5738d43b6021ab9481dbc6b35eb129ea4f806160b1adc3" score = 75 @@ -64218,8 +64527,8 @@ rule ELASTIC_Linux_Exploit_CVE_2017_100011_21025F50 : FILE MEMORY CVE_2017_10001 date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_CVE_2017_100011.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_CVE_2017_100011.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "32db88b2c964ce48e6d1397ca655075ea54ce298340af55ea890a2411a67d554" logic_hash = "3ec54a7639ccfc019e01fa287f69a93af57087e2d67d0c8574a646afb9043db5" score = 75 @@ -64247,8 +64556,8 @@ rule ELASTIC_Multi_Ransomware_Luna_8614D3D7 : FILE MEMORY date = "2022-08-02" modified = "2022-08-16" reference = "https://www.elastic.co/security-labs/luna-ransomware-attack-pattern" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Multi_Ransomware_Luna.yar#L1-L27" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Multi_Ransomware_Luna.yar#L1-L27" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "1cbbf108f44c8f4babde546d26425ca5340dccf878d306b90eb0fbec2f83ab51" logic_hash = "14e40c5b1a21ba31664ed31b04bfc4a8646b3e31f96d39e0928a3d6a50d79307" score = 75 @@ -64283,8 +64592,8 @@ rule ELASTIC_Windows_Rootkit_R77_5Bab748B : FILE MEMORY date = "2022-03-04" modified = "2022-04-12" reference = "https://www.elastic.co/security-labs/elastic-security-labs-steps-through-the-r77-rootkit" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Rootkit_R77.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Rootkit_R77.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "cfc76dddc74996bfbca6d9076d2f6627912ea196fdbdfb829819656d4d316c0c" logic_hash = "ebf851ef41fde8e3118acc742cd2b38651f662a00f11dd6f7c65cf56019c43d5" score = 75 @@ -64312,8 +64621,8 @@ rule ELASTIC_Windows_Rootkit_R77_Eb366Abc : FILE MEMORY date = "2023-05-09" modified = "2023-06-13" reference = "https://www.elastic.co/security-labs/elastic-security-labs-steps-through-the-r77-rootkit" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Rootkit_R77.yar#L22-L42" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Rootkit_R77.yar#L22-L42" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "21e7f69986987fc75bce67c4deda42bd7605365bac83cf2cecb25061b2d86d4f" logic_hash = "3d6f1c60bf749c53f4a4fcfd6490d309e4450d5f7e64de4665c3d80af1bce44f" score = 75 @@ -64342,8 +64651,8 @@ rule ELASTIC_Windows_Rootkit_R77_99050E7D : FILE MEMORY date = "2023-05-09" modified = "2023-06-13" reference = "https://www.elastic.co/security-labs/elastic-security-labs-steps-through-the-r77-rootkit" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Rootkit_R77.yar#L44-L64" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Rootkit_R77.yar#L44-L64" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "3dc94c88caa3169e096715eb6c2e6de1b011120117c0a51d12f572b4ba999ea6" logic_hash = "0fedf4698cc652076090b1fe256d05d2c0bc3ad2ab7ed5faa270c5c7fe0efca1" score = 75 @@ -64372,8 +64681,8 @@ rule ELASTIC_Windows_Rootkit_R77_Be403E3C : FILE MEMORY date = "2023-05-18" modified = "2023-06-13" reference = "https://www.elastic.co/security-labs/elastic-security-labs-steps-through-the-r77-rootkit" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Rootkit_R77.yar#L66-L85" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Rootkit_R77.yar#L66-L85" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "91c6e2621121a6871af091c52fafe41220ae12d6e47e52fd13a7b9edd8e31796" logic_hash = "efbf924c7a299f2543c639b6262007eb3bdbf6ff5e33dab7d6102814b9477811" score = 75 @@ -64401,8 +64710,8 @@ rule ELASTIC_Windows_Rootkit_R77_Ee853C9F : FILE MEMORY date = "2023-05-18" modified = "2023-06-13" reference = "https://www.elastic.co/security-labs/elastic-security-labs-steps-through-the-r77-rootkit" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Rootkit_R77.yar#L87-L112" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Rootkit_R77.yar#L87-L112" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "916c805b0d512dd7bbd88f46632d66d9613de61691b4bd368e4b7cb1f0ac7f60" logic_hash = "94f080f310ecace76da32ba2b4edcc80dedfb339113823708167c1d842db8cf3" score = 75 @@ -64436,8 +64745,8 @@ rule ELASTIC_Windows_Rootkit_R77_D0367E28 : FILE MEMORY date = "2023-05-18" modified = "2023-06-13" reference = "https://www.elastic.co/security-labs/elastic-security-labs-steps-through-the-r77-rootkit" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Rootkit_R77.yar#L114-L141" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Rootkit_R77.yar#L114-L141" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "96849108e13172d14591169f8fdcbf8a8aa6be05b7b6ef396d65529eacc02d89" logic_hash = "588b18c54c344ca267b86143df20c7dcaab081e0ef6acae0bd0dae61593eb521" score = 75 @@ -64473,8 +64782,8 @@ rule ELASTIC_Windows_Ransomware_Stop_1E8D48Ff : FILE MEMORY date = "2021-06-10" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Stop.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Stop.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3" logic_hash = "d743feae072a5f3e1b008354352bef48218bb041bc8a5ba39526815ab9cd2690" score = 75 @@ -64503,8 +64812,8 @@ rule ELASTIC_Macos_Backdoor_Kagent_64Ca1865 : FILE MEMORY date = "2021-11-11" modified = "2022-07-22" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/MacOS_Backdoor_Kagent.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/MacOS_Backdoor_Kagent.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "d599d7814adbab0f1442f5a10074e00f3a776ce183ea924abcd6154f0d068bb4" logic_hash = "dea0a1bbe8c3065b395de50b5ffc2fbdf479ed35ce284fa33298d6ed55e960c6" score = 75 @@ -64538,8 +64847,8 @@ rule ELASTIC_Windows_Trojan_Naplistener_E8F16920 : FILE MEMORY date = "2023-02-28" modified = "2023-03-20" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_NapListener.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_NapListener.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "6e8c5bb2dfc90bca380c6f42af7458c8b8af40b7be95fab91e7c67b0dee664c4" logic_hash = "6cb7b5051fab2b56f39b2805788b5b0838a095b41fcc623fe412b215736be5d4" score = 75 @@ -64569,8 +64878,8 @@ rule ELASTIC_Windows_Trojan_Naplistener_414180A7 : FILE MEMORY date = "2023-02-28" modified = "2023-03-20" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_NapListener.yar#L23-L46" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_NapListener.yar#L23-L46" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "6e8c5bb2dfc90bca380c6f42af7458c8b8af40b7be95fab91e7c67b0dee664c4" logic_hash = "52d3ddebdc1a8aa4bcb902273bd2d3b4f9b51f248d25e7ae1cc260a9550111f5" score = 75 @@ -64603,8 +64912,8 @@ rule ELASTIC_Linux_Packer_Patched_UPX_62E11C64 : FILE date = "2021-06-08" modified = "2021-07-28" reference = "https://cujo.com/upx-anti-unpacking-techniques-in-iot-malware/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Packer_Patched_UPX.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Packer_Patched_UPX.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "02f81a1e1edcb9032a1d7256a002b11e1e864b2e9989f5d24ea1c9b507895669" logic_hash = "cb576fdd59c255234a96397460b81cbb2deeb38befaed101749b7bb515624028" score = 75 @@ -64632,8 +64941,8 @@ rule ELASTIC_Macos_Trojan_Adload_4995469F : FILE MEMORY date = "2021-10-04" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/MacOS_Trojan_Adload.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/MacOS_Trojan_Adload.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "6464ca7b36197cccf0dac00f21c43f0cb09f900006b1934e2b3667b367114de5" logic_hash = "cceb804a11b93b0e3f491016c47a823d9e6a31294c3ed05d4404601323b30993" score = 75 @@ -64661,8 +64970,8 @@ rule ELASTIC_Macos_Trojan_Adload_9B9F86C7 : FILE MEMORY date = "2021-10-04" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/MacOS_Trojan_Adload.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/MacOS_Trojan_Adload.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "952e6004ce164ba607ac7fddc1df3d0d6cac07d271d90be02d790c52e49cb73c" logic_hash = "82297db23e036f22c90eee7b2654e84df847eb1c2b1ea4dcf358c48a14819709" score = 75 @@ -64690,8 +64999,8 @@ rule ELASTIC_Macos_Trojan_Adload_F6B18A0A : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/MacOS_Trojan_Adload.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/MacOS_Trojan_Adload.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "06f38bb811e6a6c38b5e2db708d4063f4aea27fcd193d57c60594f25a86488c8" logic_hash = "20d43fbf0b8155940e2e181f376a7b1979ce248d88dc08409aaa1a916777231c" score = 75 @@ -64719,8 +65028,8 @@ rule ELASTIC_Linux_Trojan_Shark_B918Ab75 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Shark.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Shark.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "8b6fe9f496996784e42b75fb42702aa47aefe32eac6f63dd16a0eb55358b6054" logic_hash = "16302c29f2ae4109b8679933eb7fd9ef9306b0c215f20e8fff992b0b848974a9" score = 75 @@ -64748,8 +65057,8 @@ rule ELASTIC_Macos_Backdoor_Useragent_1A02Fc3A : FILE MEMORY date = "2021-11-11" modified = "2022-07-22" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/MacOS_Backdoor_Useragent.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/MacOS_Backdoor_Useragent.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "623f99cbe20af8b79cbfea7f485d47d3462d927153d24cac4745d7043c15619a" logic_hash = "90debdfc24ef100952302808a2e418bca2a46be3e505add9a0ccf4c49aff5102" score = 75 @@ -64781,8 +65090,8 @@ rule ELASTIC_Linux_Cryptominer_Roboto_0B6807F8 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Roboto.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Roboto.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "c2542e399f865b5c490ee66b882f5ff246786b3f004abb7489ec433c11007dda" logic_hash = "d945c7a23b9f435851f3c998231da615e220c259051cf213186c28f3279be1dd" score = 75 @@ -64810,8 +65119,8 @@ rule ELASTIC_Linux_Cryptominer_Roboto_1F1Cfe9A : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Roboto.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Roboto.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "497a6d426ff93d5cd18cea623074fb209d4f407a02ef8f382f089f1ed3f108c5" logic_hash = "2171284991b0019379c8d271013a35237c37bc2e13d807caed86f8fb9d2ba418" score = 75 @@ -64839,8 +65148,8 @@ rule ELASTIC_Windows_Ransomware_Phobos_A5420148 : BETA FILE MEMORY date = "2020-06-25" modified = "2021-08-23" reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.phobos" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Phobos.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Phobos.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "9fcfe41102bee4f8ecf19f30d0bbb2de50e1a1aff4e17c587b5d9adb417527c5" score = 75 quality = 75 @@ -64870,8 +65179,8 @@ rule ELASTIC_Windows_Ransomware_Phobos_Ff55774D : BETA FILE MEMORY date = "2020-06-25" modified = "2021-08-23" reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.phobos" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Phobos.yar#L24-L43" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Phobos.yar#L24-L43" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "9ee41b9638a8cc1d9f9b254878c935c531b2f599be59550b3617b1de8cba2ba5" score = 75 quality = 75 @@ -64899,8 +65208,8 @@ rule ELASTIC_Windows_Ransomware_Phobos_11Ea7Be5 : BETA FILE MEMORY date = "2020-06-25" modified = "2021-08-23" reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.phobos" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Phobos.yar#L45-L64" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Phobos.yar#L45-L64" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "1f86695f316200c92d0d02f5f3ba9f68854978f98db5d4291a81c06c9f0b8d28" score = 75 quality = 75 @@ -64928,8 +65237,8 @@ rule ELASTIC_Macos_Exploit_Log4J_75A13888 : FILE MEMORY date = "2021-12-13" modified = "2022-07-22" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/MacOS_Exploit_Log4j.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/MacOS_Exploit_Log4j.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "b09d8dd9c422e7eb8aa23f8b1204d31fd290252925099300d6d19d73e562ca5e" score = 75 quality = 75 @@ -64962,8 +65271,8 @@ rule ELASTIC_Linux_Trojan_Malxmr_7054A0D0 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Malxmr.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Malxmr.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "3a6b3552ffac13aa70e24fef72b69f683ac221105415efb294fb9a2fc81c260a" logic_hash = "f7153fb11e0e4bf422021cc0fab99536c2a193198bf70d7f2af2fa5c1971c028" score = 75 @@ -64991,8 +65300,8 @@ rule ELASTIC_Linux_Trojan_Malxmr_144994A5 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Malxmr.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Malxmr.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "07db41a4ddaac802b04df5e5bbae0881fead30cb8f6fa53a8a2e1edf14f2d36b" logic_hash = "4d40337895e63d3dc6f0d94889863f0f5017533658210b902b08d84cf3588cab" score = 75 @@ -65020,8 +65329,8 @@ rule ELASTIC_Windows_Attacksimulation_Hovercraft_F5C7178F : FILE MEMORY date = "2022-05-23" modified = "2022-07-18" reference = "046645b2a646c83b4434a893a0876ea9bd51ae05e70d4e72f2ccc648b0f18cb6" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_AttackSimulation_Hovercraft.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_AttackSimulation_Hovercraft.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "e707e89904a5fa4d30f94bfc625b736a411df6bb055c0e40df18ae65025a3740" score = 75 quality = 75 @@ -65049,8 +65358,8 @@ rule ELASTIC_Windows_Vulndriver_Agent64_8Ef48Aeb : FILE date = "2022-07-19" modified = "2022-07-19" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_VulnDriver_Agent64.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_VulnDriver_Agent64.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "05f052c64d192cf69a462a5ec16dda0d43ca5d0245900c9fcb9201685a2e7748" hash = "4045ae77859b1dbf13972451972eaaf6f3c97bea423e9e78f1c2f14330cd47ca" logic_hash = "a35f82202507e582e3cbc7018656545fcee1244ec1638a696f0b7c970fd5023c" @@ -65084,8 +65393,8 @@ rule ELASTIC_Windows_Vulndriver_Vmdrv_7C674F8E : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_VulnDriver_Vmdrv.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_VulnDriver_Vmdrv.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "32cccc4f249499061c0afa18f534c825d01034a1f6815f5506bf4c4ff55d1351" logic_hash = "87f29b861d5239c60e44541fe31ed90696068225b1b6d824dc9b06fcdb1597ae" score = 75 @@ -65115,8 +65424,8 @@ rule ELASTIC_Windows_Trojan_Eagerbee_7029Ba21 : FILE MEMORY date = "2023-05-09" modified = "2023-06-13" reference = "https://www.elastic.co/security-labs/introducing-the-ref5961-intrusion-set" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_EagerBee.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_EagerBee.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "09005775fc587ac7bf150c05352e59dc01008b7bf8c1d870d1cea87561aa0b06" logic_hash = "874959361b14ba74e13e6e674da75c9bdb6b9475d8b286572825c940b41f679f" score = 75 @@ -65145,8 +65454,8 @@ rule ELASTIC_Windows_Trojan_Eagerbee_A64B323B : FILE MEMORY date = "2023-09-04" modified = "2023-09-20" reference = "https://www.elastic.co/security-labs/introducing-the-ref5961-intrusion-set" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_EagerBee.yar#L23-L45" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_EagerBee.yar#L23-L45" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "339e4fdbccb65b0b06a1421c719300a8da844789a2016d58e8ce4227cb5dc91b" logic_hash = "e1c25cf8ce0ff434727c9104c6b79110ff5cfa84eb3e939119fd05cf676727c6" score = 75 @@ -65168,6 +65477,42 @@ rule ELASTIC_Windows_Trojan_Eagerbee_A64B323B : FILE MEMORY condition: 2 of them } +rule ELASTIC_Windows_Hacktool_Sharpgpoabuse_14Ea480E : FILE MEMORY +{ + meta: + description = "Detects Windows Hacktool Sharpgpoabuse (Windows.Hacktool.SharpGPOAbuse)" + author = "Elastic Security" + id = "14ea480e-fbd5-4dd3-885c-9a13bfb4400b" + date = "2024-03-25" + modified = "2024-05-08" + reference = "https://github.com/elastic/protections-artifacts/" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Hacktool_SharpGPOAbuse.yar#L1-L26" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" + hash = "d13f87b9eaf09ef95778b2f1469aa34d03186d127c8f73c73299957d386c78d1" + logic_hash = "efc1259f4ed05c8f41df75c056d36fd5a808a92b5c88cfb0522caedea39476b4" + score = 75 + quality = 75 + tags = "FILE, MEMORY" + fingerprint = "1f86d5dfc193076127dcc4355cbf0c4bdffc0785ca2daf8e1364d76ee273b343" + severity = 100 + arch_context = "x86" + scan_context = "file, memory" + license = "Elastic License v2" + os = "windows" + + strings: + $name = "SharpGPOAbuse" wide fullword + $s1 = "AddUserTask" wide fullword + $s2 = "AddComputerTask" wide fullword + $s3 = "AddComputerScript" wide fullword + $s4 = "AddUserScript" wide fullword + $s5 = "GPOName" wide fullword + $s6 = "ScheduledTasks" wide fullword + $s7 = "NewImmediateTask" wide fullword + + condition: + ($name and 1 of ($s*)) or all of ($s*) +} rule ELASTIC_Windows_Trojan_Guloader_8F10Fa66 : FILE MEMORY { meta: @@ -65177,8 +65522,8 @@ rule ELASTIC_Windows_Trojan_Guloader_8F10Fa66 : FILE MEMORY date = "2021-08-17" modified = "2021-10-04" reference = "https://www.elastic.co/security-labs/getting-gooey-with-guloader-downloader" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Guloader.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Guloader.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "a3e2d5013b80cd2346e37460753eca4a4fec3a7941586cc26e049a463277562e" logic_hash = "f2cd08f6a32c075dc0294a0e26c51e686babc54ced4faa1873368c8821f0bfef" score = 75 @@ -65210,8 +65555,8 @@ rule ELASTIC_Windows_Trojan_Guloader_C4D9Dd33 : FILE MEMORY date = "2021-08-17" modified = "2021-10-04" reference = "https://www.elastic.co/security-labs/getting-gooey-with-guloader-downloader" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Guloader.yar#L26-L45" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Guloader.yar#L26-L45" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "a3e2d5013b80cd2346e37460753eca4a4fec3a7941586cc26e049a463277562e" logic_hash = "623ea751fc32648720bda40598024d4d5b6a9a11b3cce3c9427310ba17745643" score = 75 @@ -65239,8 +65584,8 @@ rule ELASTIC_Windows_Trojan_Guloader_2F1E44C8 : FILE MEMORY date = "2023-10-30" modified = "2023-11-02" reference = "https://www.elastic.co/security-labs/getting-gooey-with-guloader-downloader" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Guloader.yar#L47-L70" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Guloader.yar#L47-L70" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "6ae7089aa6beaa09b1c3aa3ecf28a884d8ca84f780aab39902223721493b1f99" logic_hash = "434b33c3fdc6bf4b0f59cd4aba66327d0b7ab524be603b256494d46b609cecd5" score = 75 @@ -65272,8 +65617,8 @@ rule ELASTIC_Linux_Trojan_Kaiji_253C44De : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Kaiji.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Kaiji.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "e31eb8880bb084b4c642eba127e64ce99435ea8299a98c183a63a2e6a139d926" logic_hash = "81a07f60765f50c58b2c0f0153367ee570f36c579e9f88fb2f0e49ae5c08773f" score = 75 @@ -65301,8 +65646,8 @@ rule ELASTIC_Linux_Trojan_Kaiji_535F07Ac : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Kaiji.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Kaiji.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "28b2993d7c8c1d8dfce9cd2206b4a3971d0705fd797b9fde05211686297f6bb0" logic_hash = "539977c1076b71873135cfe02153da87c0e9ac17122f04570977a22c92d2694f" score = 75 @@ -65330,8 +65675,8 @@ rule ELASTIC_Linux_Trojan_Kaiji_Dcf6565E : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Kaiji.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Kaiji.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "49f3086105bdc160248e66334db00ce37cdc9167a98faac98800b2c97515b6e7" logic_hash = "2bc943e100548e9aacd97930b3230353be760c8a292dbbbd1d0b5646f647c4fe" score = 75 @@ -65359,8 +65704,8 @@ rule ELASTIC_Linux_Trojan_Kaiji_91091Be3 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Kaiji.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Kaiji.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "dca574d13fcbd7d244d434fcbca68136e0097fefc5f131bec36e329448f9a202" logic_hash = "3b55cb3be5775311af4dc90f9624448d30cc58ef1a42729f6ca4eb3b36ad8b06" score = 75 @@ -65388,8 +65733,8 @@ rule ELASTIC_Windows_Trojan_Solarmarker_D466E548 : FILE MEMORY date = "2023-12-12" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_SolarMarker.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_SolarMarker.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "330f5067c93041821be4e7097cf32fb569e2e1d00e952156c9aafcddb847b873" hash = "e2a620e76352fa7ac58407a711821da52093d97d12293ae93d813163c58eb84b" logic_hash = "c0792bc3c1a2f01ff4b8d0a12c95a74491c2805c876f95a26bbeaabecdff70e9" @@ -65418,8 +65763,8 @@ rule ELASTIC_Windows_Ransomware_Ryuk_25D3C5Ba : BETA FILE MEMORY date = "2020-04-30" modified = "2021-08-23" reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.ryuk" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Ryuk.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Ryuk.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "4d461ff9b87e3a17637cef89ff8a85ef22f69695d4664f6fe8f271a6a5f7b4bc" score = 75 quality = 75 @@ -65447,8 +65792,8 @@ rule ELASTIC_Windows_Ransomware_Ryuk_878Bae7E : BETA FILE MEMORY date = "2020-04-30" modified = "2021-08-23" reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.ryuk" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Ryuk.yar#L22-L42" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Ryuk.yar#L22-L42" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "94bed2220aeb41ae8069cee56cc5299b9fc56797d3b54085b8246a03d9e8bd93" score = 75 quality = 75 @@ -65477,8 +65822,8 @@ rule ELASTIC_Windows_Ransomware_Ryuk_6C726744 : BETA FILE MEMORY date = "2020-04-30" modified = "2021-08-23" reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.ryuk" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Ryuk.yar#L44-L67" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Ryuk.yar#L44-L67" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "ee7586d5cbef23d1863a4dfcc5da9b97397c993268881922c681022bf4f293f0" score = 75 quality = 75 @@ -65510,8 +65855,8 @@ rule ELASTIC_Windows_Ransomware_Ryuk_1A4Ad952 : BETA FILE MEMORY date = "2020-04-30" modified = "2021-08-23" reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.ryuk" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Ryuk.yar#L69-L88" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Ryuk.yar#L69-L88" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "bb854f5760f41e2c103c99d8f128a2546926a614dff8753eaa1287ac583e213a" score = 75 quality = 75 @@ -65539,8 +65884,8 @@ rule ELASTIC_Windows_Ransomware_Ryuk_72B5Fd9D : BETA FILE MEMORY date = "2020-04-30" modified = "2021-08-23" reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.ryuk" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Ryuk.yar#L90-L109" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Ryuk.yar#L90-L109" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "b2abc8f70df5d730ce6a7d0bc125bb623f27b292e7d575914368a8bfc0fb5837" score = 75 quality = 75 @@ -65568,8 +65913,8 @@ rule ELASTIC_Windows_Ransomware_Ryuk_8Ba51798 : BETA FILE MEMORY date = "2020-04-30" modified = "2021-08-23" reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.ryuk" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Ryuk.yar#L111-L137" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Ryuk.yar#L111-L137" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "0733ae6a7e38bc2a25aa76a816284482d3ee25626559ec5af554b5f5070e534a" score = 75 quality = 75 @@ -65604,8 +65949,8 @@ rule ELASTIC_Windows_Ransomware_Ryuk_88Daaf8E : BETA FILE MEMORY date = "2020-04-30" modified = "2021-08-23" reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.ryuk" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Ryuk.yar#L139-L158" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Ryuk.yar#L139-L158" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "6fc463976c0fb9c3e4f25d854545d07800c63730826f3974298f0077d272cff0" score = 75 quality = 75 @@ -65633,8 +65978,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_D9E6B88E : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Tsunami.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Tsunami.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "a4ac275275e7be694a200fe6c5c5746256398c109cf54f45220637fe5d9e26ba" logic_hash = "979d2ae62efca0f719ed1db2ff832dc9a0aa0347dcd50ccede29ec35cba6d296" score = 75 @@ -65662,8 +66007,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_30C039E2 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Tsunami.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Tsunami.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "b494ca3b7bae2ab9a5197b81e928baae5b8eac77dfdc7fe1223fee8f27024772" logic_hash = "a9dbfede68a3209b403aa40dbc5b69326c3e1c14259ed6bc6351f0f9412cfce2" score = 75 @@ -65691,8 +66036,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_C94Eec37 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Tsunami.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Tsunami.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "294fcdd57fc0a53e2d63b620e85fa65c00942db2163921719d052d341aa2dc30" logic_hash = "39a49e1661ac2ca6a43a56b0bd136976f6d506c0779d862a43ba2c25d6947fee" score = 75 @@ -65720,8 +66065,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_F806D5D9 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Tsunami.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Tsunami.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "5259495788f730a2a3bad7478c1873c8a6296506a778f18bc68e39ce48b979da" logic_hash = "86336f662e3abcf2fe7635155782c549fc9eef514356bf78bfbc3b65192e2d90" score = 75 @@ -65749,8 +66094,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_0Fa3A6E9 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Tsunami.yar#L81-L99" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Tsunami.yar#L81-L99" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "40a15a186373a062bfb476b37a73c61e1ba84e5fa57282a7f9ec0481860f372a" logic_hash = "970062e909ffe5356b750605f2c44a6e893949bc5bc71be3ea98b16e51629d4d" score = 75 @@ -65778,8 +66123,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_36A98405 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Tsunami.yar#L101-L119" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Tsunami.yar#L101-L119" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "a57de6cd3468f55b4bfded5f1eed610fdb2cbffbb584660ae000c20663d5b304" logic_hash = "a32d324d1865a7796faefbc2f209e6043008a696929fe7837afbbc770e6f4c74" score = 75 @@ -65807,8 +66152,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_0C6686B8 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Tsunami.yar#L121-L139" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Tsunami.yar#L121-L139" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "409c55110d392aed1a9ec98a6598fb8da86ab415534c8754aa48e3949e7c4b62" logic_hash = "731bb3f9957e8777040c0b7b316a818f4ee1ca9a113fb9eed24ee61bfc71e11d" score = 75 @@ -65836,8 +66181,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_9Ce5B69F : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Tsunami.yar#L141-L159" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Tsunami.yar#L141-L159" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "ad63fbd15b7de4da0db1b38609b7481253c100e3028c19831a5d5c1926351829" logic_hash = "b9756eb99e59ba3a9a616b391bcf26bda26a6ac0de115460f9ba52129f590764" score = 75 @@ -65865,8 +66210,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_55A80Ab6 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Tsunami.yar#L161-L179" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Tsunami.yar#L161-L179" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "5259495788f730a2a3bad7478c1873c8a6296506a778f18bc68e39ce48b979da" logic_hash = "1fc29f98e9ea2a5b67d0a88f37813a5e62b5f1d2a26aee74f90e9ead445dc713" score = 75 @@ -65894,8 +66239,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_E98B83Ee : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Tsunami.yar#L181-L199" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Tsunami.yar#L181-L199" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "cf1ca1d824c8687e87a5b0275a0e39fa101442b4bbf470859ddda9982f9b3417" logic_hash = "8b16c0fee991ee2143a20998097066a90b1f20060bac7b42e5c3188adcdc7907" score = 75 @@ -65923,8 +66268,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_8A11F9Be : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Tsunami.yar#L201-L219" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Tsunami.yar#L201-L219" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "1f773d0e00d40eecde9e3ab80438698923a2620036c2fc33315ef95229e98571" logic_hash = "f80dcb3579a76da787e9bb2bfb02ef86e464aec1bea405f02642b8c8902c7663" score = 75 @@ -65952,8 +66297,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_2462067E : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Tsunami.yar#L221-L239" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Tsunami.yar#L221-L239" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "3847f1c7c15ce771613079419de3d5e8adc07208e1fefa23f7dd416b532853a1" logic_hash = "cf6c0703f9108f8193e0a9c18ba3d76263527a13fe44e194fa464d399512ae05" score = 75 @@ -65981,8 +66326,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_0A028640 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Tsunami.yar#L241-L259" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Tsunami.yar#L241-L259" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "e36081f0dbd6d523c9378cdd312e117642b0359b545b29a61d8f9027d8c0f2f0" logic_hash = "663f110c7214498466759b66a83ff1844f5bf45ce706fa8ad0e8b205cc9c8f72" score = 75 @@ -66010,8 +66355,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_6B3974B2 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Tsunami.yar#L281-L299" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Tsunami.yar#L281-L299" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "2216776ba5c6495d86a13f6a3ce61b655b72a328ca05b3678d1abb7a20829d04" logic_hash = "7c44a0abcd51a6b775fc379b592652ebb10faf16c039ca23b20984183340cada" score = 75 @@ -66039,8 +66384,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_87Bcb848 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Tsunami.yar#L301-L319" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Tsunami.yar#L301-L319" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "575b0dc887d132aa3983e5712b8f642b03762b0685fbd5a32c104bca72871857" logic_hash = "60e8aa7e27ea0bec665075a373ce150c21af4cddfd511b7ec771293126f0006c" score = 75 @@ -66068,8 +66413,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_Ad60D7E8 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Tsunami.yar#L321-L338" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Tsunami.yar#L321-L338" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "1253a8cd1a5230f1ec1f8c7ecd07f89f28acf5c2aa92395c6cb9e635c16a1e25" score = 75 quality = 73 @@ -66096,8 +66441,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_22646C0D : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Tsunami.yar#L340-L358" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Tsunami.yar#L340-L358" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "20439a8fc21a94c194888725fbbb7a7fbeef5faf4b0f704559d89f1cd2e57d9d" logic_hash = "548f531429132392f6d9bccff706b56ba87d8e44763116dedca5d0baa5097b92" score = 75 @@ -66125,8 +66470,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_0E52C842 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Tsunami.yar#L360-L378" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Tsunami.yar#L360-L378" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "cf1ca1d824c8687e87a5b0275a0e39fa101442b4bbf470859ddda9982f9b3417" logic_hash = "35046c6686ee7239844e2fbd092b4ab91a1c22606062fb0031bdb28bfa2c9827" score = 75 @@ -66154,8 +66499,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_019F0E75 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Tsunami.yar#L380-L398" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Tsunami.yar#L380-L398" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "575b0dc887d132aa3983e5712b8f642b03762b0685fbd5a32c104bca72871857" logic_hash = "7a63eb94266b04a31ba67165c512e2e060c3e344665aeed748a51943143b2219" score = 75 @@ -66183,8 +66528,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_7C545Abf : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Tsunami.yar#L400-L418" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Tsunami.yar#L400-L418" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "95691c7ad1d80f7f1b5541e1d1a1dbeba30a26702a4080d256f14edb75851c5d" logic_hash = "fa50ccc4c85417d18a84b7f117f853609c44b17c488a937cdc7495e2d32757f7" score = 75 @@ -66212,8 +66557,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_32C0B950 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Tsunami.yar#L420-L438" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Tsunami.yar#L420-L438" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "214c1caf20ceae579476d3bf97f489484df4c5f1c0c44d37ff9b9066072cd83c" logic_hash = "db077e5916327ca78fcc9dc35f64e5c497dbbe60c4a0c1eb7abb49c555765681" score = 75 @@ -66241,8 +66586,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_Cbf50D9C : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Tsunami.yar#L440-L458" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Tsunami.yar#L440-L458" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "b64d0cf4fc4149aa4f63900e61b6739e154d328ea1eb31f4c231016679fc4aa5" logic_hash = "331a35fb3ecc54022b1d4d05bd64e7c5c6a7997b06dbea3a36c33ccc0a2f7086" score = 75 @@ -66270,8 +66615,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_40C25A06 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Tsunami.yar#L460-L478" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Tsunami.yar#L460-L478" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "61af6bb7be25465e7d469953763be5671f33c197d4b005e4a78227da11ae91e9" logic_hash = "38976911ff9e56fae27fad8b9df01063ed703f43c8220b1fbcef7a3945b3f1ad" score = 75 @@ -66299,8 +66644,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_35806Adc : FILE MEMORY date = "2021-12-13" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Tsunami.yar#L480-L498" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Tsunami.yar#L480-L498" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "15e7942ebf88a51346d3a5975bb1c2d87996799e6255db9e92aed798d279b36b" logic_hash = "6e9d3e5c0a33208d1b5f4f84f8634955e70bd63395b367cd1ece67798ce5e502" score = 75 @@ -66328,8 +66673,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_D74D7F0C : FILE MEMORY date = "2021-12-13" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Tsunami.yar#L500-L518" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Tsunami.yar#L500-L518" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "b0a8b2259c00d563aa387d7e1a1f1527405da19bf4741053f5822071699795e2" logic_hash = "6f5313fc9e838bd06bd4e797ea7fb448073849dc714ecf18809f94900fa11ca2" score = 75 @@ -66357,8 +66702,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_71D31510 : FILE MEMORY date = "2021-12-13" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Tsunami.yar#L520-L538" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Tsunami.yar#L520-L538" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "33dd6c0af99455a0ca3908c0117e16a513b39fabbf9c52ba24c7b09226ad8626" logic_hash = "18bfe9347faf1811686a61e0ee0de5cef842beb25fb06793947309135c41de89" score = 75 @@ -66386,8 +66731,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_97288Af8 : FILE MEMORY date = "2021-12-13" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Tsunami.yar#L540-L558" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Tsunami.yar#L540-L558" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "c39eb055c5f71ebfd6881ff04e876f49495c0be5560687586fc47bf5faee0c84" logic_hash = "c5b521cc887236a189dca419476758cee0f1513a8ad81c94b1ff42e4fe232b8e" score = 75 @@ -66415,8 +66760,8 @@ rule ELASTIC_Linux_Trojan_Chinaz_A2140Ca1 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Chinaz.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Chinaz.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "7c44c2ca77ef7a62446f6266a757817a6c9af5e010a219a43a1905e2bc5725b0" logic_hash = "c9c63114e45b45b1c243af1f719cddc838a06a1f35d65dca6a2fb5574047eff0" score = 60 @@ -66444,8 +66789,8 @@ rule ELASTIC_Linux_Exploit_CVE_2009_1897_6Cf0A073 : FILE MEMORY CVE_2009_1897 date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_CVE_2009_1897.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_CVE_2009_1897.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "85f371bf73ee6d8fcb6fa9a8a68b38c5e023151257fd549855c4c290cc340724" logic_hash = "dcde454fda09cb6bc7b213b76d70eafd65d2601cfda70ff25c6940b55ce3adb6" score = 75 @@ -66473,8 +66818,8 @@ rule ELASTIC_Windows_Trojan_Raspberryrobin_4B4D6899 : FILE MEMORY date = "2023-12-13" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_RaspberryRobin.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_RaspberryRobin.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "2f0451f38adb74cb96c857de455887b00c5038b68210294c7f52b0b5ff64cc1e" logic_hash = "bbafad9509b367e811e86cb8f2f64d9c1d59f82b5cd58a7af43325bb7fa9d9c3" score = 75 @@ -66502,8 +66847,8 @@ rule ELASTIC_Windows_Trojan_Octopus_15813E26 : FILE MEMORY date = "2021-11-10" modified = "2022-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Octopus.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Octopus.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "0d30b96ead4ccba75e08f6ba1db73cee61a29b5b0c7ee0fb523cbcd61dce9d87" score = 75 quality = 75 @@ -66531,8 +66876,8 @@ rule ELASTIC_Linux_Trojan_Lady_75F6392C : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Lady.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Lady.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "c257ac7bd3a9639e0d67a7db603d5bc8d8505f6f2107a26c2615c5838cf11826" logic_hash = "5160b6ab4800c72b48b501787f3164c2ba1061a2abe21c63180e02d6791a4c12" score = 75 @@ -66560,8 +66905,8 @@ rule ELASTIC_Windows_Trojan_Fabookie_024F8759 : FILE MEMORY date = "2023-06-22" modified = "2023-07-10" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Fabookie.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Fabookie.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "6c6345c6f0a5beadc4616170c87ec8a577de185d53345581e1b00e72af24c13e" logic_hash = "9477406b718c6489161cf4636be66c4f72df923b9c5a7ee4069ef6a9552de485" score = 75 @@ -66590,8 +66935,8 @@ rule ELASTIC_Multi_Hacktool_Rakshasa_D5D3Ef21 : FILE MEMORY date = "2024-01-24" modified = "2024-01-29" reference = "https://www.elastic.co/security-labs/unmasking-financial-services-intrusion-ref0657" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Multi_Hacktool_Rakshasa.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Multi_Hacktool_Rakshasa.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "ccfa30a40445d5237aaee1e015ecfcd9bdbe7665a6dc2736b28e5ebf07ec4597" logic_hash = "123cbea0ce02012a9b22a4a241d11aa9acbb58b50a1bd9228da7cadbf0fa1b4e" score = 75 @@ -66623,8 +66968,8 @@ rule ELASTIC_Linux_Exploit_CVE_2010_3301_79D52Efd : FILE MEMORY CVE_2010_3301 date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_CVE_2010_3301.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_CVE_2010_3301.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "53a2163ad17a414d9db95f5287d9981c9410e7eaeea096610ba622eb763a6970" logic_hash = "1d4eb14042f552aa1577d0fe452e92c25bda66d0ad1a66e824677bee65908578" score = 75 @@ -66652,8 +66997,8 @@ rule ELASTIC_Linux_Exploit_CVE_2010_3301_D0Eb0924 : FILE MEMORY CVE_2010_3301 date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_CVE_2010_3301.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_CVE_2010_3301.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "907995e90a80d3ace862f2ffdf13fd361762b5acc5397e14135d85ca6a61619b" logic_hash = "5229be3d1997ee4d05846d6804ffafd36c088dd8607a1fba39a0a43950e448c1" score = 75 @@ -66681,8 +67026,8 @@ rule ELASTIC_Linux_Exploit_CVE_2010_3301_A5828970 : FILE MEMORY CVE_2010_3301 date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_CVE_2010_3301.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_CVE_2010_3301.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "4fc781f765a65b714ec27080f25c03f20e06830216506e06325240068ba62d83" logic_hash = "61b0cb38a6e14efee157547e811450d2ed4674f79ac86656a8d984084f71a665" score = 75 @@ -66710,8 +67055,8 @@ rule ELASTIC_Windows_Hacktool_Sharplaps_381C3F40 : FILE MEMORY date = "2022-12-22" modified = "2022-12-22" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Hacktool_SharpLAPS.yar#L1-L26" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Hacktool_SharpLAPS.yar#L1-L26" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "ef0d508b3051fe6f99ba55202a17237f29fdbc0085e3f5c99b1aef52c8ebe425" logic_hash = "d94f9e4200a63283346919c121873130ad90e4ad5979c017cb71dc0cc910a64a" score = 75 @@ -66746,8 +67091,8 @@ rule ELASTIC_Linux_Exploit_CVE_2019_13272_583Dd2C0 : FILE MEMORY CVE_2019_13272 date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_CVE_2019_13272.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_CVE_2019_13272.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "3191b9473f3e59f55e062e6bdcfe61b88974602c36477bfa6855ccd92ff7ca83" logic_hash = "0b25f0d979d2fc3f7d646a9b3eccf2a293b41181b499c790d3e99515fcd09603" score = 75 @@ -66775,8 +67120,8 @@ rule ELASTIC_Windows_Ransomware_Helloxd_0C50F01B : FILE MEMORY date = "2022-06-14" modified = "2022-07-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Helloxd.yar#L1-L26" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Helloxd.yar#L1-L26" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "435781ab608ff908123d9f4758132fa45d459956755d27027a52b8c9e61f9589" logic_hash = "71e09fa1a00fa6f3688129ee2b2a8957b84f64ef51fcba5123a6a9df80a9c7e1" score = 75 @@ -66811,8 +67156,8 @@ rule ELASTIC_Linux_Hacktool_Tcpscan_334D0Ca5 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Hacktool_Tcpscan.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Hacktool_Tcpscan.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "62de04185c2e3c22af349479a68ad53c31b3874794e7c4f0f33e8d125c37f6b0" logic_hash = "94ee723c660294e35caec5a2b66eeea64896265cfebc839ed3f55cf8f8c67d7e" score = 75 @@ -66840,8 +67185,8 @@ rule ELASTIC_Linux_Exploit_Criscras_Fc505C1D : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_Criscras.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_Criscras.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "7399f6b8fbd6d6c6fb56ab350c84910fe19cc5da67e4de37065ff3d4648078ab" logic_hash = "4d84570c13c584fb7360e798df9f3e6039ee74fdb6ad597add0ea150e3deaa80" score = 75 @@ -66869,8 +67214,8 @@ rule ELASTIC_Linux_Exploit_CVE_2018_10561_0F246E33 : FILE MEMORY CVE_2018_10561 date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_CVE_2018_10561.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_CVE_2018_10561.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "eac08c105495e6fadd8651d2e9e650b6feba601ec78f537b17fb0e73f2973a1c" logic_hash = "2c3785ddfded7128e983f3ec17a9f77c856d903f07e325b08f9f463950576ebe" score = 75 @@ -66898,8 +67243,8 @@ rule ELASTIC_Linux_Rootkit_Adore_Fe3Fd09F : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Rootkit_Adore.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Rootkit_Adore.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "f4e532b840e279daf3d206e9214a1b065f97deb7c1487a34ac5cbd7cbbf33e1a" logic_hash = "cc07efb9484562cd870649a38126f08aa4e99ed5ad4662ece0488d9ffd97520e" score = 75 @@ -66927,8 +67272,8 @@ rule ELASTIC_Linux_Trojan_Snessik_D166F98C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Snessik.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Snessik.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "f3ececc2edfff2f92d80ed3a5140af55b6bebf7cae8642a0d46843162eeddddd" logic_hash = "44f15a87d48338aafa408d4bcabef844c8864cd95640ad99208b5035e28ccd27" score = 75 @@ -66956,8 +67301,8 @@ rule ELASTIC_Linux_Trojan_Snessik_E435A79C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Snessik.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Snessik.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "e24749b07f824a4839b462ec4e086a4064b29069e7224c24564e2ad7028d5d60" logic_hash = "4850530a0566844447f56f4e5cb43c5982b1dcb784bb1aef3e377525b8651ed3" score = 75 @@ -66985,8 +67330,8 @@ rule ELASTIC_Linux_Trojan_Iroffer_53692410 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Iroffer.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Iroffer.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "e76508141970efb3e4709bcff83772da9b10169c599e13e58432257a7bb2defa" logic_hash = "b8aa25fbde4d9ca36656f583e7601118a06e57703862c8b28b273881eef504fe" score = 60 @@ -67014,8 +67359,8 @@ rule ELASTIC_Linux_Trojan_Iroffer_013E07De : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Iroffer.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Iroffer.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "e76508141970efb3e4709bcff83772da9b10169c599e13e58432257a7bb2defa" logic_hash = "ce21de61f94d41aa3abb73b9391a4d9c8ddeea75f1a2b36be58111b70a9590fe" score = 60 @@ -67043,8 +67388,8 @@ rule ELASTIC_Linux_Trojan_Iroffer_0De95Cab : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Iroffer.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Iroffer.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "717bea3902109d1b1d57e57c26b81442c0705af774139cd73105b2994ab89514" logic_hash = "adec3e1d3110bcc22262d5f1f2ad14a347616f4a809f29170a9fbb5d1669a4c3" score = 75 @@ -67072,8 +67417,8 @@ rule ELASTIC_Linux_Trojan_Iroffer_711259E4 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Iroffer.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Iroffer.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "e76508141970efb3e4709bcff83772da9b10169c599e13e58432257a7bb2defa" logic_hash = "a71dbb979bc1f7671ab9958b6aa502e6ded4ee1c1b026080fd377eb772ebb1d5" score = 75 @@ -67101,8 +67446,8 @@ rule ELASTIC_Linux_Trojan_Iroffer_7478Ddd9 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Iroffer.yar#L81-L99" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Iroffer.yar#L81-L99" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "20e1509c23d7ef14b15823e4c56b9a590e70c5b7960a04e94b662fc34152266c" logic_hash = "e650ee830b735a11088b628e865cd40a15054437ca05849f2eaa7838eac152e3" score = 75 @@ -67130,8 +67475,8 @@ rule ELASTIC_Windows_Ransomware_Clop_6A1670Aa : BETA FILE MEMORY date = "2020-05-03" modified = "2021-08-23" reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.clop" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Clop.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Clop.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "afe28000d50495bf2f2adc6cbf0159591ce87bff207f3c6a1d38e09f9ed328d7" score = 75 quality = 75 @@ -67159,8 +67504,8 @@ rule ELASTIC_Windows_Ransomware_Clop_E04959B5 : BETA FILE MEMORY date = "2020-05-03" modified = "2021-08-23" reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.clop" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Clop.yar#L22-L50" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Clop.yar#L22-L50" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "039fcb0e48898c7546588cd095fac16f06cf5e5568141aefb6db382a61e80a8d" score = 75 quality = 50 @@ -67197,8 +67542,8 @@ rule ELASTIC_Windows_Ransomware_Clop_9Ac9Ea3E : BETA FILE MEMORY date = "2020-05-03" modified = "2021-08-23" reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.clop" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Clop.yar#L52-L71" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Clop.yar#L52-L71" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "1228ee4b934faf1d5f8cf4518974cd2c80a73d84c8a354bde4813fb97ba516d7" score = 75 quality = 75 @@ -67226,8 +67571,8 @@ rule ELASTIC_Windows_Ransomware_Clop_606020E7 : BETA FILE MEMORY date = "2020-05-03" modified = "2021-08-23" reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.clop" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Clop.yar#L73-L92" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Clop.yar#L73-L92" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "f5169b324bc19f6f5a04c99f1d3326c97300d038ec383c3eab94eb258963ac30" score = 75 quality = 75 @@ -67255,8 +67600,8 @@ rule ELASTIC_Windows_Vulndriver_Rtcore_4Eeb2Ce5 : FILE date = "2022-04-04" modified = "2022-08-30" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_VulnDriver_RtCore.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_VulnDriver_RtCore.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "01aa278b07b58dc46c84bd0b1b5c8e9ee4e62ea0bf7a695862444af32e87f1fd" logic_hash = "f547bce6554c60e8f3ef8e128c05533cf1f35ce0ee414d5a1c5e9a205b05d8fe" score = 75 @@ -67285,8 +67630,8 @@ rule ELASTIC_Windows_Cryptominer_Generic_Dd1E4D1A : FILE date = "2021-01-12" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Cryptominer_Generic.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Cryptominer_Generic.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "7ac1d7b6107307fb2442522604c8fa56010d931392d606ac74dcea6b7125954b" logic_hash = "b7289c4688ec67d59e67755461f1f4e0c3f47ef9f8c73fc1dcc1d168baf11623" score = 75 @@ -67314,8 +67659,8 @@ rule ELASTIC_Linux_Trojan_Bish_974B4B47 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Bish.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Bish.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "9171fd2bbe182f0a3cd35937f3ee0076c9358f52f5bc047498dd9e233ae11757" logic_hash = "c5a7d036c89fe50626da51486d19ee731ad28cbc8d36def075d8f33a7b68961f" score = 75 @@ -67343,8 +67688,8 @@ rule ELASTIC_Linux_Trojan_Bluez_50E87Fa9 : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "1e526b6e3be273489afa8f0a3d50be233b97dc07f85815cc2231a87f5a651ef1" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Bluez.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Bluez.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "53754c538a7dea6f06e37980901350feddc3517821ea42544cb96e371709752f" score = 75 quality = 75 @@ -67371,8 +67716,8 @@ rule ELASTIC_Linux_Trojan_Sambashell_F423755D : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Sambashell.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Sambashell.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "bd8a3728a59afbf433799578ef597b9a7211c8d62e87a25209398814851a77ea" logic_hash = "b93c671fae87cd635679142d248cb2b754389ba3b416f3370ea331640eb906ab" score = 75 @@ -67400,8 +67745,8 @@ rule ELASTIC_Linux_Ransomware_Lockbit_D248E80E : FILE MEMORY date = "2023-07-27" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Ransomware_Lockbit.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Ransomware_Lockbit.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "4800a67ceff340d2ab4f79406a01f58e5a97d589b29b35394b2a82a299b19745" logic_hash = "5d33d243cd7f9d9189139eb34a4dd8d81882be200223d5c8e60dfd07ca98f94b" score = 75 @@ -67434,8 +67779,8 @@ rule ELASTIC_Linux_Ransomware_Lockbit_5B30A04B : FILE MEMORY date = "2023-07-29" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Ransomware_Lockbit.yar#L26-L46" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Ransomware_Lockbit.yar#L26-L46" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "41cbb7d79388eaa4d6e704bd4a8bf8f34d486d27277001c343ea3ce112f4fb0d" logic_hash = "b89d0f25f08ffa35e075def6a29cf52a80500c6499732146426a71c741059a3b" score = 75 @@ -67465,8 +67810,8 @@ rule ELASTIC_Windows_Hacktool_Sharpshares_88Cdcd52 : FILE MEMORY date = "2022-10-20" modified = "2022-11-24" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Hacktool_SharpShares.yar#L1-L30" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Hacktool_SharpShares.yar#L1-L30" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "bbdd3620a67aedec4b9a68b2c9cc880b6631215e129816aea19902a6f4bc6f41" logic_hash = "85c59b939da6158f931e779c2884cea77b80fab54ee5e157d86afa19f0253db3" score = 75 @@ -67505,8 +67850,8 @@ rule ELASTIC_Windows_Hacktool_Leigod_89397Ebf : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Hacktool_LeiGod.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Hacktool_LeiGod.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "ae5cc99f3c61c86c7624b064fd188262e0160645c1676d231516bf4e716a22d3" logic_hash = "e887c34c624a182a3c57a55abe02784c4350d3956bcfd9f7918f08a464819e63" score = 75 @@ -67534,8 +67879,8 @@ rule ELASTIC_Windows_Hacktool_Leigod_3F5C98C4 : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Hacktool_LeiGod.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Hacktool_LeiGod.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "0c42fe45ffa9a9c36c87a7f01510a077da6340ffd86bf8509f02c6939da133c5" logic_hash = "7570bf1a69df6b493bde41c1de27969e36a3fcb59be574ee2e24e3a61347a146" score = 75 @@ -67563,8 +67908,8 @@ rule ELASTIC_Linux_Ransomware_Limpdemon_95C748E0 : FILE MEMORY date = "2023-07-27" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Ransomware_LimpDemon.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Ransomware_LimpDemon.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "a4200e90a821a2f2eb3056872f06cf5b057be154dcc410274955b2aaca831651" logic_hash = "e66906725c0af657d91771642908ac0b2c72a97c4d4f651dcc907c2c1437f2da" score = 75 @@ -67595,8 +67940,8 @@ rule ELASTIC_Windows_Trojan_STRRAT_A3E48Cd2 : MEMORY date = "2024-03-13" modified = "2024-03-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_STRRAT.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_STRRAT.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "97e67ac77d80d26af4897acff2a3f6075e0efe7997a67d8194e799006ed5efc9" logic_hash = "32f79695829f703bf9996d212aeb563791aed28e1bbb9f700cb45325fd02db77" score = 75 @@ -67625,8 +67970,8 @@ rule ELASTIC_Linux_Ransomware_Ragnarlocker_9F5982B8 : FILE MEMORY date = "2023-07-27" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Ransomware_RagnarLocker.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Ransomware_RagnarLocker.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "f668f74d8808f5658153ff3e6aee8653b6324ada70a4aa2034dfa20d96875836" logic_hash = "c08579dc675a709add392a0189d01e05af61034b72f451d2b024c89c1299ee6c" score = 75 @@ -67656,8 +68001,8 @@ rule ELASTIC_Windows_Trojan_Merlin_E8Ecb3Be : FILE MEMORY date = "2022-01-05" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Merlin.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Merlin.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "768c120e63d3960a0842dcc538749955ab7caabaeaf3682f6d1e30666aac65a8" logic_hash = "293158c981463544abd0c38694bfc8635ad1a679bbae115521b65879f145cea6" score = 75 @@ -67685,8 +68030,8 @@ rule ELASTIC_Macos_Trojan_Kandykorn_A7Bb6944 : FILE MEMORY date = "2023-10-23" modified = "2023-10-23" reference = "https://www.elastic.co/security-labs/elastic-catches-dprk-passing-out-kandykorn" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/MacOS_Trojan_KandyKorn.yar#L1-L29" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/MacOS_Trojan_KandyKorn.yar#L1-L29" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "51dd4efcf714e64b4ad472ea556bf1a017f40a193a647b9e28bf356979651077" logic_hash = "65decd519dee947894dd684c52d91202ebe5587acfecc0b8b56cd73f2981e387" score = 75 @@ -67723,8 +68068,8 @@ rule ELASTIC_Windows_Backdoor_Teamviewer_Df8E7326 : FILE MEMORY date = "2022-10-29" modified = "2022-12-20" reference = "https://vms.drweb.com/virus/?i=8172096" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Backdoor_TeamViewer.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Backdoor_TeamViewer.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "68d9ffb6e00c2694d0d827108d0410d5a66d4f8cf839afddd17c5887b0149350" logic_hash = "3d42c76626c76959e450a81001c73d8d47b52789cab324e0cc7af09303c1367d" score = 75 @@ -67757,8 +68102,8 @@ rule ELASTIC_Linux_Trojan_Zpevdo_7F563544 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Zpevdo.yar#L1-L18" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Zpevdo.yar#L1-L18" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "9cbbb5a9166184cef630d1aba8fec721f676b868d22b1f96ffc1430e98ae974c" score = 75 quality = 75 @@ -67785,8 +68130,8 @@ rule ELASTIC_Windows_Hacktool_Sharpersist_06606812 : FILE MEMORY date = "2022-10-20" modified = "2022-11-24" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Hacktool_SharPersist.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Hacktool_SharPersist.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "e9711f47cf9171f79bf34b342279f6fd9275c8ae65f3eb2c6ebb0b8432ea14f8" logic_hash = "ddabfb54422f6fb2ad6999b724b1d8f186adf71f96f01a8770715029529e869a" score = 75 @@ -67818,8 +68163,8 @@ rule ELASTIC_Windows_Trojan_Nighthawk_9F3A5Abb : FILE MEMORY date = "2022-11-24" modified = "2023-06-20" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Nighthawk.yar#L1-L26" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Nighthawk.yar#L1-L26" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "b775a8f7629966592cc7727e2081924a7d7cf83edd7447aa60627a2b67d87c94" logic_hash = "27a34e48141fe260c16c12a2652e440d2540ca5f0c84b41c9c4762dcab44ffd4" score = 75 @@ -67854,8 +68199,8 @@ rule ELASTIC_Windows_Trojan_Nighthawk_2A2E3B9D : FILE MEMORY date = "2022-11-24" modified = "2023-06-20" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Nighthawk.yar#L28-L47" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Nighthawk.yar#L28-L47" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "38881b87826f184cc91559555a3456ecf00128e01986a9df36a72d60fb179ccf" logic_hash = "c42605ebba900fafb4ec2d34d93bb7adb69e731ce151b82a95889dd0d738da00" score = 75 @@ -67884,8 +68229,8 @@ rule ELASTIC_Windows_Trojan_Nighthawk_23489175 : FILE MEMORY date = "2023-06-14" modified = "2023-07-10" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Nighthawk.yar#L49-L74" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Nighthawk.yar#L49-L74" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "697742d5dd071add40b700022fd30424cb231ffde223d21bd83a44890e06762f" logic_hash = "be41fc53f7098ca3cf718e8066a488196423ede993466c9a24ad2af387e03b24" score = 75 @@ -67920,8 +68265,8 @@ rule ELASTIC_Windows_Exploit_Perfusion_5Ab5Ddee : FILE MEMORY date = "2024-02-28" modified = "2024-03-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Exploit_Perfusion.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Exploit_Perfusion.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "7fdef25acb0d1447203b9768ae58a8e21db24816c602b160d105dab86ae34728" logic_hash = "490f3fc89cf78dbe82f1feb012a147a8d187612720efb6e1eb4e97720b26ee59" score = 75 @@ -67952,8 +68297,8 @@ rule ELASTIC_Windows_Trojan_Backoff_22798F00 : FILE MEMORY date = "2022-08-10" modified = "2022-09-29" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Backoff.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Backoff.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "65b5aff18a4e0bc29d7cc4cfbe2d5882f99a855727fe467b2ba2e2851c43d21b" score = 75 quality = 75 @@ -67985,8 +68330,8 @@ rule ELASTIC_Linux_Trojan_Gognt_50C3D9Da : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Gognt.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Gognt.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "79602bc786edda7017c5f576814b683fba41e4cb4cf3f837e963c6d0d42c50ee" logic_hash = "ecd9cd94b3bf8c50c347e70aab3da03ea6589530b20941a9f62dac501f8144fc" score = 75 @@ -68014,8 +68359,8 @@ rule ELASTIC_Linux_Trojan_Gognt_05B10F4B : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Gognt.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Gognt.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "e43aaf2345dbb5c303d5a5e53cd2e2e84338d12f69ad809865f20fd1a5c2716f" logic_hash = "1dfc3417f75aa81aea5eda3d6da076f1cacf82dbfc039252b1d16f52b81a5a65" score = 75 @@ -68043,8 +68388,8 @@ rule ELASTIC_Windows_Hacktool_Dcsyncer_425579C5 : FILE MEMORY date = "2021-09-15" modified = "2022-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Hacktool_Dcsyncer.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Hacktool_Dcsyncer.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "af7dbc84efeb186006d75d095f54a266f59e6b2348d0c20591da16ae7b7d509a" logic_hash = "b0330adf1d4420ddf1f302974d2e4179f52ab1c8dc2f294ddf52286d714e0463" score = 75 @@ -68076,8 +68421,8 @@ rule ELASTIC_Linux_Trojan_Hiddad_E35Bff7B : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Hiddad.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Hiddad.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "22a418e660b5a7a2e0cc1c1f3fe1d150831d75c4fedeed9817a221194522efcf" logic_hash = "3881222807585dc933cb61473751d13297fa7eb085a50d435d3b680354a35ee9" score = 75 @@ -68096,6 +68441,37 @@ rule ELASTIC_Linux_Trojan_Hiddad_E35Bff7B : FILE MEMORY condition: all of them } +rule ELASTIC_Windows_Trojan_Wineloader_13E8860A : FILE MEMORY +{ + meta: + description = "Detects Windows Trojan Wineloader (Windows.Trojan.WineLoader)" + author = "Elastic Security" + id = "13e8860a-9d83-4ae6-b07e-20bb4037010c" + date = "2024-03-24" + modified = "2024-05-08" + reference = "https://github.com/elastic/protections-artifacts/" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_WineLoader.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" + hash = "f5cb3234eff0dbbd653d5cdce1d4b1026fa9574ebeaf16aaae3d4e921b6a7f9d" + logic_hash = "c072abb73377ed59c0dd9fab25a4c84575ab9badbddfda1ed51e576e4e12fa82" + score = 75 + quality = 75 + tags = "FILE, MEMORY" + fingerprint = "d21c6d97360deea724b94b8f65116f00c11625c5deb1bac0790a23ede6eaaac6" + severity = 100 + arch_context = "x86" + scan_context = "file, memory" + license = "Elastic License v2" + os = "windows" + + strings: + $a1 = { 48 8B 1E 48 89 F1 E8 ?? ?? 00 00 48 8B 56 08 48 89 F9 49 89 D8 E8 ?? ?? FF FF 48 89 F1 E8 ?? 5C 00 00 90 48 81 C4 ?? 00 00 00 5B 5D 5F 5E 41 5C 41 5E 41 5F C3 C3 41 57 41 56 41 55 41 54 56 57 } + $a2 = { 85 C0 0F 84 ?? 03 00 00 4C 8D A4 24 BC 00 00 00 41 C7 04 24 04 00 00 00 B8 0F 00 00 00 48 8D 7C 24 70 48 89 47 F8 48 B8 } + $a3 = { 48 85 DB 0F 84 B3 00 00 00 83 BC 24 80 01 00 00 00 0F 84 5A 01 00 00 4C 8D 74 24 50 49 C7 46 F8 0D 00 00 00 48 B8 } + + condition: + any of them +} rule ELASTIC_Windows_Trojan_Limerat_24269A79 : FILE MEMORY { meta: @@ -68105,8 +68481,8 @@ rule ELASTIC_Windows_Trojan_Limerat_24269A79 : FILE MEMORY date = "2021-08-17" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Limerat.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Limerat.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "ec781a714d6bc6fac48d59890d9ae594ffd4dbc95710f2da1f1aa3d5b87b9e01" logic_hash = "053a6abe589db23c4b9baed24729c8bcdd9019535fd0d9efc60ab4035c9779f3" score = 75 @@ -68134,8 +68510,8 @@ rule ELASTIC_Linux_Hacktool_Infectionmonkey_6C84537B : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Hacktool_Infectionmonkey.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Hacktool_Infectionmonkey.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "d941943046db48cf0eb7f11e144a79749848ae6b50014833c5390936e829f6c3" logic_hash = "24cb368040fffe2743d0361a955d45a62a95a31c1744f3de15089169e365bb89" score = 75 @@ -68163,8 +68539,8 @@ rule ELASTIC_Macos_Trojan_Fplayer_1C1Fae37 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/MacOS_Trojan_Fplayer.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/MacOS_Trojan_Fplayer.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "f57e651088dee2236328d09705cef5e98461e97d1eb2150c372d00ca7c685725" logic_hash = "0d65717bdbac694ffb2535a1ff584f7ec2aa7b553a08d29113c6e2bd7b2ff1aa" score = 75 @@ -68192,8 +68568,8 @@ rule ELASTIC_Windows_Vulndriver_Powertool_044A8645 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_VulnDriver_PowerTool.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_VulnDriver_PowerTool.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "1aaa9aef39cb3c0a854ecb4ca7d3b213458f302025e0ec5bfbdef973cca9111c" logic_hash = "b21c16cb72d003c505aa0ac4cc21b92513a100bad6870460090994c02cad875a" score = 75 @@ -68222,8 +68598,8 @@ rule ELASTIC_Windows_Trojan_Siestagraph_8C36Ddc1 : FILE MEMORY date = "2022-12-14" modified = "2022-12-15" reference = "https://www.elastic.co/security-labs/siestagraph-new-implant-uncovered-in-asean-member-foreign-ministry" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_SiestaGraph.yar#L1-L28" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_SiestaGraph.yar#L1-L28" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "50c2f1bb99d742d8ae0ad7c049362b0e62d2d219b610dcf25ba50c303ccfef54" logic_hash = "17ce8090b88100f00c07df0599cd51dc7682f4c43de989ce58621df97eca42fb" score = 75 @@ -68259,8 +68635,8 @@ rule ELASTIC_Windows_Trojan_Siestagraph_Ad3Fe5C6 : FILE MEMORY date = "2023-09-12" modified = "2023-09-20" reference = "https://www.elastic.co/security-labs/siestagraph-new-implant-uncovered-in-asean-member-foreign-ministry" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_SiestaGraph.yar#L30-L56" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_SiestaGraph.yar#L30-L56" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "fe8f99445ad139160a47b109a8f3291eef9c6a23b4869c48d341380d608ed4cb" logic_hash = "b625221b77803c2c052db09c90a76666cf9e0ae34cb0d59ae303e890e646e94b" score = 75 @@ -68295,8 +68671,8 @@ rule ELASTIC_Windows_Trojan_Siestagraph_D801Ce71 : FILE MEMORY date = "2023-09-12" modified = "2023-09-20" reference = "https://www.elastic.co/security-labs/siestagraph-new-implant-uncovered-in-asean-member-foreign-ministry" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_SiestaGraph.yar#L58-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_SiestaGraph.yar#L58-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "fe8f99445ad139160a47b109a8f3291eef9c6a23b4869c48d341380d608ed4cb" logic_hash = "c2d00d64d69cb5d24d76f6c551b49aa1acef1e1bab96f7ed7facc148244a8370" score = 75 @@ -68326,8 +68702,8 @@ rule ELASTIC_Linux_Cryptominer_Stak_05088561 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Stak.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Stak.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "d0d2bab33076121cf6a0a2c4ff1738759464a09ae4771c39442a865a76daff59" logic_hash = "2b0f8a4efdfb13abcc2a1b43e9c39828ea1de6015fef0ef613bd754da5aa3e9a" score = 75 @@ -68355,8 +68731,8 @@ rule ELASTIC_Linux_Cryptominer_Stak_Ae8B98A9 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Stak.yar#L21-L38" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Stak.yar#L21-L38" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "aade76488aa2f557de9082647153cca374a4819cd8e539ebba4bfef2334221b0" score = 75 quality = 75 @@ -68383,8 +68759,8 @@ rule ELASTIC_Linux_Cryptominer_Stak_D707Fd3A : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Stak.yar#L40-L58" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Stak.yar#L40-L58" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "d0d2bab33076121cf6a0a2c4ff1738759464a09ae4771c39442a865a76daff59" logic_hash = "b825247372aace6e3ce0ff1d9685b6bb041b7277f8967d5f5926b49813cfadc9" score = 75 @@ -68412,8 +68788,8 @@ rule ELASTIC_Linux_Cryptominer_Stak_52Dc7Af3 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Stak.yar#L60-L78" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Stak.yar#L60-L78" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "a9c14b51f95d0c368bf90fb10e7d821a2fbcc79df32fd9f068a7fc053cbd7e83" logic_hash = "81998164f517b6f1ef72b10227cfff86aa8bbd2b4e2668f946c8ed59696ae74d" score = 75 @@ -68441,8 +68817,8 @@ rule ELASTIC_Linux_Cryptominer_Stak_Bb3153Ac : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Stak.yar#L80-L98" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Stak.yar#L80-L98" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "5b974b6e6a239bcdc067c53cc8a6180c900052d7874075244dc49aaaa9414cca" logic_hash = "e8516a24358b12863fe52c823ca67f0004457017334fe77dabf5f08d6bf2d907" score = 75 @@ -68470,8 +68846,8 @@ rule ELASTIC_Linux_Trojan_Godropper_Bae099Bd : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Godropper.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Godropper.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "704643f3fd11cda1d52260285bf2a03bccafe59cfba4466427646c1baf93881e" logic_hash = "ef6274928f7cfc0312122ac3e4153fb0a78dc7d5fb2d68db6cbe4974f5497210" score = 75 @@ -68499,8 +68875,8 @@ rule ELASTIC_Windows_Vulndriver_Segwin_04A3962E : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_VulnDriver_Segwin.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_VulnDriver_Segwin.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "65329dad28e92f4bcc64de15c552b6ef424494028b18875b7dba840053bc0cdd" logic_hash = "1e9ba5fc78f2b4eeee56314c9e8cf3071817d726b44cb8510f8d7069e85ab7bf" score = 75 @@ -68530,8 +68906,8 @@ rule ELASTIC_Windows_Trojan_Modpipe_12Bc2604 : FILE MEMORY date = "2023-07-27" modified = "2023-09-20" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_ModPipe.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_ModPipe.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "0a26de1b2fb48d65cde61b60c0eba478da73a3eeaeb785d1b2d6095eccbe34e2" score = 75 quality = 75 @@ -68561,8 +68937,8 @@ rule ELASTIC_Macos_Trojan_Bundlore_28B13E67 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/MacOS_Trojan_Bundlore.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/MacOS_Trojan_Bundlore.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "0b50a38749ea8faf571169ebcfce3dfd668eaefeb9a91d25a96e6b3881e4a3e8" logic_hash = "586ae19e570c51805afd3727b2e570cdb1c48344aa699e54774a708f02bc3a6f" score = 75 @@ -68590,8 +68966,8 @@ rule ELASTIC_Macos_Trojan_Bundlore_75C8Cb4E : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/MacOS_Trojan_Bundlore.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/MacOS_Trojan_Bundlore.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "3d69912e19758958e1ebdef5e12c70c705d7911c3b9df03348c5d02dd06ebe4e" logic_hash = "527fecb8460c0325c009beddd6992e0abbf8c5a05843e4cedf3b17deb4b19a1c" score = 75 @@ -68619,8 +68995,8 @@ rule ELASTIC_Macos_Trojan_Bundlore_17B564B4 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/MacOS_Trojan_Bundlore.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/MacOS_Trojan_Bundlore.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "94f6e5ee6eb3a191faaf332ea948301bbb919f4ec6725b258e4f8e07b6a7881d" logic_hash = "40cd2a793c8ed51a8191ecb9b358f50dc2035d997d0f773f6049f9c272291607" score = 75 @@ -68648,8 +69024,8 @@ rule ELASTIC_Macos_Trojan_Bundlore_C90C088A : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/MacOS_Trojan_Bundlore.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/MacOS_Trojan_Bundlore.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "875513f4ebeb63b9e4d82fb5bff2b2dc75b69c0bfa5dd8d2895f22eaa783f372" logic_hash = "c82c5c8d1e38e0d2631c5611e384eb49b58c64daeafe0cc642682e5c64686b60" score = 75 @@ -68677,8 +69053,8 @@ rule ELASTIC_Macos_Trojan_Bundlore_3965578D : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/MacOS_Trojan_Bundlore.yar#L81-L99" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/MacOS_Trojan_Bundlore.yar#L81-L99" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "d72543505e36db40e0ccbf14f4ce3853b1022a8aeadd96d173d84e068b4f68fa" logic_hash = "6bd24640e0a3aa152fcd90b6975ee4fb7e99ab5f2d48d3a861bc804c526c90b6" score = 75 @@ -68706,8 +69082,8 @@ rule ELASTIC_Macos_Trojan_Bundlore_00D9D0E9 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/MacOS_Trojan_Bundlore.yar#L101-L119" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/MacOS_Trojan_Bundlore.yar#L101-L119" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "73069b34e513ff1b742b03fed427dc947c22681f30cf46288a08ca545fc7d7dd" logic_hash = "535831872408caa27984190d1b1b1a5954e502265925d50457e934219598dbfd" score = 75 @@ -68735,8 +69111,8 @@ rule ELASTIC_Macos_Trojan_Bundlore_650B8Ff4 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/MacOS_Trojan_Bundlore.yar#L121-L139" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/MacOS_Trojan_Bundlore.yar#L121-L139" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "78fd2c4afd7e810d93d91811888172c4788a0a2af0b88008573ce8b6b819ae5a" logic_hash = "e8a706db010e9c3d9714d5e7a376e9b2189af382a7b01db9a9e7ee947e9637bb" score = 75 @@ -68764,8 +69140,8 @@ rule ELASTIC_Macos_Trojan_Bundlore_C8Ad7Edd : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/MacOS_Trojan_Bundlore.yar#L141-L159" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/MacOS_Trojan_Bundlore.yar#L141-L159" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "d4915473e1096a82afdaee405189a0d0ae961bd11a9e5e9adc420dd64cb48c24" logic_hash = "be09b4bd612bb499044fe91ca4e1ab62405cf1e4d75b8e1da90e326d1c66e04f" score = 75 @@ -68793,8 +69169,8 @@ rule ELASTIC_Macos_Trojan_Bundlore_Cb7344Eb : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/MacOS_Trojan_Bundlore.yar#L161-L179" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/MacOS_Trojan_Bundlore.yar#L161-L179" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "53373668d8c5dc17f58768bf59fb5ab6d261a62d0950037f0605f289102e3e56" logic_hash = "6b5e868dfd14e9b1cdf3caeb1216764361b28c1dd38849526baf5dbdb1020d8d" score = 75 @@ -68822,8 +69198,8 @@ rule ELASTIC_Macos_Trojan_Bundlore_753E5738 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/MacOS_Trojan_Bundlore.yar#L181-L199" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/MacOS_Trojan_Bundlore.yar#L181-L199" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "42aeea232b28724d1fa6e30b1aeb8f8b8c22e1bc8afd1bbb4f90e445e31bdfe9" logic_hash = "7a6907b51c793e4182c1606eab6f2bcb71f0350a34aef93fa3f3a9f1a49961ba" score = 75 @@ -68851,8 +69227,8 @@ rule ELASTIC_Macos_Trojan_Bundlore_7B9F0C28 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/MacOS_Trojan_Bundlore.yar#L201-L219" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/MacOS_Trojan_Bundlore.yar#L201-L219" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "fc4da125fed359d3e1740dafaa06f4db1ffc91dbf22fd5e7993acf8597c4c283" logic_hash = "32abbb76c866e3a555ee6a9c39f62a0712f641959b66068abfb4379baa9a9da9" score = 75 @@ -68880,8 +69256,8 @@ rule ELASTIC_Windows_Trojan_Danabot_6F3Dadb2 : FILE MEMORY date = "2021-08-15" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Danabot.yar#L1-L26" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Danabot.yar#L1-L26" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "716e5a3d29ff525aed30c18061daff4b496f3f828ba2ac763efd857062a42e96" logic_hash = "b9c895be9eab775726abd2c13256d598c5b79bceb2d652c30b1df4cfc37e4b93" score = 75 @@ -68907,6 +69283,37 @@ rule ELASTIC_Windows_Trojan_Danabot_6F3Dadb2 : FILE MEMORY condition: all of them } +rule ELASTIC_Windows_Exploit_Rpcjunction_0405253B : FILE +{ + meta: + description = "Detects Windows Exploit Rpcjunction (Windows.Exploit.RpcJunction)" + author = "Elastic Security" + id = "0405253b-d91f-420e-b2e5-7f4aebeb7709" + date = "2024-02-28" + modified = "2024-03-21" + reference = "https://github.com/elastic/protections-artifacts/" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Exploit_RpcJunction.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" + hash = "05588fe3d2aae1273e9d0b0ac00c867d92bcdea41c33661760dcbe84439e7949" + logic_hash = "c663285d81e00bf6b028cdb043da3c6d5033a0c100d9c626acfa26d67bc1c093" + score = 75 + quality = 75 + tags = "FILE" + fingerprint = "bd5f1c040f6fcf16e507d2c3cb94013ea17d85b2428b85ba1d84005cc44739ec" + severity = 100 + arch_context = "x86" + scan_context = "file" + license = "Elastic License v2" + os = "windows" + + strings: + $s1 = "NtSetInformationFile" + $s2 = "DefineDosDevice" + $s3 = "\\GLOBALROOT\\RPC Control\\" wide nocase + + condition: + all of them +} rule ELASTIC_Linux_Virus_Gmon_E544D891 : FILE MEMORY { meta: @@ -68916,8 +69323,8 @@ rule ELASTIC_Linux_Virus_Gmon_E544D891 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Virus_Gmon.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Virus_Gmon.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "d0fe377664aa0bc0d1fd3a307650f211dd3ef2e2f04597abee465e836e6a6f32" logic_hash = "6dcfd51aaa79d7bac0100d9c891aa4275b8e1f7614cda46a5da4c738d376c729" score = 75 @@ -68945,8 +69352,8 @@ rule ELASTIC_Linux_Virus_Gmon_192Bd9B3 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Virus_Gmon.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Virus_Gmon.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "d0fe377664aa0bc0d1fd3a307650f211dd3ef2e2f04597abee465e836e6a6f32" logic_hash = "3df275349d14a845c73087375f96e0c9a069ff685beb89249590ef9448e50373" score = 75 @@ -68974,8 +69381,8 @@ rule ELASTIC_Windows_Trojan_Bruteratel_1916686D : FILE MEMORY date = "2022-06-23" modified = "2022-12-01" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_BruteRatel.yar#L1-L31" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_BruteRatel.yar#L1-L31" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "e0e7b8ba2865fc76845b21aa3e075ceab98888635a60bd722c0c81e0f4fcf58c" score = 75 quality = 75 @@ -69015,8 +69422,8 @@ rule ELASTIC_Windows_Trojan_Bruteratel_9B267F96 : FILE MEMORY date = "2022-06-23" modified = "2022-07-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_BruteRatel.yar#L33-L57" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_BruteRatel.yar#L33-L57" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "fbaaf4bf2462119b39a5df90b91fb831be3e602b926cd893374a5dddf48f029d" score = 75 quality = 75 @@ -69050,8 +69457,8 @@ rule ELASTIC_Windows_Trojan_Bruteratel_684A39F2 : FILE MEMORY date = "2023-01-24" modified = "2023-02-01" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_BruteRatel.yar#L59-L84" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_BruteRatel.yar#L59-L84" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "5f4782a34368bb661f413f33e2d1fb9f237b7f9637f2c0c21dc752316b02350c" logic_hash = "7cb74176e1dbdd248295649568d29c9d88841fcd0c16479b6b7efc71c4a1d706" score = 75 @@ -69086,8 +69493,8 @@ rule ELASTIC_Windows_Trojan_Bruteratel_Ade6C9D5 : FILE MEMORY date = "2023-01-24" modified = "2023-02-01" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_BruteRatel.yar#L86-L109" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_BruteRatel.yar#L86-L109" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "dc9757c9aa3aff76d86f9f23a3d20a817e48ca3d7294307cc67477177af5c0d4" logic_hash = "8ff8ed1e2b909606fe6aae3f43ad02898d7b3906c3d329a508f6d40490ec75a0" score = 60 @@ -69120,8 +69527,8 @@ rule ELASTIC_Windows_Trojan_Bruteratel_4110D879 : FILE MEMORY date = "2023-05-10" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_BruteRatel.yar#L111-L130" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_BruteRatel.yar#L111-L130" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "e0fbbc548fdb9da83a72ddc1040463e37ab6b8b544bf0d2b206bfff352175afe" logic_hash = "22c27523ddd8183c41da40f7ff908ae5bdee3b482c8a3f70aaa63a4c419e515b" score = 75 @@ -69150,8 +69557,8 @@ rule ELASTIC_Windows_Trojan_Bruteratel_5B12Cbab : FILE MEMORY date = "2024-02-21" modified = "2024-03-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_BruteRatel.yar#L132-L150" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_BruteRatel.yar#L132-L150" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "8165798fec8294523f25aedfc6699faad0c5d75f60bc7cefcbb2fa13dbc656e3" logic_hash = "b86296dafaef1dfa0a41704cafa351694abb0e453e104dfe06836ed599338f38" score = 75 @@ -69170,6 +69577,79 @@ rule ELASTIC_Windows_Trojan_Bruteratel_5B12Cbab : FILE MEMORY condition: all of them } +rule ELASTIC_Windows_Trojan_Bruteratel_5E383Ae0 : FILE MEMORY +{ + meta: + description = "Detects Windows Trojan Bruteratel (Windows.Trojan.BruteRatel)" + author = "Elastic Security" + id = "5e383ae0-c379-4a8b-938e-943fb1f3fd06" + date = "2024-03-27" + modified = "2024-05-08" + reference = "https://github.com/elastic/protections-artifacts/" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_BruteRatel.yar#L152-L184" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" + hash = "0b506ef32f58ee2b1e5701ca8e13c67584739ab1d00ee4a0c2f532c09a15836f" + logic_hash = "5d87ada1c609e23742c389f8153a9266c4db95be4a5e10b50979aebc993a45e0" + score = 75 + quality = 75 + tags = "FILE, MEMORY" + fingerprint = "4a32b644ae97dfefa8766aa86cd519733ca2827a4a24d6ba5d9ac650a3559abc" + severity = 100 + arch_context = "x86" + scan_context = "file, memory" + license = "Elastic License v2" + os = "windows" + + strings: + $a1 = "_imp_BadgerWcslen" + $a2 = "_imp_BadgerStrcmp" + $a3 = "_imp_BadgerDispatch" + $a4 = "_imp_BadgerStrlen" + $a5 = "_imp_BadgerMemset" + $a6 = "_imp_BadgerMemcpy" + $a7 = "_imp_BadgerWcscmp" + $a8 = "_imp_BadgerAlloc" + $a9 = "_imp_BadgerFree" + $a10 = "_imp_BadgerSetdebug" + $a11 = "_imp_BadgerGetBufferSize" + $b1 = "__imp_Kernel32$" + $b2 = "__imp_Ntdll$Nt" + $b3 = "__imp_Advapi32$" + $b4 = "__imp_NETAPI32$" + + condition: + 1 of ($a*) and 1 of ($b*) +} +rule ELASTIC_Windows_Trojan_Bruteratel_644Ac114 : FILE MEMORY +{ + meta: + description = "Detects Windows Trojan Bruteratel (Windows.Trojan.BruteRatel)" + author = "Elastic Security" + id = "644ac114-cc66-443e-9dd0-a591be99a86c" + date = "2024-04-17" + modified = "2024-05-08" + reference = "https://github.com/elastic/protections-artifacts/" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_BruteRatel.yar#L186-L205" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" + hash = "ace6a99d95ef859d4ab74db6900753e754273a12a34721f1aa8f1a9df3d8ec35" + logic_hash = "06ffea16a0348f2276f379db150b5f9d2dbdffbcb2eee83c55c27c837ecb1e69" + score = 75 + quality = 75 + tags = "FILE, MEMORY" + fingerprint = "471b2e5f0ae2a08accb90c602af5e892afc1f2a140b25db977df610123cf60be" + severity = 100 + arch_context = "x86" + scan_context = "file, memory" + license = "Elastic License v2" + os = "windows" + + strings: + $a = { 80 39 0F 75 ?? 80 79 01 05 75 ?? 80 79 02 C3 75 ?? 48 89 C8 C3 } + $b = { 80 79 01 8B 75 ?? 80 79 02 D1 75 ?? 41 80 F9 B8 75 ?? 80 79 06 00 75 ?? 0F B6 41 05 C1 E0 08 41 89 C0 0F B6 41 04 } + + condition: + all of them +} rule ELASTIC_Windows_Trojan_Fickerstealer_Cc02E75E : FILE MEMORY { meta: @@ -69179,8 +69659,8 @@ rule ELASTIC_Windows_Trojan_Fickerstealer_Cc02E75E : FILE MEMORY date = "2021-07-22" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Fickerstealer.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Fickerstealer.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "a4113ccb55e06e783b6cb213647614f039aa7dbb454baa338459ccf37897ebd6" logic_hash = "ccfd7edf7625c13eea5b88fa29f9b8d3d873688f328f3e52c0500ac722c84511" score = 75 @@ -69209,8 +69689,8 @@ rule ELASTIC_Windows_Trojan_Fickerstealer_F2159Bec : FILE MEMORY date = "2021-07-22" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Fickerstealer.yar#L22-L40" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Fickerstealer.yar#L22-L40" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "a4113ccb55e06e783b6cb213647614f039aa7dbb454baa338459ccf37897ebd6" logic_hash = "d36cb90b526a291858291d615272baa78881309c83376f4d4cce1768c740ddbc" score = 75 @@ -69238,8 +69718,8 @@ rule ELASTIC_Windows_Wiper_Isaacwiper_239Cd2Dc : FILE MEMORY date = "2022-03-04" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Wiper_IsaacWiper.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Wiper_IsaacWiper.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "13037b749aa4b1eda538fda26d6ac41c8f7b1d02d83f47b0d187dd645154e033" logic_hash = "102ffe215b1e1c39e1225cb39dfeb10a20a08c5b10f836490fc1501c6eb9e930" score = 75 @@ -69272,8 +69752,8 @@ rule ELASTIC_Windows_Ransomware_Snake_550E0265 : BETA FILE MEMORY date = "2020-06-30" modified = "2021-08-23" reference = "https://labs.sentinelone.com/new-snake-ransomware-adds-itself-to-the-increasing-collection-of-golang-crimeware/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Snake.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Snake.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "d9c2f6961a4ef560743060ed176bdc606561ca1b8270b8826cb0dbadaf4e5dbc" score = 75 quality = 75 @@ -69305,8 +69785,8 @@ rule ELASTIC_Windows_Ransomware_Snake_119F9C83 : BETA FILE MEMORY date = "2020-06-30" modified = "2021-08-23" reference = "https://labs.sentinelone.com/new-snake-ransomware-adds-itself-to-the-increasing-collection-of-golang-crimeware/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Snake.yar#L26-L46" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Snake.yar#L26-L46" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "cf6c81e7332acc798409a05a548460bad0ac3621402672c242e48a1b6bccdae6" score = 75 quality = 75 @@ -69335,8 +69815,8 @@ rule ELASTIC_Windows_Ransomware_Snake_20Bc5Abc : BETA FILE MEMORY date = "2020-06-30" modified = "2021-08-23" reference = "https://labs.sentinelone.com/new-snake-ransomware-adds-itself-to-the-increasing-collection-of-golang-crimeware/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Snake.yar#L48-L67" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Snake.yar#L48-L67" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "f3d8a523e04e516e8e059c9f13df355e6caf29a528cfebdf730e3a7d135e3351" score = 75 quality = 75 @@ -69364,8 +69844,8 @@ rule ELASTIC_Windows_Backdoor_Goldbackdoor_91902940 : FILE MEMORY date = "2022-04-29" modified = "2022-06-09" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Backdoor_Goldbackdoor.yar#L1-L26" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Backdoor_Goldbackdoor.yar#L1-L26" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "485246b411ef5ea9e903397a5490d106946a8323aaf79e6041bdf94763a0c028" logic_hash = "71e26cce6d730560e1303b2a4f49d0da6d1341263bb47ade46338f03e528cbf7" score = 75 @@ -69400,8 +69880,8 @@ rule ELASTIC_Windows_Backdoor_Goldbackdoor_F11D57Df : FILE MEMORY date = "2022-04-29" modified = "2022-06-09" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Backdoor_Goldbackdoor.yar#L28-L51" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Backdoor_Goldbackdoor.yar#L28-L51" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "45ece107409194f5f1ec2fbd902d041f055a914e664f8ed2aa1f90e223339039" logic_hash = "6401b215523289a3842dec6d3e016a2ca99512c5889e87cb5ff13023bb0b8e1e" score = 75 @@ -69434,8 +69914,8 @@ rule ELASTIC_Linux_Shellcode_Generic_5669055F : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Shellcode_Generic.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Shellcode_Generic.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "87ef4def16d956cdfecaea899cbb55ff59a6739bbb438bf44a8b5fec7fcfd85b" logic_hash = "735b8dc7fff3c9cc96646a4eb7c5afd70be19dcc821e9e26ce906681130746be" score = 75 @@ -69463,8 +69943,8 @@ rule ELASTIC_Linux_Shellcode_Generic_D2C96B1D : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Shellcode_Generic.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Shellcode_Generic.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "403d53a65bd77856f7c565307af5003b07413f2aba50869655cdd88ce15b0c82" logic_hash = "33d964e22c8e3046f114e8264d18e8b4a0e7b55eca59151b084db7eea07aa0b1" score = 75 @@ -69492,8 +69972,8 @@ rule ELASTIC_Linux_Shellcode_Generic_30C70926 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Shellcode_Generic.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Shellcode_Generic.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "a742e23f26726293b1bff3db72864471d6bb4062db1cc6e1c4241f51ec0e21b1" logic_hash = "3594994a911e5428198c472a51de189a6be74895170581ec577c49f8dbb9167a" score = 75 @@ -69521,8 +70001,8 @@ rule ELASTIC_Linux_Shellcode_Generic_224Bdcc4 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Shellcode_Generic.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Shellcode_Generic.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "bd22648babbee04555cef52bfe3e0285d33852e85d254b8ebc847e4e841b447e" logic_hash = "8c4a2bb63f0926e7373caf0a027179b4730cc589f9af66d2071e88f4165b0f73" score = 75 @@ -69550,8 +70030,8 @@ rule ELASTIC_Linux_Shellcode_Generic_99B991Cd : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Shellcode_Generic.yar#L81-L99" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Shellcode_Generic.yar#L81-L99" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "954b5a073ce99075b60beec72936975e48787bea936b4c5f13e254496a20d81d" logic_hash = "664e213314fe1d6f1920de237ebea3a94f7fbc42eff089475674ccef812f0f68" score = 75 @@ -69579,8 +70059,8 @@ rule ELASTIC_Linux_Shellcode_Generic_24B9Aa12 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Shellcode_Generic.yar#L101-L119" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Shellcode_Generic.yar#L101-L119" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "24b2c1ccbbbe135d40597fbd23f7951d93260d0039e0281919de60fa74eb5977" logic_hash = "4685253eb00a21d6dd6e874ff68209f20c8668262f24767086687555ccf934aa" score = 75 @@ -69608,8 +70088,8 @@ rule ELASTIC_Linux_Shellcode_Generic_8Ac37612 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Shellcode_Generic.yar#L121-L139" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Shellcode_Generic.yar#L121-L139" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "c199b902fa4b0fcf54dc6bf3e25ad16c12f862b47e055863a5e9e1f98c6bd6ca" logic_hash = "c0af751bc54dcd9cf834fa5fe9fa120be5e49a56135ebb72fd6073948e956929" score = 75 @@ -69637,8 +70117,8 @@ rule ELASTIC_Linux_Shellcode_Generic_932Ed0F0 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Shellcode_Generic.yar#L141-L159" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Shellcode_Generic.yar#L141-L159" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "f357597f718f86258e7a640250f2e9cf1c3363ab5af8ddbbabb10ebfa3c91251" logic_hash = "20ae3f1d96f8afd0900ac919eacaff3bd748a7466af5bb2b9f77cfdc4b8b829e" score = 75 @@ -69657,6 +70137,42 @@ rule ELASTIC_Linux_Shellcode_Generic_932Ed0F0 : FILE MEMORY condition: all of them } +rule ELASTIC_Windows_Trojan_Blackwood_2B94Bce9 : FILE MEMORY +{ + meta: + description = "Detects Windows Trojan Blackwood (Windows.Trojan.Blackwood)" + author = "Elastic Security" + id = "2b94bce9-a9cc-4b22-a9c7-2790553942b0" + date = "2024-03-22" + modified = "2024-05-08" + reference = "https://github.com/elastic/protections-artifacts/" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Blackwood.yar#L1-L26" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" + hash = "c37dd77f659059da7e12e13b063036ee69097a4d2f88c170832fff78f3788991" + logic_hash = "279e85ce3bb974ce5af541e7307cb2fd1031f36c9da013756883172a765b0e19" + score = 75 + quality = 75 + tags = "FILE, MEMORY" + fingerprint = "1162bd3cc0f30cd927f5f2d7d5703204ce8df0d627944222e2dc4ae42d1ea99a" + severity = 100 + arch_context = "x86" + scan_context = "file, memory" + license = "Elastic License v2" + os = "windows" + + strings: + $a1 = { 5F 8C FB 62 69 00 65 00 78 00 70 00 6C 00 6F 00 72 00 65 00 2E 00 65 00 78 00 65 00 } + $a2 = { C6 44 24 0C 6D C6 44 24 0D 73 C6 44 24 0E 68 C6 44 24 10 70 C6 44 24 11 2E C6 44 24 12 64 } + $a3 = { 6D 79 6E 73 70 2E 64 6C 6C 00 4E 53 50 43 6C 65 61 6E 75 70 00 4E 53 50 53 74 61 72 74 75 70 } + $b1 = "index.dat" + $b2 = "Mozilla/4.0 (compatible;MSIE 5.0; Windows 98)" + $b3 = "http://www.baidu.com/id=%s&ad=%d&os=%d.%d&t=%d" + $b4 = "SetEntriesInAcl Error %u" + $b5 = "AllocateAndInitializeSid Error %u" + + condition: + 1 of ($a*) or all of ($b*) +} rule ELASTIC_Macos_Virus_Maxofferdeal_53Df500F : FILE MEMORY { meta: @@ -69666,8 +70182,8 @@ rule ELASTIC_Macos_Virus_Maxofferdeal_53Df500F : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/MacOS_Virus_Maxofferdeal.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/MacOS_Virus_Maxofferdeal.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "ecd62ef880da057726ca55c6826ce4e1584ec6fc3afaabed7f66154fc39ffef8" logic_hash = "ed63c14e31c200f906b525c7ef1cd671511a89c8833cfa1a605fc9870fe91043" score = 75 @@ -69695,8 +70211,8 @@ rule ELASTIC_Macos_Virus_Maxofferdeal_F4681Eba : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/MacOS_Virus_Maxofferdeal.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/MacOS_Virus_Maxofferdeal.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "ecd62ef880da057726ca55c6826ce4e1584ec6fc3afaabed7f66154fc39ffef8" logic_hash = "cf478ec5313b40d74d110e4d6e97da5f671d5af331adc3ab059a69616e78c76c" score = 75 @@ -69724,8 +70240,8 @@ rule ELASTIC_Macos_Virus_Maxofferdeal_4091E373 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/MacOS_Virus_Maxofferdeal.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/MacOS_Virus_Maxofferdeal.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "c38c4bdd3c1fa16fd32db06d44d0db1b25bb099462f8d2936dbdd42af325b37c" logic_hash = "ce82f6d3a2e4b7ffe7010629bf91a9144a94e50513682a6c0622603d28248d51" score = 75 @@ -69753,8 +70269,8 @@ rule ELASTIC_Macos_Virus_Maxofferdeal_20A0091E : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/MacOS_Virus_Maxofferdeal.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/MacOS_Virus_Maxofferdeal.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "b00a61c908cd06dbc26bee059ba290e7ce2ad6b66c453ea272c7287ffa29c5ab" logic_hash = "bb90b7e1637fd86e91763b4801a0b3bb8a1b956f328d07e96cf1b26e42b1931b" score = 75 @@ -69782,8 +70298,8 @@ rule ELASTIC_Linux_Trojan_Ebury_7B13E9B6 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Ebury.yar#L1-L18" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Ebury.yar#L1-L18" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "30d126ffc5b782236663c23734f1eef21e1cc929d549a37bba8e1e7b41321111" score = 75 quality = 75 @@ -69810,8 +70326,8 @@ rule ELASTIC_Windows_Hacktool_Phant0M_2D6F9B57 : FILE MEMORY date = "2024-02-28" modified = "2024-03-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Hacktool_Phant0m.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Hacktool_Phant0m.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "30978aadd7d7bc86e735facb5046942792ad1beab6919754e6765e0ccbcf89d6" logic_hash = "a66f8779f77b216f7831617a34c008e4202f36e74f2866c9792cee34b804408d" score = 75 @@ -69844,8 +70360,8 @@ rule ELASTIC_Linux_Trojan_Ganiw_99349371 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Ganiw.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Ganiw.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "e8dbb246fdd1a50226a36c407ac90eb44b0cf5e92bf0b92c89218f474f9c2afb" logic_hash = "26160e855c63fc0b73e415de2fe058f2005df1ec5544d21865d022c5474df30c" score = 75 @@ -69873,8 +70389,8 @@ rule ELASTIC_Linux_Trojan_Ganiw_B9F045Aa : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Ganiw.yar#L21-L38" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Ganiw.yar#L21-L38" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "2565101b261bee22ddecf6898ff0ac8a114d09c822d8db26ba3e3571ebe06b12" score = 75 quality = 75 @@ -69901,8 +70417,8 @@ rule ELASTIC_Windows_Trojan_Netwire_6A7Df287 : FILE MEMORY date = "2021-06-28" modified = "2021-08-23" reference = "https://www.elastic.co/security-labs/netwire-dynamic-configuration-extraction" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Netwire.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Netwire.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "e6f446dbefd4469b6c4d24988dd6c9ccd331c8b36bdbc4aaf2e5fc49de2c3254" logic_hash = "d5f36e2a81cf0a9037267d39266b4c31ca9c07b05fb9772e296aeac2da6051a5" score = 75 @@ -69930,8 +70446,8 @@ rule ELASTIC_Windows_Trojan_Netwire_1B43Df38 : FILE MEMORY date = "2021-06-28" modified = "2021-08-23" reference = "https://www.elastic.co/security-labs/netwire-dynamic-configuration-extraction" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Netwire.yar#L22-L43" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Netwire.yar#L22-L43" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "e6f446dbefd4469b6c4d24988dd6c9ccd331c8b36bdbc4aaf2e5fc49de2c3254" logic_hash = "bb0eb1c1969bc1416e933822843293c5d41bf9bc3d402fa5dbdc3cdf2f4b394a" score = 75 @@ -69961,8 +70477,8 @@ rule ELASTIC_Windows_Trojan_Netwire_F85E4Abc : FILE MEMORY date = "2022-08-14" modified = "2022-09-29" reference = "https://www.elastic.co/security-labs/netwire-dynamic-configuration-extraction" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Netwire.yar#L45-L64" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Netwire.yar#L45-L64" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "ab037c87d8072c63dc22b22ff9cfcd9b4837c1fee2f7391d594776a6ac8f6776" logic_hash = "af8fc8fff2e1a0b6c87ac6d24fecf2e1cefe6313ec66da13fddd1be25c1c3d92" score = 75 @@ -69990,8 +70506,8 @@ rule ELASTIC_Windows_Trojan_Netwire_F42Cb379 : FILE MEMORY date = "2022-08-14" modified = "2022-09-29" reference = "https://www.elastic.co/security-labs/netwire-dynamic-configuration-extraction" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Netwire.yar#L66-L90" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Netwire.yar#L66-L90" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "ab037c87d8072c63dc22b22ff9cfcd9b4837c1fee2f7391d594776a6ac8f6776" logic_hash = "fc1436596987d3971a464e707ee6fd5689e7d2800df471c125c1e3f748537f5d" score = 75 @@ -70024,8 +70540,8 @@ rule ELASTIC_Windows_Trojan_Sythe_02B2811A : FILE MEMORY date = "2023-05-10" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Sythe.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Sythe.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "2d54a8ba40cc9a1c74db7a889bc75a38f16ae2d025268aa07851c1948daa1b4d" logic_hash = "ba472b35f583dd4cf125df575129d07de289d6d7dc12ecdcc518ce1eb9f18def" score = 75 @@ -70056,8 +70572,8 @@ rule ELASTIC_Windows_Ransomware_Makop_3Ac2C13C : FILE MEMORY date = "2021-08-05" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Makop.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Makop.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "854226fc4f5388d40cd9e7312797dd63739444d69a67e4126ef60817fa6972ad" logic_hash = "3fa7c506010a87ac97f415db32c21af091dff26fd912a8f9f5bb5e8d43a8da9e" score = 75 @@ -70085,8 +70601,8 @@ rule ELASTIC_Windows_Ransomware_Makop_3E388338 : FILE MEMORY date = "2021-08-05" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Makop.yar#L21-L44" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Makop.yar#L21-L44" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "854226fc4f5388d40cd9e7312797dd63739444d69a67e4126ef60817fa6972ad" logic_hash = "5a6e5fd725f3d042c0c95b42ad00c93965a49aa6bda6ec5383a239f18d74742e" score = 75 @@ -70119,8 +70635,8 @@ rule ELASTIC_Multi_Attacksimulation_Blindspot_D93F54C5 : FILE MEMORY date = "2022-05-23" modified = "2022-08-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Multi_AttackSimulation_Blindspot.yar#L1-L18" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Multi_AttackSimulation_Blindspot.yar#L1-L18" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "41984a0ad20ab21186252bb2f3f68604d2cbeea0e1ce22895dd163f7acbf2ca1" score = 75 quality = 75 @@ -70147,8 +70663,8 @@ rule ELASTIC_Linux_Cryptominer_Flystudio_579A3A4D : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Flystudio.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Flystudio.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "84afc47554cf42e76ef8d28f2d29c28f3d35c2876cec2fb1581b0ac7cfe719dd" logic_hash = "6579630a4fb6cf5bc8ccb2e4f93f5d549baa6ea9b742b2ee83a52f07352c4741" score = 75 @@ -70176,8 +70692,8 @@ rule ELASTIC_Linux_Cryptominer_Flystudio_0A370634 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Flystudio.yar#L21-L38" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Flystudio.yar#L21-L38" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "cf924ba45a7dba19fe571bb9da8c4896690c3ad02f732b759a10174b9f61883f" score = 75 quality = 75 @@ -70204,8 +70720,8 @@ rule ELASTIC_Windows_Ransomware_Rook_Ee21Fa67 : FILE MEMORY date = "2022-01-14" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Rook.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Rook.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "c2d46d256b8f9490c9599eea11ecef19fde7d4fdd2dea93604cee3cea8e172ac" logic_hash = "6fe19cfc572a3dceba5e26615d111a3c0fa1036e275a5640a5c5a8f8cdaf6dc1" score = 75 @@ -70233,8 +70749,8 @@ rule ELASTIC_Linux_Trojan_Pnscan_20E34E35 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Pnscan.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Pnscan.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "7dbd5b709f16296ba7dac66dc35b9c3373cf88452396d79d0c92d7502c1b0005" logic_hash = "1e69ef50d25ffd0f38ed0eb81ab3295822aa183c5e06f307caf02826b1dfa011" score = 75 @@ -70262,8 +70778,8 @@ rule ELASTIC_Linux_Trojan_Ircbot_Bb204B81 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Ircbot.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Ircbot.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "6147481d083c707dc98905a1286827a6e7009e08490e7d7c280ed5a6356527ad" logic_hash = "90d211c11281f5f8832210f3fc087fe5ff5a519b9b38628835e8b5fcc560bd9b" score = 75 @@ -70291,8 +70807,8 @@ rule ELASTIC_Linux_Trojan_Ircbot_7C60454D : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Ircbot.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Ircbot.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "14eeff3516de6d2cb11d6ada4026e3dcee1402940e3a0fb4fa224a5c030049d8" logic_hash = "90dcd0a3d3f6345e66db0a4f8465e3830eb4e3bcb675db16c60a89e20f935aec" score = 75 @@ -70320,8 +70836,8 @@ rule ELASTIC_Linux_Trojan_Xzbackdoor_74E87A9D : FILE MEMORY date = "2024-03-30" modified = "2024-03-31" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_XZBackdoor.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_XZBackdoor.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "5448850cdc3a7ae41ff53b433c2adbd0ff492515012412ee63a40d2685db3049" logic_hash = "da19960b104c1ab767c4578c75420f02242ebd8297ce0364e564025d7428e876" score = 75 @@ -70353,8 +70869,8 @@ rule ELASTIC_Windows_Trojan_Revengerat_Db91Bcc6 : FILE MEMORY date = "2021-09-02" modified = "2022-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Revengerat.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Revengerat.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "30d8f81a19976d67b495eb1324372598cc25e1e69179c11efa22025341e455bd" logic_hash = "1e33cb1d614aae0b2181ebaca694c69e7fc849b3a3b7ffff7059e8c43553f8cc" score = 75 @@ -70385,8 +70901,8 @@ rule ELASTIC_Windows_Trojan_Lokibot_1F885282 : FILE MEMORY date = "2021-06-22" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Lokibot.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Lokibot.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409" logic_hash = "c76941a83e18f11ed5af701e89616d324ddba613a95069997ea8f1830f328307" score = 75 @@ -70414,8 +70930,8 @@ rule ELASTIC_Windows_Trojan_Lokibot_0F421617 : FILE MEMORY date = "2021-07-20" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Lokibot.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Lokibot.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080" logic_hash = "0076ccbe43ae77e3a80164d43832643f077e659a595fff01c87694e2274c5e86" score = 75 @@ -70443,8 +70959,8 @@ rule ELASTIC_Windows_Vulndriver_Msio_Aa20A3C6 : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_VulnDriver_MsIo.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_VulnDriver_MsIo.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "2270a8144dabaf159c2888519b11b61e5e13acdaa997820c09798137bded3dd6" logic_hash = "3b383934dc91536f69e2c6cb2cf2054c5f8a08766ecf1d1804c57f3a2c39c1c2" score = 75 @@ -70472,8 +70988,8 @@ rule ELASTIC_Windows_Vulndriver_Msio_Ce0Bda23 : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_VulnDriver_MsIo.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_VulnDriver_MsIo.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "43ba8d96d5e8e54cab59d82d495eeca730eeb16e4743ed134cdd495c51a4fc89" logic_hash = "f7fbe0255a006cce42aff61b294512c11e1cceaf11d5c1b6f75b96fb3b155895" score = 75 @@ -70501,8 +71017,8 @@ rule ELASTIC_Windows_Ransomware_Bitpaymer_D74273B3 : BETA FILE MEMORY date = "2020-06-25" modified = "2021-08-23" reference = "https://www.welivesecurity.com/2018/01/26/friedex-bitpaymer-ransomware-work-dridex-authors/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Bitpaymer.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Bitpaymer.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "126246689b28e92ed10bfa6165f06ff7d4f0e062de7c58b821eaaf5e3cae9306" score = 75 quality = 75 @@ -70530,8 +71046,8 @@ rule ELASTIC_Windows_Ransomware_Bitpaymer_Bca25Ac6 : BETA FILE MEMORY date = "2020-06-25" modified = "2021-08-23" reference = "https://www.welivesecurity.com/2018/01/26/friedex-bitpaymer-ransomware-work-dridex-authors/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Bitpaymer.yar#L22-L48" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Bitpaymer.yar#L22-L48" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "7670f9dafacc8fc5998c1974af66ede388c0997545da067648fec4fd053f0001" score = 75 quality = 75 @@ -70566,8 +71082,8 @@ rule ELASTIC_Linux_Ransomware_Akira_02237952 : FILE MEMORY date = "2023-07-28" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Ransomware_Akira.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Ransomware_Akira.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "1d3b5c650533d13c81e325972a912e3ff8776e36e18bca966dae50735f8ab296" logic_hash = "a9b3cdddb3387251d7da90f32b08b9c1eedcdff1fe90d51f4732183666a6d467" score = 75 @@ -70598,8 +71114,8 @@ rule ELASTIC_Windows_Vulndriver_Asio_5F9F29Be : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_VulnDriver_AsIo.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_VulnDriver_AsIo.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "52a90fd1546c068b92add52c29fbb8a87d472a57e609146bbcb34862f9dcec15" logic_hash = "a901d81737c7e6d00e87f0eec758dd063eade59d9883e85e04a33bb18f2f99de" score = 75 @@ -70627,8 +71143,8 @@ rule ELASTIC_Linux_Cryptominer_Camelot_9Ac1654B : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Camelot.yar#L1-L18" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Camelot.yar#L1-L18" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "5de1f43803f3d3b94149ea39ed961e7b9a1ad86c15c5085e2e0a5f9c314e98ff" score = 75 quality = 75 @@ -70655,8 +71171,8 @@ rule ELASTIC_Linux_Cryptominer_Camelot_Dd167Aa0 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Camelot.yar#L20-L37" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Camelot.yar#L20-L37" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "88be4fbb337fa866e126021b40a01d86a33029071af7efc289a8c5490d21ea8a" score = 75 quality = 75 @@ -70683,8 +71199,8 @@ rule ELASTIC_Linux_Cryptominer_Camelot_B25398Dd : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Camelot.yar#L39-L57" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Camelot.yar#L39-L57" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "6fb3b77be0a66a10124a82f9ec6ad22247d7865a4d26aa49c5d602320318ce3c" logic_hash = "e7fdb3c573909e8f197417278a6d333cc3743b05257d81fed46769b185354183" score = 75 @@ -70712,8 +71228,8 @@ rule ELASTIC_Linux_Cryptominer_Camelot_6A279F19 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Camelot.yar#L59-L77" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Camelot.yar#L59-L77" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "5b01f72b2c53db9b8f253bb98c6584581ebd1af1b1aaee62659f54193c269fca" logic_hash = "91e3c0d96fe5ab9c61b38f01d39639020ec459bec6348b1f87a2c5b1a874e24a" score = 75 @@ -70741,8 +71257,8 @@ rule ELASTIC_Linux_Cryptominer_Camelot_4E7945A4 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Camelot.yar#L79-L97" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Camelot.yar#L79-L97" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "b7504ce57787956e486d951b4ff78d73807fcc2a7958b172febc6d914e7a23a7" logic_hash = "aebc544076954fcce917e026467a8828b18446ce7c690b4c748562e311b7d491" score = 75 @@ -70770,8 +71286,8 @@ rule ELASTIC_Linux_Cryptominer_Camelot_29C1C386 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Camelot.yar#L99-L117" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Camelot.yar#L99-L117" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "fc73bbfb12c64d2f20efa22a6d8d8c5782ef57cb0ca6d844669b262e80db2444" logic_hash = "1a3a9065cbb59658c06dfbfc622ccd2e577e988370ffe47848a5859f96db4e24" score = 75 @@ -70799,8 +71315,8 @@ rule ELASTIC_Linux_Cryptominer_Camelot_25B63F54 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Camelot.yar#L119-L136" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Camelot.yar#L119-L136" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "640ffe2040e382ad536c1b6947e05f8c25ff82897ef7ac673a7676815856a346" score = 75 quality = 75 @@ -70827,8 +71343,8 @@ rule ELASTIC_Linux_Cryptominer_Camelot_73E2373E : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Camelot.yar#L138-L156" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Camelot.yar#L138-L156" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "fc73bbfb12c64d2f20efa22a6d8d8c5782ef57cb0ca6d844669b262e80db2444" logic_hash = "2377da6667860dc7204760ee64213cba95909c9181bd1a3ea96c3ad29988c9f7" score = 75 @@ -70856,8 +71372,8 @@ rule ELASTIC_Linux_Cryptominer_Camelot_B8552Fff : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Camelot.yar#L158-L176" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Camelot.yar#L158-L176" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "cdd3d567fbcbdd6799afad241ae29acbe4ab549445e5c4fc0678d16e75b40dfa" logic_hash = "476b800422b6d98405d8bde727bb589c5cae36723436b269beaa65381b3d0abe" score = 75 @@ -70885,8 +71401,8 @@ rule ELASTIC_Linux_Cryptominer_Camelot_83550472 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Camelot.yar#L178-L196" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Camelot.yar#L178-L196" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "d2d8421ffdcebb7fed00edcf306ec5e86fc30ad3e87d55e85b05bea5dc1f7d63" logic_hash = "f62d4a2a7dfb312b2e362844bfa29bd4453a05f31b4f72550ef29ff40ed6fb9d" score = 75 @@ -70914,8 +71430,8 @@ rule ELASTIC_Linux_Cryptominer_Camelot_8799D8D6 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Camelot.yar#L198-L216" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Camelot.yar#L198-L216" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "4a6d98eae8951e5b9e0a226f1197732d6d14ed45c1b1534d3cdb4413261eb352" logic_hash = "4bcd7931aeed09069d5dd248a66f119a2bdf628e03b9abed9ee2de59a149c2bc" score = 75 @@ -70943,8 +71459,8 @@ rule ELASTIC_Linux_Cryptominer_Camelot_0F7C5375 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Camelot.yar#L218-L236" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Camelot.yar#L218-L236" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "e75be5377ad65abdc69e6c7f9fe17429a98188a217d0ca3a6f40e75c4f0c07e8" logic_hash = "05f4b16a7e4c7ffbc6b8a2f60050a4ac1d05d9efbe948e2da689055f6383cf82" score = 75 @@ -70972,8 +71488,8 @@ rule ELASTIC_Linux_Cryptominer_Camelot_87639Dbd : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Camelot.yar#L238-L256" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Camelot.yar#L238-L256" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "d2d8421ffdcebb7fed00edcf306ec5e86fc30ad3e87d55e85b05bea5dc1f7d63" logic_hash = "b81af8c9baee999b91e63f97d5a46451d9960487b25b04079df5539f857be466" score = 75 @@ -71001,8 +71517,8 @@ rule ELASTIC_Linux_Cryptominer_Camelot_Cdd631C1 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Camelot.yar#L258-L276" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Camelot.yar#L258-L276" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "91549c171ae7f43c1a85a303be30169932a071b5c2b6cf3f4913f20073c97897" logic_hash = "5e4b26a74fc3737c068917c7c1228048f885ac30fc326a2844611f7e707d1300" score = 75 @@ -71030,8 +71546,8 @@ rule ELASTIC_Linux_Cryptominer_Camelot_209B02Dd : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Camelot.yar#L278-L296" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Camelot.yar#L278-L296" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "60d33d1fdabc6b10f7bb304f4937051a53d63f39613853836e6c4d095343092e" logic_hash = "5cadc955242d4b7d5fd4365a0b425051d89c905e3d49ea03967150de0020225c" score = 75 @@ -71059,8 +71575,8 @@ rule ELASTIC_Windows_Vulndriver_Elrawdisk_F9Fd1A80 : FILE date = "2022-10-07" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_VulnDriver_ElRawDisk.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_VulnDriver_ElRawDisk.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "ed4f2b3db9a79535228af253959a0749b93291ad8b1058c7a41644b73035931b" logic_hash = "43f9f1f6ad6c1defe2f0d6dd0cd380bea1a8ead19bc0bf203bdfe4f83b9c284d" score = 75 @@ -71088,8 +71604,8 @@ rule ELASTIC_Linux_Exploit_Pulse_2Bea17E8 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_Pulse.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_Pulse.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "c29cb4c2d83127cf4731573a7fac531f90f27799857f5e250b9f71362108f559" logic_hash = "bc71efa6cc79171666d89fe3e755411ee8032f56ae5bd73e0de440eee5b718ab" score = 75 @@ -71117,8 +71633,8 @@ rule ELASTIC_Linux_Exploit_Pulse_246E6F31 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_Pulse.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_Pulse.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "c29cb4c2d83127cf4731573a7fac531f90f27799857f5e250b9f71362108f559" logic_hash = "f6755f10863b78303899cefcd81f609884fbbf2dffabd9219686ed869f2cc7e3" score = 75 @@ -71146,8 +71662,8 @@ rule ELASTIC_Linux_Exploit_Abrox_5641Ba81 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_Abrox.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_Abrox.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "8de96c8e61536cae870f4a24127d28b86bd8122428bf13965c596f92182625aa" logic_hash = "29c894720c8d9134623427768ab1ab3d5e66fbeae86dd957f449d00091db9019" score = 75 @@ -71175,8 +71691,8 @@ rule ELASTIC_Windows_Trojan_Njrat_30F3C220 : FILE MEMORY date = "2021-06-13" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Njrat.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Njrat.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b" logic_hash = "76347165829415646f943bb984cd17ca138cf238d03f114c498dbcec081d5ae3" score = 75 @@ -71209,8 +71725,8 @@ rule ELASTIC_Windows_Trojan_Njrat_Eb2698D2 : FILE MEMORY date = "2023-05-04" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Njrat.yar#L26-L44" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Njrat.yar#L26-L44" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "d537397bc41f0a1cb964fa7be6658add5fe58d929ac91500fc7770c116d49608" logic_hash = "c32a641f2d639f56a8137b3e0d0be3261fba30084eeba9d1205974713413af9f" score = 75 @@ -71238,8 +71754,8 @@ rule ELASTIC_Windows_Vulndriver_Toshibabios_2891972A : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_VulnDriver_ToshibaBios.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_VulnDriver_ToshibaBios.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "314384b40626800b1cde6fbc51ebc7d13e91398be2688c2a58354aa08d00b073" logic_hash = "c253181a754f421ee36ced994412672770497756848d78d557907957486e711b" score = 75 @@ -71269,8 +71785,8 @@ rule ELASTIC_Windows_Hacktool_Sharpdump_7C17D8B1 : FILE MEMORY date = "2022-10-20" modified = "2022-11-24" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Hacktool_SharpDump.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Hacktool_SharpDump.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "14c3ea569a1bd9ac3aced4f8dd58314532dbf974bfa359979e6c7b6a4bbf41ca" logic_hash = "10ca29b097d9f1cef27349751e8f1e584ead1056a636224a80f00823ca878c13" score = 75 @@ -71302,8 +71818,8 @@ rule ELASTIC_Linux_Trojan_Meterpreter_A82F5D21 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Meterpreter.yar#L1-L18" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Meterpreter.yar#L1-L18" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "d76886222de7292e8a76717f6d49452f52aaffb957bb0326bcfc7a35c3fdfc6a" score = 75 quality = 75 @@ -71330,8 +71846,8 @@ rule ELASTIC_Linux_Trojan_Meterpreter_383C6708 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Meterpreter.yar#L20-L38" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Meterpreter.yar#L20-L38" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "d9d607f0bbc101f7f6dc0f16328bdd8f6ddb8ae83107b7eee34e1cc02072cb15" logic_hash = "b0fd479722ab0808a4709cbacbb874282c48a425f4dbdaec9f74bc7f839c82e4" score = 75 @@ -71359,8 +71875,8 @@ rule ELASTIC_Linux_Trojan_Meterpreter_621054Fe : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Meterpreter.yar#L40-L57" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Meterpreter.yar#L40-L57" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "18f22bb0aa66ec2ecdaa9ca0e0d00ee59a2c9a3f231bd71915140e4464a4ea78" score = 75 quality = 75 @@ -71387,8 +71903,8 @@ rule ELASTIC_Linux_Trojan_Meterpreter_1Bda891E : FILE MEMORY date = "2021-12-13" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Meterpreter.yar#L59-L76" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Meterpreter.yar#L59-L76" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "74e7547472117de20159f5b158cee0ccacc02a9aba5e5ad64a52c552c966d539" score = 75 quality = 75 @@ -71415,8 +71931,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrminer_70C153B5 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Xmrminer.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Xmrminer.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "55b133ba805bb691dc27a5d16d3473650360c988e48af8adc017377eed07935b" logic_hash = "e2fc0721435c656a16e59b6747563df17f0f54a4620efc403a3bba717ccb0f38" score = 75 @@ -71444,8 +71960,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrminer_98B00F9C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Xmrminer.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Xmrminer.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "c01b88c5d3df7ce828e567bd8d639b135c48106e388cd81497fcbd5dcf30f332" logic_hash = "cf8c5deddf22e7699cd880bd3f9f28721db5ece6705be4f932e1d041893eef71" score = 75 @@ -71473,8 +71989,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrminer_2B250178 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Xmrminer.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Xmrminer.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "636605cf63d3e335fe9481d4d110c43572e9ab365edfa2b6d16d96b52d6283ef" logic_hash = "067705c52de710372b4a2a3b77427106068ad2d9a8e56602e315d09e7b8b6206" score = 75 @@ -71502,8 +72018,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrminer_67Bf4B54 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Xmrminer.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Xmrminer.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "9d33fba4fda6831d22afc72bf3d6d5349c5393abb3823dfa2a5c9e391d2b9ddf" logic_hash = "448f5b9dc3c17984464c15f6d542f495a52b0531acc362dedfe3d1a20b932969" score = 75 @@ -71531,8 +72047,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrminer_504B42Ca : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Xmrminer.yar#L81-L98" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Xmrminer.yar#L81-L98" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "dd3ed5350e0229ac714178a30de28893c30708734faec329c776e189493cf930" score = 75 quality = 75 @@ -71559,8 +72075,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrminer_D1Bb752F : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Xmrminer.yar#L100-L118" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Xmrminer.yar#L100-L118" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "bea55bc9495ee51c78ceedadf3a685ea9d6dd428170888c67276c100d4d94beb" logic_hash = "47aa5516350d5c00d1387649df46ce8f09d87bdfafeaa4cbf1c3ef5f2e0b9023" score = 75 @@ -71588,8 +72104,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrminer_D625Fcd2 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Xmrminer.yar#L120-L137" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Xmrminer.yar#L120-L137" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "b95b66392e1a07e0b6acd718a9501cede76e57561e69701e9e881bd3fbd3fe39" score = 75 quality = 75 @@ -71616,8 +72132,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrminer_02D19C01 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Xmrminer.yar#L139-L157" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Xmrminer.yar#L139-L157" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "b6df662f5f7566851b95884c0058e7476e49aeb7a96d2aa203393d88e584972f" logic_hash = "43a1dc49bf75cd13637c37290d47b4d6fc1b2c2ac252b64725c0c64e1dd745c6" score = 75 @@ -71645,8 +72161,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrminer_2Dd045Fc : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Xmrminer.yar#L159-L177" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Xmrminer.yar#L159-L177" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "30a77ab582f0558829a78960929f657a7c3c03c2cf89cd5a0f6934b79a74b7a4" logic_hash = "fa23ca75027f7a5e73652173c9e84112a0b5cd3008fc453fdb33c980dc7b7b24" score = 75 @@ -71674,8 +72190,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrminer_D1A814B0 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Xmrminer.yar#L179-L197" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Xmrminer.yar#L179-L197" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "bea55bc9495ee51c78ceedadf3a685ea9d6dd428170888c67276c100d4d94beb" logic_hash = "a06f5d5be87153be1253c2e20a60fa36701a745813926be03ee466ce8e2285b0" score = 75 @@ -71703,8 +72219,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrminer_C6218E30 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Xmrminer.yar#L199-L217" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Xmrminer.yar#L199-L217" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "b43ddd8e355b0c538c123c43832e7c8c557e4aee9e914baaed0866ee5d68ee55" logic_hash = "3efbc3cb1591a9340df10640b411a9ab4c41e0aa26c1677d9def8b82e4c246f4" score = 75 @@ -71732,8 +72248,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrminer_B17A7888 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Xmrminer.yar#L219-L237" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Xmrminer.yar#L219-L237" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "65c9fdd7c559554af06cd394dcebece1bc0fdc7dd861929a35c74547376324a6" logic_hash = "a7f6daa5c42d186d2c5a027fdb35b45287c3564a7b57b8a2f53659e6ca90602a" score = 75 @@ -71761,8 +72277,8 @@ rule ELASTIC_Linux_Exploit_Ramen_01B205Eb : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_Ramen.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_Ramen.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "c0b6303300f38013840abe17abe192db6a99ace78c83bc7ef705f5c568bc98fd" logic_hash = "e477e93434db9e650f159995f2cb754394f3187dc341d2ea4c2466924e19a8a6" score = 75 @@ -71790,8 +72306,8 @@ rule ELASTIC_Windows_Trojan_Darkvnc_Bd803C2E : FILE MEMORY date = "2023-01-23" modified = "2023-02-01" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_DarkVNC.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_DarkVNC.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "0fcc1b02fdaf211c772bd4fa1abcdeb5338d95911c226a9250200ff7f8e45601" logic_hash = "d9e8a42a424d6a186939682e1cd2ed794c8a3765824188e863b1b2829650e2d5" score = 75 @@ -71823,8 +72339,8 @@ rule ELASTIC_Linux_Hacktool_Lightning_D9A9173A : FILE MEMORY date = "2022-11-08" modified = "2024-02-13" reference = "https://www.intezer.com/blog/research/lightning-framework-new-linux-threat/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Hacktool_Lightning.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Hacktool_Lightning.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "48f9471c20316b295704e6f8feb2196dd619799edec5835734fc24051f45c5b7" logic_hash = "93961d9771aa4e828e15923064a848291c7814ad4e15e30cd252fc41523d789e" score = 75 @@ -71855,8 +72371,8 @@ rule ELASTIC_Linux_Hacktool_Lightning_E87C9D50 : FILE MEMORY date = "2022-11-08" modified = "2024-02-13" reference = "https://www.intezer.com/blog/research/lightning-framework-new-linux-threat/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Hacktool_Lightning.yar#L25-L48" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Hacktool_Lightning.yar#L25-L48" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "fd285c2fb4d42dde23590118dba016bf5b846625da3abdbe48773530a07bcd1e" logic_hash = "455ecf97e7becaf9c40843f8a3f60ec233d35e0061c6994f168428a8835c1b20" score = 75 @@ -71888,8 +72404,8 @@ rule ELASTIC_Linux_Hacktool_Lightning_3Bcac358 : FILE MEMORY date = "2022-11-08" modified = "2024-02-13" reference = "https://www.intezer.com/blog/research/lightning-framework-new-linux-threat/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Hacktool_Lightning.yar#L50-L72" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Hacktool_Lightning.yar#L50-L72" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "ad16989a3ebf0b416681f8db31af098e02eabd25452f8d781383547ead395237" logic_hash = "f260372b9f2ea32f93ff7a30dc8239766e713a1e177a483444b14538741c24af" score = 75 @@ -71920,8 +72436,8 @@ rule ELASTIC_Windows_Trojan_Sliver_46525B49 : FILE MEMORY date = "2023-05-09" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Sliver.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Sliver.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "ecce5071c28940a1098aca3124b3f82e0630c4453f4f32e1b91576aac357ac9c" logic_hash = "6e61d82b191a740882bcfeac2f2cf337e19ace7b05784ff041b6af2f79ed8809" score = 75 @@ -71950,8 +72466,8 @@ rule ELASTIC_Windows_Trojan_Sliver_C9Cae357 : FILE MEMORY date = "2023-05-10" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Sliver.yar#L22-L40" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Sliver.yar#L22-L40" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "27210d8d6e16c492c2ee61a59d39c461312f5563221ad4a0917d4e93b699418e" logic_hash = "fea862352981787055961b1171de9b69a9c13d246f434809c8f4416d5c49a0ff" score = 75 @@ -71979,8 +72495,8 @@ rule ELASTIC_Windows_Trojan_Sliver_1Dd6D9C2 : FILE MEMORY date = "2023-05-10" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Sliver.yar#L42-L61" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Sliver.yar#L42-L61" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "dc508a3e9ea093200acfc1ceebebb2b56686f4764fd8c94ab8c58eec7ee85c8b" logic_hash = "5ef70322a6ee3dec609d2881b7624d25bc0297a2e6f43ac60834745e6a258cf3" score = 75 @@ -72009,8 +72525,8 @@ rule ELASTIC_Windows_Vulndriver_Winio_C9Cc6D00 : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_VulnDriver_WinIo.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_VulnDriver_WinIo.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "e1980c6592e6d2d92c1a65acad8f1071b6a404097bb6fcce494f3c8ac31385cf" logic_hash = "4b6a78c2c807cf1f569ae9bc275d42d9c895efba7a2d64fec0652e3cb163d553" score = 75 @@ -72038,8 +72554,8 @@ rule ELASTIC_Windows_Vulndriver_Winio_B0F21A70 : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_VulnDriver_WinIo.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_VulnDriver_WinIo.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "9fc29480407e5179aa8ea41682409b4ea33f1a42026277613d6484e5419de374" logic_hash = "c82d95e805898f9a9a1ffccb483e506df0a53dc420068314e7c724e4947f3572" score = 75 @@ -72067,8 +72583,8 @@ rule ELASTIC_Linux_Ransomware_Quantum_8513Fb8B : FILE MEMORY date = "2023-07-28" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Ransomware_Quantum.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Ransomware_Quantum.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "3bcb9ad92fdca53195f390fc4d8d721b504b38deeda25c1189a909a7011406c9" logic_hash = "7e24be541bafc2427ecd8f76b7774fb65d7421bc300503eeb068b8104e168c70" score = 75 @@ -72097,8 +72613,8 @@ rule ELASTIC_Windows_Trojan_Lobshot_013C1B0B : FILE MEMORY date = "2023-04-18" modified = "2023-04-23" reference = "https://www.elastic.co/security-labs/elastic-security-labs-discovers-lobshot-malware" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Lobshot.yar#L1-L30" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Lobshot.yar#L1-L30" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "e4ea88887753a936eaf3361dcc00380b88b0c210dcbde24f8f7ce27991856bf6" logic_hash = "e1fb245c3441c9bd393a47a9bed01bf7f62aa3ec36d460584d75e326e7e92ad4" score = 75 @@ -72136,8 +72652,8 @@ rule ELASTIC_Linux_Ransomware_Conti_53A640F4 : FILE MEMORY date = "2022-09-22" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Ransomware_Conti.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Ransomware_Conti.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "8b57e96e90cd95fc2ba421204b482005fe41c28f506730b6148bcef8316a3201" logic_hash = "b83a47664d8acce7de17ac5972d9fd5e708c8cd3d8ebedc2bacf1397fd25f5d3" score = 75 @@ -72165,8 +72681,8 @@ rule ELASTIC_Linux_Ransomware_Conti_A89C26Cf : FILE MEMORY date = "2023-07-30" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Ransomware_Conti.yar#L21-L42" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Ransomware_Conti.yar#L21-L42" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "95776f31cbcac08eb3f3e9235d07513a6d7a6bf9f1b7f3d400b2cf0afdb088a7" logic_hash = "301f3f3ece06a1cd6788db6e3003497b27470780eaaad95f40ed926e7623793e" score = 75 @@ -72197,8 +72713,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_C851687A : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_CobaltStrike.yar#L1-L37" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_CobaltStrike.yar#L1-L37" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "7fac6fb24ac18bd69dd9f8f4090c4a77d1cc6554b6ae5c846e32d7666e5a1971" score = 75 quality = 25 @@ -72244,8 +72760,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_0B58325E : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_CobaltStrike.yar#L39-L77" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_CobaltStrike.yar#L39-L77" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "3822431e946fcc38c700cc8ce213e95f33a155d7f38b6ab2a24cb998d42c8521" score = 75 quality = 73 @@ -72293,8 +72809,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_2B8Cddf8 : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_CobaltStrike.yar#L79-L114" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_CobaltStrike.yar#L79-L114" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "5502c06d33b93bae3bc25ba7dd6a5a9a3b0b2b43bb7e867e601ecb206bf503ed" score = 75 quality = 43 @@ -72339,8 +72855,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_59B44767 : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_CobaltStrike.yar#L116-L142" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_CobaltStrike.yar#L116-L142" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "7027d0dcbdb1961d2604f29392a923957d298a047c268553599ea8c881f76a98" score = 75 quality = 69 @@ -72376,8 +72892,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_7Efd3C3F : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_CobaltStrike.yar#L144-L168" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_CobaltStrike.yar#L144-L168" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "45a0aaba6c1be016fc5f4051680ee7e3aa62e8a5d9730b7adab08c14ae37da24" score = 75 quality = 75 @@ -72411,8 +72927,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_6E971281 : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_CobaltStrike.yar#L170-L201" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_CobaltStrike.yar#L170-L201" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "f204965c0118dbdfe7e134d319c92b30d22585e888609ff31df90643116a2c38" score = 75 quality = 51 @@ -72453,8 +72969,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_09B79Efa : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_CobaltStrike.yar#L203-L232" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_CobaltStrike.yar#L203-L232" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "75fd003b9adf03aff8479b1b10da9c94955870b5fa4f1958f870e14acb2793c7" score = 75 quality = 48 @@ -72493,8 +73009,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_6E77233E : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_CobaltStrike.yar#L234-L269" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_CobaltStrike.yar#L234-L269" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "93aa11523b794402b257d02d4f9edc5ad320bfdb5b8b0f671ff08f399ef9e674" score = 75 quality = 63 @@ -72539,8 +73055,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_De42495A : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_CobaltStrike.yar#L271-L301" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_CobaltStrike.yar#L271-L301" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "2a13c73d221d80d25a432f9e0a1387153a78f58719066586e9d80d17613293ef" score = 75 quality = 75 @@ -72580,8 +73096,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_72F68375 : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_CobaltStrike.yar#L303-L328" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_CobaltStrike.yar#L303-L328" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "912e37829a9f99e00326745343c9e4593cd7cfb8d4dfafc66027cddcb4d883be" score = 75 quality = 63 @@ -72616,8 +73132,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_15F680Fb : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_CobaltStrike.yar#L330-L360" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_CobaltStrike.yar#L330-L360" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "0efe368ad82f5b0f6301121bfda9fd049b008ac246368bfa22bd976fa2c56b79" score = 75 quality = 75 @@ -72657,8 +73173,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_5B4383Ec : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_CobaltStrike.yar#L362-L392" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_CobaltStrike.yar#L362-L392" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "033bd831209958674f6309739d65c58d05acb9d17e53cede1cf171c6d6e84efa" score = 75 quality = 75 @@ -72698,8 +73214,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_91E08059 : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_CobaltStrike.yar#L394-L421" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_CobaltStrike.yar#L394-L421" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "d5a8c1a0baa5e915cff29bcac33e30a7d7260f938ecaa6171d3aa88425a69266" score = 75 quality = 75 @@ -72736,8 +73252,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_Ee756Db7 : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_CobaltStrike.yar#L423-L491" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_CobaltStrike.yar#L423-L491" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "8d594aa1b889e80000cfcedbfc470a1b768bdcc2a9c436cd449b495c91011918" score = 75 quality = 50 @@ -72815,8 +73331,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_9C0D5561 : FILE MEMORY date = "2021-03-23" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_CobaltStrike.yar#L493-L523" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_CobaltStrike.yar#L493-L523" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "a8929266950e0f540a68c4fedf708e8ddc27f208f9f2866245ad7bb7f6d87913" score = 75 quality = 75 @@ -72856,8 +73372,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_59Ed9124 : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_CobaltStrike.yar#L525-L560" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_CobaltStrike.yar#L525-L560" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "a50fd291f5f1bf7ec41b1938a32473a23c3c082018b86eab87aff0d95b26ba06" score = 75 quality = 43 @@ -72902,8 +73418,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_8A791Eb7 : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_CobaltStrike.yar#L562-L597" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_CobaltStrike.yar#L562-L597" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "d1765e6cac9b1560d6484baa1fa5a1bc0b768a72b389c7c6a60e34115669933e" score = 75 quality = 43 @@ -72948,8 +73464,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_D00573A3 : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_CobaltStrike.yar#L599-L625" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_CobaltStrike.yar#L599-L625" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "e458d41d28b76c989af6385f183f33aa9e11b93e529f032e95bd75433b80bd69" score = 75 quality = 75 @@ -72985,8 +73501,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_7Bcd759C : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_CobaltStrike.yar#L627-L648" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_CobaltStrike.yar#L627-L648" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "bfbb8e8009182e87c49242ec3da6e98b23447b646f5c7ea5f97196ae929d7c5f" score = 75 quality = 75 @@ -73017,8 +73533,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_A56B820F : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_CobaltStrike.yar#L650-L685" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_CobaltStrike.yar#L650-L685" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "52de8110727c29b0f5c75cd470ce6b80ba7821d0ba78ad074536323e2e80b460" score = 75 quality = 43 @@ -73063,8 +73579,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_92F05172 : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_CobaltStrike.yar#L687-L716" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_CobaltStrike.yar#L687-L716" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "7f0ff4ee14a043d72810826ab9d2b90b0f66724550ba9d3cdd2abe749f4874d0" score = 75 quality = 63 @@ -73103,8 +73619,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_417239B5 : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_CobaltStrike.yar#L718-L764" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_CobaltStrike.yar#L718-L764" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "fda252747359e677459d82d65c4c9c8f2ff80bc8fd6a38712f858039f3cb8dd1" score = 75 quality = 51 @@ -73160,8 +73676,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_29374056 : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_CobaltStrike.yar#L766-L785" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_CobaltStrike.yar#L766-L785" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "09755b23a7057c70f3ea242ec48549de65ebc6f13bdc38cbe22d6d758c3718cf" score = 75 quality = 75 @@ -73190,8 +73706,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_949F10E3 : FILE MEMORY date = "2021-03-25" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_CobaltStrike.yar#L787-L806" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_CobaltStrike.yar#L787-L806" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "e4b726c83013f4b9c9d61683f78a4a91935225e9ed3de0ce164b96b5a6719579" score = 75 quality = 75 @@ -73220,8 +73736,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_8751Cdf9 : FILE MEMORY date = "2021-03-25" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_CobaltStrike.yar#L808-L827" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_CobaltStrike.yar#L808-L827" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "64fae95fd89ad46a50a00c943cf98a997a0842a83be64b3728b25151867b75a8" score = 75 quality = 75 @@ -73250,8 +73766,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_663Fc95D : FILE MEMORY date = "2021-04-01" modified = "2021-12-17" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_CobaltStrike.yar#L829-L847" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_CobaltStrike.yar#L829-L847" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "842a0a372cfb2316293f4a08e1690194fa98368a9f6ffe9c63222b2c4ab6532c" score = 75 quality = 75 @@ -73279,8 +73795,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_B54B94Ac : FILE MEMORY date = "2021-10-21" modified = "2022-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_CobaltStrike.yar#L849-L872" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_CobaltStrike.yar#L849-L872" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "36d32b1ed967f07a4bd19f5e671294d5359009c04835601f2cc40fb8b54f6a2a" logic_hash = "6f63e4c31e55da2008f95e9d05391e40d44e2757c511e666032563ab798e274c" score = 75 @@ -73313,8 +73829,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_F0B627Fc : FILE MEMORY date = "2021-10-21" modified = "2022-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_CobaltStrike.yar#L874-L897" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_CobaltStrike.yar#L874-L897" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b" logic_hash = "1087294af3a9ef59c00098f5fd7adfe0b335525e135d95e45ac30e44c6739a72" score = 75 @@ -73347,8 +73863,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_Dcdcdd8C : FILE MEMORY date = "2021-10-21" modified = "2022-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_CobaltStrike.yar#L899-L923" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_CobaltStrike.yar#L899-L923" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "36d32b1ed967f07a4bd19f5e671294d5359009c04835601f2cc40fb8b54f6a2a" logic_hash = "f3ae07282b763d3720e45a84878cc457f65041f381951cdc9affd5e3ce67e6cc" score = 75 @@ -73382,8 +73898,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_A3Fb2616 : FILE MEMORY date = "2021-10-21" modified = "2022-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_CobaltStrike.yar#L925-L947" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_CobaltStrike.yar#L925-L947" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "36d32b1ed967f07a4bd19f5e671294d5359009c04835601f2cc40fb8b54f6a2a" logic_hash = "a3c36326ccc2bc828f6654ccaba507a283f92146fdc52f71d7d934f6908793e2" score = 75 @@ -73415,8 +73931,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_8Ee55Ee5 : FILE MEMORY date = "2021-10-21" modified = "2022-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_CobaltStrike.yar#L949-L969" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_CobaltStrike.yar#L949-L969" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "36d32b1ed967f07a4bd19f5e671294d5359009c04835601f2cc40fb8b54f6a2a" logic_hash = "d0cc321e15660311ae0b8e3261abe716a50a2455f82635c1b02d0a5444c8a89a" score = 75 @@ -73446,8 +73962,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_8D5963A2 : FILE MEMORY date = "2022-08-10" modified = "2022-09-29" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_CobaltStrike.yar#L971-L989" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_CobaltStrike.yar#L971-L989" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "9fe43996a5c4e99aff6e2a1be743fedec35e96d1e6670579beb4f7e7ad591af9" logic_hash = "f4f8fba807256bd885ccf4946eec8c2fb76eb04f86ed76d015178fe512a3c091" score = 75 @@ -73475,8 +73991,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_1787Eef5 : FILE MEMORY date = "2022-08-29" modified = "2022-09-29" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_CobaltStrike.yar#L991-L1014" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_CobaltStrike.yar#L991-L1014" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "36d32b1ed967f07a4bd19f5e671294d5359009c04835601f2cc40fb8b54f6a2a" logic_hash = "0b70c61e986dee3126fec6eea127e01fce4b647aff8e2d2d5072eb8328549225" score = 75 @@ -73509,8 +74025,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_4106070A : FILE MEMORY date = "2023-05-09" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_CobaltStrike.yar#L1016-L1035" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_CobaltStrike.yar#L1016-L1035" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "98789a11c06c1dfff7e02f66146afca597233c17e0d4900d6a683a150f16b3a4" logic_hash = "90f0209a55ca381ca58264664e04c007c799cf558f143d0c02983d4caf47bfb8" score = 75 @@ -73539,8 +74055,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_3Dc22D14 : FILE MEMORY date = "2023-05-09" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_CobaltStrike.yar#L1037-L1056" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_CobaltStrike.yar#L1037-L1056" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "7898194ae0244611117ec948eb0b0a5acbc15cd1419b1ecc553404e63bc519f9" logic_hash = "2f52cd5f3b782c28e372c3daa9b7ddc4d2b9f68832f5250983412c2e7a755e73" score = 75 @@ -73569,8 +74085,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_7F8Da98A : FILE MEMORY date = "2023-05-09" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_CobaltStrike.yar#L1058-L1076" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_CobaltStrike.yar#L1058-L1076" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "e3bc2bec4a55ad6cfdf49e5dbd4657fc704af1758ca1d6e31b83dcfb8bf0f89d" logic_hash = "6c8698d65cbbf893f79ca1de5273535891418c87c234a2542f5f8079e56d9507" score = 75 @@ -73598,8 +74114,8 @@ rule ELASTIC_Linux_Trojan_Sshdoor_97F92Ff7 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Sshdoor.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Sshdoor.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "2e1d909e4a6ba843194f9912826728bd2639b0f34ee512e0c3c9e5ce4d27828e" logic_hash = "a883c790fd7fdeb0ca6de5fcf4dd69a996b6d85db3179a8a28adbbbc1dc01bc6" score = 75 @@ -73627,8 +74143,8 @@ rule ELASTIC_Linux_Trojan_Sshdoor_5B78Aa01 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Sshdoor.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Sshdoor.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "2e1d909e4a6ba843194f9912826728bd2639b0f34ee512e0c3c9e5ce4d27828e" logic_hash = "bcf285ac220b2b2ed9caf0943fa22ee830e5b26501c54a223e483a33e2fc63c0" score = 75 @@ -73656,8 +74172,8 @@ rule ELASTIC_Linux_Trojan_Sshdoor_1B443A9B : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Sshdoor.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Sshdoor.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "a33112daa5a7d31ea1a1ca9b910475843b7d8c84d4658ccc00bafee044382709" logic_hash = "4afcd7103a14d59abc08d9e03182a985e3d0250c09aad5e81fd110c6a95f29e0" score = 75 @@ -73685,8 +74201,8 @@ rule ELASTIC_Linux_Trojan_Sshdoor_7C36D3Dd : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Sshdoor.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Sshdoor.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "def4de838d58c70f9f0ae026cdad3bf09b711a55af97ed20804fa1e34e7b59e9" logic_hash = "c1b61fce7593a44e47043fac8a6356f9aa9e74b66db005400684a5a79b69a5cd" score = 75 @@ -73714,8 +74230,8 @@ rule ELASTIC_Linux_Trojan_Sshdoor_3E81B1B7 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Sshdoor.yar#L81-L99" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Sshdoor.yar#L81-L99" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "def4de838d58c70f9f0ae026cdad3bf09b711a55af97ed20804fa1e34e7b59e9" logic_hash = "54253df560e6552a728dc2651c557bc23ae8ec4847760290701438821c52342e" score = 75 @@ -73743,8 +74259,8 @@ rule ELASTIC_Linux_Trojan_Sshdoor_Cde7Cfd4 : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Sshdoor.yar#L101-L119" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Sshdoor.yar#L101-L119" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "cd646a1d59c99b9e038098b91cdb63c3fe9b35bb10583bef0ab07260dbd4d23d" logic_hash = "47967d90a6dbb4461e22998aff5b7e68b4b9007ea7e5e30574ae1f1cfcbaa573" score = 75 @@ -73772,8 +74288,8 @@ rule ELASTIC_Linux_Trojan_Sshdoor_32D9Fb1B : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Sshdoor.yar#L121-L139" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Sshdoor.yar#L121-L139" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "ee1f6dbea40d198e437e8c2ae81193472c89e41d1998bee071867dab1ce16b90" logic_hash = "35ef4f3970484a46d705e6976a9932639d576717454b8e07ed24a72114d9c42d" score = 75 @@ -73801,8 +74317,8 @@ rule ELASTIC_Linux_Trojan_Sshdoor_7C3Cfc62 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Sshdoor.yar#L141-L159" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Sshdoor.yar#L141-L159" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "ee1f6dbea40d198e437e8c2ae81193472c89e41d1998bee071867dab1ce16b90" logic_hash = "da9804489f30b575d2b459f82570f5df07c1777f105cd373c4268f8a31fa4e43" score = 75 @@ -73830,8 +74346,8 @@ rule ELASTIC_Windows_Hacktool_Askcreds_34E3E3D4 : FILE MEMORY date = "2023-05-16" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Hacktool_AskCreds.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Hacktool_AskCreds.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "d911566ca546a8546928cd0ffa838fd344b35f75a4a7e80789d20e52c7cd38d0" score = 75 quality = 75 @@ -73860,8 +74376,8 @@ rule ELASTIC_Windows_PUP_Generic_198B73Aa : FILE MEMORY date = "2023-07-27" modified = "2023-09-20" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_PUP_Generic.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_PUP_Generic.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "a584c34b9dfc2d78bf8a1e594a2ed519d20088184ce1df09e679b2400aa396d3" score = 75 quality = 75 @@ -73890,8 +74406,8 @@ rule ELASTIC_Linux_Trojan_Xhide_7F0A131B : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Xhide.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Xhide.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "0dc35f1a1fe1c59e454cd5645f3a6220b7d85661437253a3e627eed04eca2560" logic_hash = "4843042576d1f4f37b5a7cda1b261831030d9145c49b57e9b4c66e2658cc8cf9" score = 75 @@ -73919,8 +74435,8 @@ rule ELASTIC_Linux_Trojan_Xhide_Cd8489F7 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Xhide.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Xhide.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "0dc35f1a1fe1c59e454cd5645f3a6220b7d85661437253a3e627eed04eca2560" logic_hash = "34924260c811f1796ae37faec922bc21bb312ebb0672042d3ec27855f63ed61e" score = 75 @@ -73948,8 +74464,8 @@ rule ELASTIC_Linux_Trojan_Xhide_840B27C7 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Xhide.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Xhide.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "0dc35f1a1fe1c59e454cd5645f3a6220b7d85661437253a3e627eed04eca2560" logic_hash = "6b0bfe69558399af6e0469a31741dcf2eb91fbe3e130267139240d3458eb8a0d" score = 75 @@ -73977,8 +74493,8 @@ rule ELASTIC_Windows_Hacktool_Dinvokerust_512D3B59 : FILE MEMORY date = "2024-02-28" modified = "2024-03-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Hacktool_DinvokeRust.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Hacktool_DinvokeRust.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "ebf0f1bfd166d2d49b642fa43cb0c7364c0c605d9a7f108dc49d9f1cc859ab4a" logic_hash = "7be1a4e25cf41e47ab135c718b7ec5a49a2890cf873c52597f8dab4d47636ed8" score = 75 @@ -74011,8 +74527,8 @@ rule ELASTIC_Windows_Trojan_Arkeistealer_84C7086A : FILE MEMORY date = "2022-02-17" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_ArkeiStealer.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_ArkeiStealer.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "708d9fb40f49192d4bf6eff62e0140c920a7eca01b9f78aeaf558bef0115dbe2" logic_hash = "b7129094389f789f0b43f0da54645c24a6d1149f53d6536c14714e3ff44f935b" score = 75 @@ -74040,8 +74556,8 @@ rule ELASTIC_Linux_Worm_Generic_920D273F : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Worm_Generic.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Worm_Generic.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "04a65bc73fab91f654d448b2d7f8f15ac782965dcdeec586e20b5c7a8cc42d73" logic_hash = "d0ed260857ae3002483ea7ef242b82514caaa95c2700b39dd0a03d39fdde090d" score = 75 @@ -74069,8 +74585,8 @@ rule ELASTIC_Linux_Worm_Generic_98Efcd38 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Worm_Generic.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Worm_Generic.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "87507f5cd73fffdb264d76db9b75f30fe21cc113bcf82c524c5386b5a380d4bb" logic_hash = "c1a130d2ef8d09cb28adc4e347cbd1a083c78241752ecf3f935b03d774d00a81" score = 60 @@ -74098,8 +74614,8 @@ rule ELASTIC_Linux_Worm_Generic_Bd64472E : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Worm_Generic.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Worm_Generic.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "b3334a3b61b1a3fc14763dc3d590100ed5e85a97493c89b499b02b76f7a0a7d0" logic_hash = "9a7267a0ebc1073d0b1f81a61b963642cc816b563b43ff4d9508dd8bc195a0e1" score = 75 @@ -74127,8 +74643,8 @@ rule ELASTIC_Linux_Worm_Generic_3Ff8F75B : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Worm_Generic.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Worm_Generic.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "991175a96b719982f3a846df4a66161a02225c21b12a879e233e19124e90bd35" logic_hash = "798e98f286201f1cda18bf1bf433826cf8a949b584f016b24a684425069d1024" score = 75 @@ -74156,8 +74672,8 @@ rule ELASTIC_Windows_Trojan_Doubleback_D2246A35 : FILE MEMORY date = "2022-05-29" modified = "2022-07-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_DoubleBack.yar#L1-L31" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_DoubleBack.yar#L1-L31" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "03d2a0747d06458ccddf65ff5847a511a105e0ad4dcb5134082623af6f705012" logic_hash = "2241d2c6e5b5896fe6f3b02cb1786c39fa620ee503c4585bd75c8763b6d3c06a" score = 75 @@ -74197,8 +74713,8 @@ rule ELASTIC_Windows_Trojan_Powerseal_D63F5E54 : FILE MEMORY date = "2023-03-16" modified = "2023-05-26" reference = "https://www.elastic.co/security-labs/elastic-charms-spectralviper" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_PowerSeal.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_PowerSeal.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "523dcff68a51ea8fb022066b5f09394e8174d6c157222a08100de30669898057" score = 75 quality = 75 @@ -74228,8 +74744,8 @@ rule ELASTIC_Windows_Trojan_Powerseal_2E50F393 : FILE MEMORY date = "2023-05-10" modified = "2023-06-13" reference = "https://www.elastic.co/security-labs/elastic-charms-spectralviper" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_PowerSeal.yar#L24-L44" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_PowerSeal.yar#L24-L44" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "3ca1d4568fea7b2e4e9d30ba03662a2c28ee8623d887a0336e27989b5c98b55f" score = 75 quality = 75 @@ -74258,8 +74774,8 @@ rule ELASTIC_Macos_Hacktool_Jokerspy_58A6B26D : FILE MEMORY date = "2023-06-19" modified = "2023-06-19" reference = "https://www.elastic.co/security-labs/inital-research-of-jokerspy" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Macos_Hacktool_JokerSpy.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Macos_Hacktool_JokerSpy.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "d895075057e491b34b0f8c0392b44e43ade425d19eaaacea6ef8c5c9bd3487d8" logic_hash = "e9e1333c7172d5a0f06093a902edefd7f128963dbaadf77e829f032ccb04ce56" score = 75 @@ -74292,8 +74808,8 @@ rule ELASTIC_Macos_Creddump_Keychainaccess_535C1511 : FILE MEMORY date = "2023-04-11" modified = "2024-01-30" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/MacOS_Creddump_KeychainAccess.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/MacOS_Creddump_KeychainAccess.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "5234dcab6c9ca994c3d40243d882bd50e51fd77bba107e37ef494a04f6bf6112" score = 75 quality = 49 @@ -74327,8 +74843,8 @@ rule ELASTIC_Windows_Hacktool_Processhacker_3D01069E : FILE date = "2022-03-30" modified = "2022-03-30" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Hacktool_ProcessHacker.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Hacktool_ProcessHacker.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "70211a3f90376bbc61f49c22a63075d1d4ddd53f0aefa976216c46e6ba39a9f4" logic_hash = "bcba74aa20b62329c48060bfebaf49ab12f89f9ec3a09fc0c0cb702de5e2b940" score = 75 @@ -74356,8 +74872,8 @@ rule ELASTIC_Windows_Exploit_Ioring_1E4A8F47 : FILE MEMORY date = "2024-02-28" modified = "2024-03-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Exploit_IoRing.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Exploit_IoRing.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "ba2bd270bf3f312dfa3f77f0716edb634c90506c87f82c04aee09445d18738eb" logic_hash = "cbbea9a60bde13356ce88cd96aacaa02a3c99f4ae0b48c4ba84b72528a3d6b91" score = 75 @@ -74388,8 +74904,8 @@ rule ELASTIC_Linux_Trojan_Sshdkit_18A0B82A : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Sshdkit.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Sshdkit.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "003245047359e17706e4504f8988905a219fcb48865afea934e6aafa7f97cef6" logic_hash = "4b7a78ebf3c114809148cc9855379b2e63c959966272ad45759838d570b42016" score = 75 @@ -74417,8 +74933,8 @@ rule ELASTIC_Windows_Hacktool_Seatbelt_674Fd535 : FILE MEMORY date = "2022-10-20" modified = "2022-11-24" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Hacktool_Seatbelt.yar#L1-L26" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Hacktool_Seatbelt.yar#L1-L26" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "a0e467aacd383727d46e766f1c45b424a6d46248118c155c22c538e8773b3ae7" logic_hash = "1bff820ec5cc9e56e7be4b290a48628115cc1ace5e41278fa76898bf39ef893e" score = 75 @@ -74444,6 +74960,47 @@ rule ELASTIC_Windows_Hacktool_Seatbelt_674Fd535 : FILE MEMORY condition: $guid or all of ($str*) } +rule ELASTIC_Windows_Trojan_Warmcookie_7D32Fa90 : FILE MEMORY +{ + meta: + description = "Detects Windows Trojan Warmcookie (Windows.Trojan.WarmCookie)" + author = "Elastic Security" + id = "7d32fa90-c6e0-4a4b-bc21-51d82c57721e" + date = "2024-04-29" + modified = "2024-05-08" + reference = "https://github.com/elastic/protections-artifacts/" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_WarmCookie.yar#L1-L31" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" + hash = "ccde1ded028948f5cd3277d2d4af6b22fa33f53abde84ea2aa01f1872fad1d13" + logic_hash = "ed3be6e5c6127ef87f9ef6fe35b17815b96706e8e73a393ee9b0a8e3b0cd8f66" + score = 75 + quality = 75 + tags = "FILE, MEMORY" + fingerprint = "ae6c81fc7b0ba16567fefa714d043556afa44bfd698f6478c21d6e6428b14858" + severity = 100 + arch_context = "x86" + scan_context = "file, memory" + license = "Elastic License v2" + os = "windows" + + strings: + $seq_checksum = { 45 8D 5D ?? 45 33 C0 41 83 E3 ?? 49 8D 4E ?? 44 03 DB 41 8D 53 ?? } + $seq_string_decrypt = { 8B 69 04 48 8D 79 08 8B 31 89 6C 24 ?? 48 8D 4E ?? E8 } + $seq_filesearch = { 48 81 EC 58 02 00 00 48 8B 05 82 0A 02 00 48 33 C4 48 89 84 24 40 02 00 00 45 33 C9 48 8D 44 24 30 45 33 C0 48 89 44 24 20 33 C9 41 8D 51 1A FF 15 83 4D 01 00 85 C0 78 22 48 8D 4C 24 30 E8 1D } + $seq_registry = { 48 81 EC 80 02 00 00 48 8B 05 F7 09 02 00 48 33 C4 48 89 84 24 70 02 00 00 4C 89 B4 24 98 02 00 00 48 8D 0D 4D CA 01 00 45 33 F6 41 8B FE E8 02 4F 00 00 48 8B E8 41 B9 08 01 00 00 48 8D 44 24 } + $plain_str1 = "release.dll" ascii fullword + $plain_str2 = "\"Main Invoked.\"" ascii fullword + $plain_str3 = "\"Main Returned.\"" ascii fullword + $decrypt_str1 = "ERROR: Cannot write file" wide fullword + $decrypt_str2 = "OK (No output data)" wide fullword + $decrypt_str3 = "OK (See 'Files' tab)" wide fullword + $decrypt_str4 = "cmd.exe /c %ls" wide fullword + $decrypt_str5 = "Cookie:" wide fullword + $decrypt_str6 = "%ls\\*.*" wide fullword + + condition: + (3 of ($plain*)) or (2 of ($seq*)) or 4 of ($decrypt*) +} rule ELASTIC_Windows_Vulndriver_Hpportio_B31E3473 : FILE { meta: @@ -74453,8 +75010,8 @@ rule ELASTIC_Windows_Vulndriver_Hpportio_B31E3473 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_VulnDriver_HpPortIo.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_VulnDriver_HpPortIo.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "c5050a2017490fff7aa53c73755982b339ddb0fd7cef2cde32c81bc9834331c5" logic_hash = "e449b45f3cf2836254614bbdc957aa7093162fc1acd672edd931d5f240503963" score = 75 @@ -74484,8 +75041,8 @@ rule ELASTIC_Linux_Trojan_Mumblehard_523450Aa : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mumblehard.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mumblehard.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "a637ea8f070e1edf2c9c81450e83934c177696171b24b4dff32dfb23cefa56d3" logic_hash = "60b4cc388975ce030e03c5c3a48adcfeec25299105206909163f20100fbf45d8" score = 75 @@ -74513,8 +75070,8 @@ rule ELASTIC_Windows_Ransomware_Pandora_Bca8Ce23 : FILE MEMORY date = "2022-03-14" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Pandora.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Pandora.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "2c940a35025dd3847f7c954a282f65e9c2312d2ada28686f9d1dc73d1c500224" logic_hash = "52203c1af994667ba6833defe547e886dd02167e4d76c57711080e3be0473bfc" score = 75 @@ -74544,8 +75101,8 @@ rule ELASTIC_Windows_Hacktool_Mimikatz_1388212A : FILE MEMORY date = "2021-04-13" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Hacktool_Mimikatz.yar#L1-L43" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Hacktool_Mimikatz.yar#L1-L43" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "66b4a0681cae02c302a9b6f1d611ac2df8c519d6024abdb506b4b166b93f636a" logic_hash = "1b717453810455e3f530e399f5f9f163d1ad0d71a5464fa5c68aa82edd699cda" score = 75 @@ -74597,8 +75154,8 @@ rule ELASTIC_Windows_Hacktool_Mimikatz_674Fd079 : FILE MEMORY date = "2021-04-14" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Hacktool_Mimikatz.yar#L45-L77" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Hacktool_Mimikatz.yar#L45-L77" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "66b4a0681cae02c302a9b6f1d611ac2df8c519d6024abdb506b4b166b93f636a" logic_hash = "f63f3de05dd4f4f40cda6df67b75e37d7baa82c4b4cafd3ebdca35adfb0b15f8" score = 75 @@ -74640,8 +75197,8 @@ rule ELASTIC_Windows_Hacktool_Mimikatz_355D5D3A : FILE MEMORY date = "2021-04-14" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Hacktool_Mimikatz.yar#L79-L112" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Hacktool_Mimikatz.yar#L79-L112" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "945245ca795e0a3575ee4fdc174df9d377a598476c2bf4bf0cdb0cde4286af96" logic_hash = "c6b48ab2cc92deb507d7eead1fb6381ee40b698e84d9eaac45288f95dbda66b3" score = 75 @@ -74684,8 +75241,8 @@ rule ELASTIC_Windows_Hacktool_Mimikatz_71Fe23D9 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Hacktool_Mimikatz.yar#L114-L133" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Hacktool_Mimikatz.yar#L114-L133" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "856687718b208341e7caeea2d96da10f880f9b5a75736796a1158d4c8755f678" logic_hash = "6d1e84bb8532c6271ad3966055eac8d60ec019d8ae6632efb59463c35b46ad9b" score = 75 @@ -74714,8 +75271,8 @@ rule ELASTIC_Windows_Hacktool_Mimikatz_B393864F : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Hacktool_Mimikatz.yar#L135-L154" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Hacktool_Mimikatz.yar#L135-L154" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "8206ce9c42582ac980ff5d64f8e3e310bc2baa42d1a206dd831c6ab397fbd8fe" logic_hash = "d09cb7f753675e0b6ecd8a7977ca7f8d313e5d525f05170fc54b265c2ae6c188" score = 75 @@ -74744,8 +75301,8 @@ rule ELASTIC_Windows_Hacktool_Mimikatz_1Ff74F7E : FILE MEMORY date = "2023-05-09" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Hacktool_Mimikatz.yar#L156-L175" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Hacktool_Mimikatz.yar#L156-L175" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "1b6aad500d45de7b076942d31b7c3e77487643811a335ae5ce6783368a4a5081" logic_hash = "f47f760b4c373a073399c69681e76eb9dde6cfdb36c1cc31d7131376493931c0" score = 75 @@ -74774,8 +75331,8 @@ rule ELASTIC_Windows_Trojan_Ghostpulse_A1311F49 : FILE MEMORY date = "2023-10-06" modified = "2023-10-26" reference = "https://www.elastic.co/security-labs/ghostpulse-haunts-victims-using-defense-evasion-bag-o-tricks" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_GhostPulse.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_GhostPulse.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "0175448655e593aa299278d5f11b81f2af76638859e104975bdb5d30af5c0c11" logic_hash = "21838f230ac1a77f09d01d30f4ea3b66313618660e63ab7012b030e0b819547e" score = 75 @@ -74804,8 +75361,8 @@ rule ELASTIC_Windows_Trojan_Ghostpulse_3Fe1D02D : FILE MEMORY date = "2023-10-12" modified = "2023-10-26" reference = "https://www.elastic.co/security-labs/ghostpulse-haunts-victims-using-defense-evasion-bag-o-tricks" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_GhostPulse.yar#L23-L41" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_GhostPulse.yar#L23-L41" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "4ef78d436a153ed751a8483c1e43ec2ba053dedfa0da2780fded42012d3042c1" score = 75 quality = 75 @@ -74832,8 +75389,8 @@ rule ELASTIC_Windows_Trojan_Ghostpulse_3673D337 : FILE MEMORY date = "2023-12-11" modified = "2024-01-12" reference = "https://www.elastic.co/security-labs/ghostpulse-haunts-victims-using-defense-evasion-bag-o-tricks" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_GhostPulse.yar#L43-L63" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_GhostPulse.yar#L43-L63" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "3013ba32838f6d97d7d75e25394f9611b1c5def94d93588f0a05c90b25b7d6d5" logic_hash = "a92815f27533338e17afd5ebdbe82e382636fb81167a82d1b613c0dccc5b7ed3" score = 75 @@ -74862,8 +75419,8 @@ rule ELASTIC_Macos_Backdoor_Applejeus_31872Ae2 : FILE MEMORY date = "2021-10-18" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/MacOS_Backdoor_Applejeus.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/MacOS_Backdoor_Applejeus.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "e352d6ea4da596abfdf51f617584611fc9321d5a6d1c22aff243aecdef8e7e55" logic_hash = "1d6f06668a7d048a93e53b294c5ab8ffe4cd610f3bef3fd80f14425ef8a85a29" score = 75 @@ -74891,8 +75448,8 @@ rule ELASTIC_Linux_Exploit_CVE_2009_2698_12374E97 : FILE MEMORY CVE_2009_2698 date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_CVE_2009_2698.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_CVE_2009_2698.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "656fddc1bf4743a08a455628b6151076b81e604ff49c93d797fa49b1f7d09c2f" logic_hash = "ed86a239b909681f2ab3503cfedf202dbe5f53a6f554cf4db13f08bee625c0b7" score = 75 @@ -74920,8 +75477,8 @@ rule ELASTIC_Linux_Exploit_CVE_2009_2698_Cc04Dddd : FILE MEMORY CVE_2009_2698 date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_CVE_2009_2698.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_CVE_2009_2698.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "502b73ea04095e8a7ec4e8d7cc306242b45850ad28690156754beac8cd8d7b2d" logic_hash = "68daa56ca98cc8f713faa138432190d19c27f07b2182a1f82347a3bfc5821ebb" score = 75 @@ -74949,8 +75506,8 @@ rule ELASTIC_Linux_Trojan_Mechbot_F2E1C5Aa : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mechbot.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mechbot.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "5f8e80e6877ff2de09a12135ee1fc17bee8eb6d811a65495bcbcddf14ecb44a3" logic_hash = "2ba9ece1ab2360702a59a737a20b6dbd8fca276b543477f9290ab80c6f51e2f1" score = 75 @@ -74978,8 +75535,8 @@ rule ELASTIC_Linux_Trojan_Psybnc_563Ecb11 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Psybnc.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Psybnc.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "f77216b169e8d12f22ef84e625159f3a51346c2b6777a1fcfb71268d17b06d39" logic_hash = "b93e6ab097ccd4c348d228a48df098594e560e62256bfe019669ca9488221214" score = 75 @@ -75007,8 +75564,8 @@ rule ELASTIC_Linux_Trojan_Psybnc_Ab3396D5 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Psybnc.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Psybnc.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "c5ec84e7cc891af25d6319abb07b1cedd90b04cbb6c8656c60bcb07e60f0b620" logic_hash = "8c083f66fc252a88395bb954a67d710d64f5b68efb9df4b60b260302874b400a" score = 75 @@ -75036,8 +75593,8 @@ rule ELASTIC_Linux_Trojan_Psybnc_F07357F1 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Psybnc.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Psybnc.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "f77216b169e8d12f22ef84e625159f3a51346c2b6777a1fcfb71268d17b06d39" logic_hash = "cfe217fe108de787600d1ef06ac6738d84aedfc46e5632143692a9f83cb62df7" score = 75 @@ -75065,8 +75622,8 @@ rule ELASTIC_Windows_Trojan_Kronos_Cdd2E2C5 : FILE MEMORY date = "2021-02-07" modified = "2021-08-23" reference = "https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Kronos.yar#L1-L27" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Kronos.yar#L1-L27" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "baa9cedbbe0f5689be8f8028a6537c39e9ea8b0815ad76cb98f365ca5a41653f" logic_hash = "a8943c5ef166446629cb46517d35db39c97a1e3efa3a7a0b5cb3d3ee9d1e6e9c" score = 75 @@ -75101,8 +75658,8 @@ rule ELASTIC_Windows_Ransomware_Conti_89F3F6Fa : FILE MEMORY date = "2021-08-05" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Conti.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Conti.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "eae876886f19ba384f55778634a35a1d975414e83f22f6111e3e792f706301fe" logic_hash = "4c1834e45d5e42f466249b75a89561ce1e88b9e3c07070e2833d4897fbed22ee" score = 75 @@ -75130,8 +75687,8 @@ rule ELASTIC_Windows_Hacktool_Sharpup_E5C87C9A : FILE MEMORY date = "2022-10-20" modified = "2022-11-24" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Hacktool_SharpUp.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Hacktool_SharpUp.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "45e92b991b3633b446473115f97366d9f35acd446d00cd4a05981a056660ad27" logic_hash = "62e9aafd308aacbc7a124c707e230c5a9ffde4f6929a5feada5497e3eae7668c" score = 75 @@ -75165,8 +75722,8 @@ rule ELASTIC_Windows_Trojan_Pipedance_01C18057 : FILE MEMORY date = "2023-02-02" modified = "2023-02-22" reference = "https://www.elastic.co/security-labs/twice-around-the-dance-floor-with-pipedance" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_PipeDance.yar#L1-L27" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_PipeDance.yar#L1-L27" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "9d3f739e35182992f1e3ade48b8999fb3a5049f48c14db20e38ee63eddc5a1e7" logic_hash = "0c03a725ae930eb829d6a6a9f681489d61aa7f69e72b6b298776f75a98115398" score = 75 @@ -75201,8 +75758,8 @@ rule ELASTIC_Windows_Vulndriver_Microstar_D72B85B2 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_VulnDriver_MicroStar.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_VulnDriver_MicroStar.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "3ed15a390d8dfbd8a8fb99e8367e19bfd1cced0e629dfe43ccdb46c863394b59" logic_hash = "04e9c1f318acae5544cdc826938383bf8f6c6b838cb5828a7097383ac564f404" score = 75 @@ -75232,8 +75789,8 @@ rule ELASTIC_Linux_Hacktool_Wipelog_Daea1Aa4 : FILE MEMORY date = "2022-03-17" modified = "2022-07-22" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Hacktool_Wipelog.yar#L1-L29" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Hacktool_Wipelog.yar#L1-L29" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "39b3a95928326012c3b2f64e2663663adde4b028d940c7e804ac4d3953677ea6" logic_hash = "e2483b7719f4a1e28ec3732120770066333d8db269c9c9711813a8eeb75176d6" score = 75 @@ -75271,8 +75828,8 @@ rule ELASTIC_Windows_Trojan_Bumblebee_35F50Bea : FILE MEMORY date = "2022-04-28" modified = "2022-06-09" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Bumblebee.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Bumblebee.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "9fff05a5aa9cbbf7d37bc302d8411cbd63fb3a28dc6f5163798ae899b9edcda6" logic_hash = "9f22b1b7f9e2d7858738d02730ef5477f8d430ad3606ebf4ac8b01314fdc9c46" score = 75 @@ -75301,8 +75858,8 @@ rule ELASTIC_Windows_Trojan_Bumblebee_70Bed4F3 : FILE MEMORY date = "2022-04-28" modified = "2022-06-09" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Bumblebee.yar#L22-L46" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Bumblebee.yar#L22-L46" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "9fff05a5aa9cbbf7d37bc302d8411cbd63fb3a28dc6f5163798ae899b9edcda6" logic_hash = "3ff97986bfd8df812c4ef94395b3ac7f9ead4d059c398f8984ee217a1bcee4af" score = 75 @@ -75336,8 +75893,8 @@ rule ELASTIC_Linux_Cryptominer_Presenoker_3Bb5533D : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Presenoker.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Presenoker.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "bbc155c610c7aa439f98e32f97895d7eeaef06dab7cca05a5179b0eb3ba3cc00" logic_hash = "13bf69ea6bc7df5ba9ebffe67234657f2ecab99e28fd76d0bbedceaf9706a4dd" score = 75 @@ -75365,8 +75922,8 @@ rule ELASTIC_Linux_Ransomware_Royalpest_502A3Db6 : FILE MEMORY date = "2023-07-27" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Ransomware_RoyalPest.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Ransomware_RoyalPest.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "09a79e5e20fa4f5aae610c8ce3fe954029a91972b56c6576035ff7e0ec4c1d14" logic_hash = "aefb5a286636b827b50e4bc0ea978a75ba6a9e572504bfbc0a7700372c54a077" score = 75 @@ -75397,8 +75954,8 @@ rule ELASTIC_Windows_Ransomware_Doppelpaymer_6660D29F : BETA FILE MEMORY date = "2020-06-28" modified = "2021-08-23" reference = "https://www.crowdstrike.com/blog/doppelpaymer-ransomware-and-dridex-2/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Doppelpaymer.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Doppelpaymer.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "4c12eaa44f82c6f729e51242c9c1836eb1856959c682e2d2e21b975104c197b6" score = 75 quality = 75 @@ -75427,8 +75984,8 @@ rule ELASTIC_Windows_Ransomware_Doppelpaymer_6Ab188Da : BETA FILE MEMORY date = "2020-06-28" modified = "2021-08-23" reference = "https://www.crowdstrike.com/blog/doppelpaymer-ransomware-and-dridex-2/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Doppelpaymer.yar#L23-L42" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Doppelpaymer.yar#L23-L42" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "429c87d293b7f517a594e8be020cbe7f8302a8b6eb8337f090ca18973aafbde4" score = 75 quality = 75 @@ -75456,8 +76013,8 @@ rule ELASTIC_Windows_Ransomware_Doppelpaymer_4Fb1A155 : BETA FILE MEMORY date = "2020-06-28" modified = "2021-08-23" reference = "https://www.crowdstrike.com/blog/doppelpaymer-ransomware-and-dridex-2/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Doppelpaymer.yar#L44-L63" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Doppelpaymer.yar#L44-L63" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "eb041a836b2bc73312a2f87523d817d5274f3d43d3e5fe6aacfad1399c61a9de" score = 75 quality = 75 @@ -75485,8 +76042,8 @@ rule ELASTIC_Macos_Trojan_Genieo_5E0F8980 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/MacOS_Trojan_Genieo.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/MacOS_Trojan_Genieo.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "6c698bac178892dfe03624905256a7d9abe468121163d7507cade48cf2131170" logic_hash = "76b725f6ae5755bb00d384ef2ae1511789487257d8bb7cb61b893226f03a803e" score = 75 @@ -75514,8 +76071,8 @@ rule ELASTIC_Macos_Trojan_Genieo_37878473 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/MacOS_Trojan_Genieo.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/MacOS_Trojan_Genieo.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "0fadd926f8d763f7f15e64f857e77f44a492dcf5dc82ae965d3ddf80cd9c7a0d" logic_hash = "bb04ae4e0a98e0dbd0c0708d5e767306e38edf76de2671523f4bd43cbcbfefc2" score = 75 @@ -75543,8 +76100,8 @@ rule ELASTIC_Macos_Trojan_Genieo_0D003634 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/MacOS_Trojan_Genieo.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/MacOS_Trojan_Genieo.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "bcd391b58338efec4769e876bd510d0c4b156a7830bab56c3b56585974435d70" logic_hash = "0412f88408fb14d1126ef091d0a5cc0ee2b2e39aeb241bef55208b59830ca993" score = 75 @@ -75572,8 +76129,8 @@ rule ELASTIC_Macos_Trojan_Genieo_9E178C0B : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/MacOS_Trojan_Genieo.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/MacOS_Trojan_Genieo.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "b7760e73195c3ea8566f3ff0427d85d6f35c6eec7ee9184f3aceab06da8845d8" logic_hash = "212f96ca964aceeb80c6d3282d488cfbb74aeffb9c0c9dd840a3a28f9bbdcbea" score = 75 @@ -75601,8 +76158,8 @@ rule ELASTIC_Linux_Trojan_Zerobot_185E2396 : FILE MEMORY date = "2022-12-16" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Zerobot.yar#L1-L26" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Zerobot.yar#L1-L26" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "f9fc370955490bdf38fc63ca0540ce1ea6f7eca5123aa4eef730cb618da8551f" logic_hash = "caa21cc019d8e4549d976f8b4f98d930ef7acf4c39c41956ae35fa78c975e016" score = 75 @@ -75637,8 +76194,8 @@ rule ELASTIC_Linux_Trojan_Zerobot_3A5B56Dd : FILE MEMORY date = "2022-12-16" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Zerobot.yar#L28-L51" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Zerobot.yar#L28-L51" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "f9fc370955490bdf38fc63ca0540ce1ea6f7eca5123aa4eef730cb618da8551f" logic_hash = "2491fff4ad0327e0440d842f221fb6623c8efd97e2991bf2090abceaef9c2ccf" score = 75 @@ -75671,8 +76228,8 @@ rule ELASTIC_Linux_Cryptominer_Ksmdbot_Ebeedb3C : FILE MEMORY date = "2022-12-14" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Ksmdbot.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Ksmdbot.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "b927e0fe58219305d86df8b3e44493a7c854a6ea4f76d1ebe531a7bfd4365b54" logic_hash = "67f97cc4f2886ed296b5b3827dc1d1792136ba8d9d27c20b677c9467618c879d" score = 75 @@ -75704,8 +76261,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_2Aef46A6 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Xorddos.yar#L1-L18" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Xorddos.yar#L1-L18" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "d2c88774eb5227cf2d133644c648ebe5ba40c7e0acb2b432bc6a1a9da10bfb3f" score = 75 quality = 73 @@ -75732,8 +76289,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_A6572D63 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Xorddos.yar#L20-L38" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Xorddos.yar#L20-L38" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "2ff33adb421a166895c3816d506a63dff4e1e8fa91f2ac8fb763dc6e8df59d6e" logic_hash = "237392fe51c8528cb5ed446facfcd3535b8e1d594d77a542361873bd52426fa7" score = 75 @@ -75761,8 +76318,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_E41143E1 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Xorddos.yar#L40-L57" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Xorddos.yar#L40-L57" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "4564bf2019ff5086071ff147c9cf1e16b8627ce5d70cbe8370aecbd518d94b57" score = 75 quality = 75 @@ -75789,8 +76346,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_0Eb147Ca : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Xorddos.yar#L59-L77" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Xorddos.yar#L59-L77" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b" logic_hash = "b20479af0767e5e8579489b5298648b9cc84b3e0778f58d8dc9deb252d0f4806" score = 75 @@ -75818,8 +76375,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_884Cab60 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Xorddos.yar#L79-L96" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Xorddos.yar#L79-L96" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "139c5c1c3816047b595deb6a8873b2964e91393642b93536cd102af9a6033e7c" score = 75 quality = 75 @@ -75846,8 +76403,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_Ba961Ed2 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Xorddos.yar#L98-L116" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Xorddos.yar#L98-L116" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b" logic_hash = "5b486c698c9c61dc126be5dbeea862b1f9bb5a6859c02a0fff125a9890147a6b" score = 75 @@ -75875,8 +76432,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_2084099A : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Xorddos.yar#L118-L135" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Xorddos.yar#L118-L135" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "6674be1438ec290550c9586afda335755279a4aedadde455ffc0b41d1a0e634d" score = 75 quality = 75 @@ -75903,8 +76460,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_61C88137 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Xorddos.yar#L137-L155" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Xorddos.yar#L137-L155" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "479ef38fa00bb13a3aa8448aa4a4434613c6729975e193eec29fc5047f339111" logic_hash = "e999355606ee7389be160ce3e96c6a62d7f9132b95cfec7d9f8b1a670551e6b8" score = 75 @@ -75932,8 +76489,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_Debb98A1 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Xorddos.yar#L157-L175" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Xorddos.yar#L157-L175" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "494f549e3dd144e8bcb230dd7b3faa8ff5107d86d9548b21b619a0318e362cad" logic_hash = "c2e43818fcf18d34a6a3611aaaafde31d96b41867d15dfdb1dec20203f5907eb" score = 75 @@ -75961,8 +76518,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_1D6E10Fd : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Xorddos.yar#L177-L195" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Xorddos.yar#L177-L195" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "4c7851316f01ae84ee64165be3ba910ab9b415d7f0e2f5b7e5c5a0eaefa3c287" logic_hash = "01ec1af1ca03173e867113c3bec7911990a0c8c2d9f19b5233715a7f7490f5f1" score = 75 @@ -75990,8 +76547,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_E3Ffbbcc : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Xorddos.yar#L197-L215" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Xorddos.yar#L197-L215" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "28b7ddf2548411910af033b41982cdc74efd8a6ef059a54fda1b6cbd59faa8f6" logic_hash = "54711c2d3e6d73cf4358ba4a65cb19d996adcfa905c0089a18a61fe841fe9a34" score = 75 @@ -76019,8 +76576,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_30F3B4D4 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Xorddos.yar#L217-L235" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Xorddos.yar#L217-L235" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "5b15d43d3535965ec9b84334cf9def0e8c3d064ffc022f6890320cd6045175bc" logic_hash = "99efc257ff2afb779304451bd9f6f6ce9e88f54954189601ed10e95e2268dd4f" score = 75 @@ -76048,8 +76605,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_Ca75589C : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Xorddos.yar#L237-L255" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Xorddos.yar#L237-L255" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "0448c1b2c7c738404ba11ff4b38cdc8f865ccf1e202f6711345da53ce46e7e16" logic_hash = "c717e6f85a5b30514803ba43c85d82e2aaa4533b7f74db5345df83d1cc4c6551" score = 75 @@ -76077,8 +76634,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_7909Cdd2 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Xorddos.yar#L257-L275" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Xorddos.yar#L257-L275" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "0a4a5874f43adbe71da88dc0ef124f1bf2f4e70d0b1b5461b2788587445f79d9" logic_hash = "4b2557ab78d22ae4f46e5813ba5dc4663cd92b945a1add3155f77d3030ccc92d" score = 75 @@ -76106,8 +76663,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_2522D611 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Xorddos.yar#L277-L295" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Xorddos.yar#L277-L295" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "0c2be53e298c285db8b028f563e97bf1cdced0c4564a34e740289b340db2aac1" logic_hash = "59f2552809bc48e16719cb9b4d2a7b99999307803fce031ca39eb24e14b88908" score = 75 @@ -76135,8 +76692,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_56Bd04D3 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Xorddos.yar#L297-L315" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Xorddos.yar#L297-L315" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "0d2ce3891851808fb36779a348a83bf4aa9de1a2b2684fd0692434682afac5ec" logic_hash = "47a33fcd69dd78cbc6c3274aeaa8dddabe119ae65b59077e1807657b8a67fed3" score = 75 @@ -76164,8 +76721,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_F412E4B4 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Xorddos.yar#L317-L335" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Xorddos.yar#L317-L335" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "0e3a3f7973f747fcb23c72289116659c7f158c604d937d6ca7302fbab71851e9" logic_hash = "b4e1b193e80aa88b91255df3a5f2e45de7f23fdba4a28d3ceb12db63098e70e5" score = 75 @@ -76193,8 +76750,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_71F8E26C : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Xorddos.yar#L337-L355" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Xorddos.yar#L337-L355" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "13f873f83b84a0d38eb3437102f174f24a0ad3c5a53b83f0ee51c62c29fb1465" logic_hash = "f9f2f22acd4f52cc313e3ecf425604651e0b8c78e33480d4d05bae5b8c9661fb" score = 75 @@ -76222,8 +76779,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_1A562D3B : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Xorddos.yar#L357-L375" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Xorddos.yar#L357-L375" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "15731db615b32c49c34f41fe84944eeaf2fc79dafaaa9ad6bf1b07d26482f055" logic_hash = "8d3b369bdcecd675f99cedf26dba202256555be0f5feae612404f9b5e109fa93" score = 75 @@ -76251,8 +76808,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_410256Ac : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Xorddos.yar#L377-L395" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Xorddos.yar#L377-L395" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "15f44e10ece90dec1a6104d5be1effefa17614d9f0cfb2784305dab85367b741" logic_hash = "88227af6d2f365b761961bdf4b94bed81bca79e23d546e69900faa17c3e4dc71" score = 75 @@ -76280,8 +76837,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_93Fa87F1 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Xorddos.yar#L397-L415" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Xorddos.yar#L397-L415" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "165b4a28fd6335d4e4dfefb6c40f41f16d8c7d9ab0941ccd23e36cda931f715e" logic_hash = "2a1e797d4dd2599b5c67e73e3c909a1803e604edf0b6ba228713ee375ccc9b16" score = 75 @@ -76309,8 +76866,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_8677Dca3 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Xorddos.yar#L417-L435" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Xorddos.yar#L417-L435" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "23813dc4aa56683e1426e5823adc3aab854469c9c0f3ec1a3fad40fa906929f2" logic_hash = "9902758dfb61e8b60b281f3f51cda8a10d58eb0cc20743f97998d7bcf120c299" score = 75 @@ -76338,8 +76895,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_Ebce4304 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Xorddos.yar#L437-L455" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Xorddos.yar#L437-L455" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "2e06caf864595f2df7f6936bb1ccaa1e0cae325aee8659ee283b2857e6ef1e5b" logic_hash = "42fbfc2c2636c2e3a5da5e51c6bf99f6114ec7d00b88371a34e1fdbe81d1264a" score = 75 @@ -76367,8 +76924,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_073E6161 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Xorddos.yar#L457-L475" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Xorddos.yar#L457-L475" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "2e06caf864595f2df7f6936bb1ccaa1e0cae325aee8659ee283b2857e6ef1e5b" logic_hash = "2c98058add77c55ab68491eec041d7670f726a9ec93258ae7bb8f0e6721b4ca3" score = 75 @@ -76396,8 +76953,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_Bef22375 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Xorddos.yar#L477-L495" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Xorddos.yar#L477-L495" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "f47baf48deb71910716beab9da1b1e24dc6de9575963e238735b6bcedfe73122" logic_hash = "3991ebdb310338516d5fdd137ba2ac63dc870337785a31d59dcad49135f190e5" score = 75 @@ -76425,8 +76982,8 @@ rule ELASTIC_Windows_Hacktool_Iox_98Cd1Cd8 : FILE MEMORY date = "2024-01-24" modified = "2024-01-29" reference = "https://www.elastic.co/security-labs/unmasking-financial-services-intrusion-ref0657" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Hacktool_Iox.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Hacktool_Iox.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "d4544a521d4e6eb07336816b1aae54f92c5c4fd2eb31dcfbdf26e4ef890e73db" logic_hash = "d7f9e4f399410d54416e974fbd66b2caa27359ae0f2e33e01d62f1aa618daa34" score = 75 @@ -76457,8 +77014,8 @@ rule ELASTIC_Macos_Virus_Vsearch_0Dd3Ec6F : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/MacOS_Virus_Vsearch.yar#L1-L18" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/MacOS_Virus_Vsearch.yar#L1-L18" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "17a467b000117ea6c39fbd40b502ac9c7d59a97408c2cdfb09c65b2bb09924e5" score = 75 quality = 75 @@ -76485,8 +77042,8 @@ rule ELASTIC_Macos_Virus_Vsearch_2A0419F8 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/MacOS_Virus_Vsearch.yar#L20-L37" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/MacOS_Virus_Vsearch.yar#L20-L37" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "fa9b811465e435bff5bc0f149ff65f57932c94f548a5ece4ec54ba775cdbb55a" score = 75 quality = 75 @@ -76513,8 +77070,8 @@ rule ELASTIC_Linux_Exploit_CVE_2012_0056_06B2Dff5 : FILE MEMORY CVE_2012_0056 date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_CVE_2012_0056.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_CVE_2012_0056.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "168b3fb1c675ab76224c641e228434495160502a738b64172c679e8ce791ac17" logic_hash = "4361e6e74d6678d9e0823b23a7a2e4ae84119142cad319950154f806115845d5" score = 75 @@ -76542,8 +77099,8 @@ rule ELASTIC_Linux_Exploit_CVE_2012_0056_B39839F4 : FILE MEMORY CVE_2012_0056 date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_CVE_2012_0056.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_CVE_2012_0056.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "cf569647759e011ff31d8626cea65ed506e8d0ef1d26f3bbb7c02a4060ce58dc" logic_hash = "553111c64d8abfc3688a88dd95088de0ea7e92f68592e9a778f8041b40071e84" score = 75 @@ -76571,8 +77128,8 @@ rule ELASTIC_Linux_Exploit_CVE_2012_0056_A1E53450 : FILE MEMORY CVE_2012_0056 date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_CVE_2012_0056.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_CVE_2012_0056.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "15a4d149e935758199f6df946ff889e12097f5fec4ef450e9cbd554d1efbd5e6" logic_hash = "f2ab5de83c36a9a834e41c8f6fdccd0dffdeb384adf7b1e1098e86a2ac52df18" score = 75 @@ -76600,8 +77157,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrig_57C0C6D7 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Xmrig.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Xmrig.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "100dc1ede4c0832a729d77725784d9deb358b3a768dfaf7ff9e96535f5b5a361" logic_hash = "d3a272d488cebe4f774c994001a14d825372a27f16267bc0339b7e3b22ada8db" score = 75 @@ -76629,8 +77186,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrig_7E42Bf80 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Xmrig.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Xmrig.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "551b6e6617fa3f438ec1b3bd558b3cbc981141904cab261c0ac082a697e5b07d" logic_hash = "ad8c8f0081d07f7e2a5400de6af2c6b311f77ff336d7576f7fb0bfe2593a9062" score = 75 @@ -76658,8 +77215,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrig_271121Fb : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Xmrig.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Xmrig.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "19aeafb63430b5ac98e93dfd6469c20b9c1145e6b5b86202553bd7bd9e118842" logic_hash = "f43b1527ad4bbd07023126def89c1af47698cc832f71f4a1381ed0d621d79ed5" score = 75 @@ -76687,8 +77244,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrig_E7E64Fb7 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Xmrig.yar#L61-L78" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Xmrig.yar#L61-L78" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "e325ac02c51526c5a36bdd6c2bcb3bee51f1214d78eff8048c8a1ae88334a9e8" score = 75 quality = 75 @@ -76715,8 +77272,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrig_79B42B21 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Xmrig.yar#L80-L97" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Xmrig.yar#L80-L97" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "db42871193960ea4c2cbe5f5040cbc1097d57d9e4dc291bcc77ed72b588311ab" score = 75 quality = 75 @@ -76743,8 +77300,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrig_77Fbc695 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Xmrig.yar#L99-L117" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Xmrig.yar#L99-L117" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "e723a2b976adddb01abb1101f2d3407b783067bec042a135b21b14d63bc18a68" logic_hash = "af8e09cd5d6b7532af0c06273aa465cf6c40ad6c919a679fd09191a1c2a302f5" score = 75 @@ -76772,8 +77329,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrig_403B0A12 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Xmrig.yar#L119-L137" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Xmrig.yar#L119-L137" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "54d806b3060404ccde80d9f3153eebe8fdda49b6e8cdba197df0659c6724a52d" logic_hash = "5b7662124eb980b11f88a50665292e7a405595f7ad85c5c448dd087ea096689a" score = 75 @@ -76801,8 +77358,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrig_Bffa106B : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Xmrig.yar#L139-L156" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Xmrig.yar#L139-L156" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "d7214ad9c4291205b50567d142d99b8a19a9cfa69d3cd0a644774c3a1adb6b49" score = 75 quality = 75 @@ -76829,8 +77386,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrig_73Faf972 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Xmrig.yar#L158-L176" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Xmrig.yar#L158-L176" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "00e29303b66cb39a8bc23fe91379c087376ea26baa21f6b7f7817289ba89f655" logic_hash = "a6a9d304d215302bf399c90ed0dd77a681796254c51a2a20e4a316dba43b387f" score = 75 @@ -76858,8 +77415,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrig_Af809Eea : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Xmrig.yar#L178-L196" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Xmrig.yar#L178-L196" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "00e29303b66cb39a8bc23fe91379c087376ea26baa21f6b7f7817289ba89f655" logic_hash = "4ae4b119a3eecfdb47a88fe5a89a4f79ae96eecf5d08eef08997357de7e6538a" score = 75 @@ -76887,8 +77444,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrig_9F6Ac00F : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Xmrig.yar#L198-L216" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Xmrig.yar#L198-L216" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "9cd58c1759056c0c5bbd78248b9192c4f8c568ed89894aff3724fdb2be44ca43" logic_hash = "9fa8e7be5c35c9a649c42613d0d5d5cecff3d9c3e9a572e4be1ca661876748a5" score = 75 @@ -76916,8 +77473,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrig_Dbcc9D87 : FILE MEMORY date = "2021-12-13" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Xmrig.yar#L218-L236" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Xmrig.yar#L218-L236" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "da9b8fb5c26e81fb3aed3b0bc95d855339fced303aae2af281daf0f1a873e585" logic_hash = "b7fa60e32cb53484d8b76b13066eda1f2275ee2660ac2dc02b0078b921998e79" score = 75 @@ -76945,8 +77502,8 @@ rule ELASTIC_Windows_Trojan_Gozi_Fd494041 : FILE MEMORY date = "2021-03-22" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Gozi.yar#L1-L32" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Gozi.yar#L1-L32" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "0a1c1557bdb8c1b99e2b764fc6b21a07e33dc777b492a25a55cbd8737031e237" logic_hash = "fdd18817e7377f1b4006d3bf135d924b8ead62a461ea56f57157b2856ba6846b" score = 75 @@ -76987,8 +77544,8 @@ rule ELASTIC_Windows_Trojan_Gozi_261F5Ac5 : FILE MEMORY date = "2019-08-02" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Gozi.yar#L34-L60" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Gozi.yar#L34-L60" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "31835c6350177eff88265e81335a50fcbe0dc46771bf031c836947851dcebb4f" logic_hash = "23a7427e162e2f77ee0a281fe4bc54eab29a3bdca8e51015147e8eb223e7e2f7" score = 75 @@ -77024,8 +77581,8 @@ rule ELASTIC_Windows_Trojan_Twistedtinsel_Aa56E527 : FILE MEMORY date = "2023-12-06" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_TwistedTinsel.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_TwistedTinsel.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "ef1cbdf9a23ae028a858e1d09529982eaeda61197ae029e091918690d3a86e2e" logic_hash = "de31d0a5560baf6b37897eba3a637b00b539f542a2620983c3407a6898e003c7" score = 75 @@ -77054,8 +77611,8 @@ rule ELASTIC_Macos_Trojan_Sugarloader_E7E1D99C : FILE MEMORY date = "2023-10-24" modified = "2023-10-24" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/MacOS_Trojan_SugarLoader.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/MacOS_Trojan_SugarLoader.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "3ea2ead8f3cec030906dcbffe3efd5c5d77d5d375d4a54cca03bfe8a6cb59940" logic_hash = "0689b704add81e8e7968d9dba5f60d45c8791209330f4ee97e218f8eeb22c88f" score = 75 @@ -77087,8 +77644,8 @@ rule ELASTIC_Windows_Vulndriver_Mtcbsv_7F6D642E : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_VulnDriver_MtcBsv.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_VulnDriver_MtcBsv.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "ff803017d1acafde6149fe7d463aee23b1c4f6f3b97c698c05f3ca6f07e4df6c" logic_hash = "dfd53a2b97ad722307561fc5f109dcba372bf600113786bb351ed1262fdc8556" score = 75 @@ -77118,8 +77675,8 @@ rule ELASTIC_Windows_Vulndriver_Xtier_48Bb4B2C : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_VulnDriver_XTier.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_VulnDriver_XTier.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "0f726d8ce21c0c9e01ebe6b55913c519ad6086bcaec1a89f8308f3effacd435f" logic_hash = "fd6ae610a4d2cbf02aae2302d181d07780e723ac7e61b5aa3fd18ba834160729" score = 75 @@ -77149,8 +77706,8 @@ rule ELASTIC_Windows_Vulndriver_Xtier_8A2F6Dc1 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_VulnDriver_XTier.yar#L23-L43" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_VulnDriver_XTier.yar#L23-L43" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "95d50c69cdbf10c9c9d61e64fe864ac91e6f6caa637d128eb20e1d3510e776d3" logic_hash = "90e1efd9d918f15459dd3fabb4737cbdeded66da1d556becca051bdda5867c11" score = 75 @@ -77180,8 +77737,8 @@ rule ELASTIC_Windows_Vulndriver_Xtier_F4760D4A : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_VulnDriver_XTier.yar#L45-L65" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_VulnDriver_XTier.yar#L45-L65" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "0e14a4401011a9f4e444028ac5b1595da34bbbf9af04a00670f15ff839734003" logic_hash = "dc83771e08b8530bf138782ba8c7724e7ecff40c973407a7f654346302a284d5" score = 75 @@ -77211,8 +77768,8 @@ rule ELASTIC_Windows_Vulndriver_Xtier_6A7De49F : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_VulnDriver_XTier.yar#L67-L87" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_VulnDriver_XTier.yar#L67-L87" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "26c86227d3f387897c1efd77dc711eef748eb90be84149cb306e3d4c45cc71c7" logic_hash = "de0d25377103d50b33a95a804b9c3eb9ef221d56fa1dfda0a32f14dcd95ee4b1" score = 75 @@ -77242,8 +77799,8 @@ rule ELASTIC_Windows_Trojan_M0Yv_92F66467 : FILE MEMORY date = "2023-05-03" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_M0yv.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_M0yv.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "0004d22dd18c0239b722c085101c0a32b967159e2066a0b7b9104bb43f5cdea0" logic_hash = "a47b20679aee9559213de22783cfbc55c6091785e4dc288349963e863b78cf41" score = 75 @@ -77273,8 +77830,8 @@ rule ELASTIC_Linux_Rootkit_Fontonlake_8Fa41F5E : FILE MEMORY date = "2021-10-12" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Rootkit_Fontonlake.yar#L1-L26" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Rootkit_Fontonlake.yar#L1-L26" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "826222d399e2fb17ae6bc6a4e1493003881b1406154c4b817f0216249d04a234" logic_hash = "e90ace26dd74ae948d2469c6f532af5ec3070a21092f8b2c4d47c4f5b9d04c09" score = 75 @@ -77309,8 +77866,8 @@ rule ELASTIC_Windows_Shellcode_Rdi_Edc62A10 : FILE MEMORY date = "2023-06-23" modified = "2023-07-10" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Shellcode_Rdi.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Shellcode_Rdi.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "64485ffc283e981c8b77db5a675c7ba2a04d3effaced522531185aa46eb6a36b" logic_hash = "986cb6c28d2d9767a2fd084fdd71edb7a1c36e78ddedf3c562076cf6f5b5afd1" score = 75 @@ -77338,8 +77895,8 @@ rule ELASTIC_Windows_Shellcode_Rdi_Eee75D2C : FILE MEMORY date = "2023-08-25" modified = "2023-11-02" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Shellcode_Rdi.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Shellcode_Rdi.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "8c4de69e89dcc659d2fff52d695764f1efd7e64e0a80983ce6d0cb9eeddb806c" logic_hash = "18cd9be4af210686872610f832ac0ad58a48588a1226fc6093348ceb8371c6b4" score = 75 @@ -77367,8 +77924,8 @@ rule ELASTIC_Windows_Vulndriver_Glckio_39C4Abd4 : FILE date = "2022-04-04" modified = "2022-08-30" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_VulnDriver_GlckIo.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_VulnDriver_GlckIo.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "3a5ec83fe670e5e23aef3afa0a7241053f5b6be5e6ca01766d6b5f9177183c25" logic_hash = "fd43503c9427a386674c06bb790e110ac23c27d8fc4adedbaa8a9b7cb0cbafd4" score = 75 @@ -77396,8 +77953,8 @@ rule ELASTIC_Windows_Vulndriver_Glckio_68D5Afbb : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_VulnDriver_GlckIo.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_VulnDriver_GlckIo.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "5ae23f1fcf3fb735fcf1fa27f27e610d9945d668a149c7b7b0c84ffd6409d99a" logic_hash = "0b5f0d408a5c4089ef496c5f8241a34d0468cc3d21e89e41dc105a0df0855d38" score = 75 @@ -77425,8 +77982,8 @@ rule ELASTIC_Linux_Cryptominer_Pgminer_Ccf88A37 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Pgminer.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Pgminer.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "3afc8d2d85aca61108d21f82355ad813eba7a189e81dde263d318988c5ea50bd" logic_hash = "77833cdb319bc8e22db2503478677d5992774105f659fe7520177a691c83aa91" score = 75 @@ -77454,8 +78011,8 @@ rule ELASTIC_Linux_Cryptominer_Pgminer_5Fb2Efd5 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Pgminer.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Pgminer.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "6d296648fdbc693e604f6375eaf7e28b87a73b8405dc8cd3147663b5e8b96ff0" logic_hash = "4c247f40c9781332f04f82a244f6e8e22c9c744963f736937eddecf769b40a54" score = 75 @@ -77483,8 +78040,8 @@ rule ELASTIC_Linux_Ransomware_Noescape_6De58E0C : FILE MEMORY date = "2023-07-27" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Ransomware_NoEscape.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Ransomware_NoEscape.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "46f1a4c77896f38a387f785b2af535f8c29d40a105b63a259d295cb14d36a561" logic_hash = "c275d0cfdadcaabe57c432956e96b4bb344d947899fa5ad55b872e02b4d44274" score = 75 @@ -77514,8 +78071,8 @@ rule ELASTIC_Linux_Cryptominer_Casdet_5D0D33Be : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Casdet.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Casdet.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "4b09115c876a8b610e1941c768100e03c963c76b250fdd5b12a74253ef9e5fb6" logic_hash = "e3264f614e257d853070907866b838d1cb53c1f60f7a0123ec503f1d540a15d7" score = 75 @@ -77543,8 +78100,8 @@ rule ELASTIC_Windows_Vulndriver_Directio_7Bea6C8F : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_VulnDriver_DirectIo.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_VulnDriver_DirectIo.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "1dadd707c55413a16320dc70d2ca7784b94c6658331a753b3424ae696c5d93ea" logic_hash = "bc87ede24c688565258859287141ddffb3bcfb0cc6d4fcbc08827c48bb897580" score = 75 @@ -77572,8 +78129,8 @@ rule ELASTIC_Windows_Vulndriver_Directio_Abe8Bfa6 : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_VulnDriver_DirectIo.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_VulnDriver_DirectIo.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "d84e3e250a86227c64a96f6d5ac2b447674ba93d399160850acb2339da43eae5" logic_hash = "8548e64e091c0e9e53316662d3dd91eca605c260f391d752ad40253f225571ed" score = 75 @@ -77601,8 +78158,8 @@ rule ELASTIC_Windows_Trojan_Onlylogger_B9E88336 : FILE MEMORY date = "2022-03-22" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_OnlyLogger.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_OnlyLogger.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "69876ee4d89ba68ee86f1a4eaf0a7cb51a012752e14c952a177cd5ffd8190986" logic_hash = "b8d1c4c1e33fc0b54a62f82b8f53c9a1b051ad8c2f578d2a43f504158d1d9247" score = 75 @@ -77633,8 +78190,8 @@ rule ELASTIC_Windows_Trojan_Onlylogger_Ec14D5F2 : FILE MEMORY date = "2022-03-22" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_OnlyLogger.yar#L24-L46" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_OnlyLogger.yar#L24-L46" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "f45adcc2aad5c0fd900df4521f404bc9ca71b01e3378a5490f5ae2f0c711912e" logic_hash = "2838851a5e013705b64625801d2ab1d56cfc17c52f75a5fd71448cb0a4b4b683" score = 75 @@ -77666,8 +78223,8 @@ rule ELASTIC_Windows_Ransomware_Thanos_C3522Fd0 : BETA FILE MEMORY date = "2020-11-03" modified = "2021-08-23" reference = "https://labs.sentinelone.com/thanos-ransomware-riplace-bootlocker-and-more-added-to-feature-set/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Thanos.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Thanos.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "00d28aafd242308ad6561547ed8c80dad3086859dacab09ffdd43d436bf9ec52" score = 75 quality = 75 @@ -77697,8 +78254,8 @@ rule ELASTIC_Windows_Ransomware_Thanos_A6C09942 : BETA FILE MEMORY date = "2020-11-03" modified = "2021-08-23" reference = "https://labs.sentinelone.com/thanos-ransomware-riplace-bootlocker-and-more-added-to-feature-set/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Thanos.yar#L24-L44" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Thanos.yar#L24-L44" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "cecdeb21e041c90769b8fd8431fa87943461c1f7faa5ad15918524b91ba5c792" score = 75 quality = 75 @@ -77727,8 +78284,8 @@ rule ELASTIC_Windows_Ransomware_Thanos_E19Feca1 : BETA FILE MEMORY date = "2020-11-03" modified = "2021-08-23" reference = "https://labs.sentinelone.com/thanos-ransomware-riplace-bootlocker-and-more-added-to-feature-set/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Thanos.yar#L46-L77" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Thanos.yar#L46-L77" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "1f5a69b6749e887a5576843abb83388d5364e47601cf11fcac594008ace8e973" score = 75 quality = 75 @@ -77768,8 +78325,8 @@ rule ELASTIC_Windows_Trojan_Farfli_85D1Bcc9 : FILE MEMORY date = "2022-02-17" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Farfli.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Farfli.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "e3e9ea1b547cc235e6f1a78b4ca620c69a54209f84c7de9af17eb5b02e9b58c3" logic_hash = "746eb5a2583077189d82d1a96b499ff383f31220845bd8a6df5b7a7ceb11e6fb" score = 75 @@ -77797,8 +78354,8 @@ rule ELASTIC_Linux_Ransomware_Blackbasta_96Eb3F20 : FILE MEMORY date = "2022-08-06" modified = "2022-08-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Ransomware_BlackBasta.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Ransomware_BlackBasta.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "96339a7e87ffce6ced247feb9b4cb7c05b83ca315976a9522155bad726b8e5be" logic_hash = "a5e0b60ba51490f70af53c9fba91e3349c712bebb10574eb4bed028ab961ae74" score = 75 @@ -77832,8 +78389,8 @@ rule ELASTIC_Macos_Cryptominer_Xmrig_241780A1 : FILE MEMORY date = "2021-09-30" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/MacOS_Cryptominer_Xmrig.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/MacOS_Cryptominer_Xmrig.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f" logic_hash = "9e091f6881a96abdc6592db385eb9026806befdda6bda4489470b4e16e1d4d87" score = 75 @@ -77864,8 +78421,8 @@ rule ELASTIC_Windows_Ransomware_Magniber_Ea0140A1 : FILE MEMORY date = "2021-08-03" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Magniber.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Magniber.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "a2448b93d7c50801056052fb429d04bcf94a478a0a012191d60e595fed63eec4" logic_hash = "e2c05e2c92444d7bcb2bf68e97f809072d2ccdc8a171214d2e7a498b20d08f90" score = 75 @@ -77893,8 +78450,8 @@ rule ELASTIC_Windows_Ransomware_Magniber_97D7575B : FILE MEMORY date = "2021-08-03" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Magniber.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Magniber.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "a2448b93d7c50801056052fb429d04bcf94a478a0a012191d60e595fed63eec4" logic_hash = "9c85f98aaae28e9e90a94d6ce18389467013ea6b569f46f6acaf26a6c7e027fc" score = 75 @@ -77922,8 +78479,8 @@ rule ELASTIC_Windows_PUP_Mediaarena_A9E3B4A1 : FILE MEMORY date = "2023-06-02" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_PUP_MediaArena.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_PUP_MediaArena.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "c071e0b67e4c105c87b876183900f97a4e8bc1a7c18e61c028dee59ce690b1ac" logic_hash = "8e52b29f2848498aae2fd7ad35494362d6c07f0e752b628840a256923aca32c7" score = 75 @@ -77957,8 +78514,8 @@ rule ELASTIC_Windows_Ransomware_Grief_9953339A : FILE MEMORY date = "2021-08-04" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Grief.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Grief.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "0864575d4f487e52a1479c61c2c4ad16742d92e16d0c10f5ed2b40506bbc6ca0" logic_hash = "f99ea1e1f59dc2999659cbe649e76001dd7139b1438440717b60f081d1e99d70" score = 75 @@ -77986,8 +78543,8 @@ rule ELASTIC_Windows_Trojan_P8Loader_E478A831 : FILE MEMORY date = "2023-04-13" modified = "2023-05-26" reference = "https://www.elastic.co/security-labs/elastic-charms-spectralviper" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_P8Loader.yar#L1-L26" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_P8Loader.yar#L1-L26" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "f1a7de6bb4477ea82c18aea1ddc4481de2fc362ce5321f4205bb3b74c1c45a7e" score = 75 quality = 75 @@ -78021,8 +78578,8 @@ rule ELASTIC_Windows_Ransomware_Mespinoza_3Adb59F5 : FILE MEMORY date = "2021-08-05" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Mespinoza.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Mespinoza.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "6f3cd5f05ab4f404c78bab92f705c91d967b31a9b06017d910af312fa87ae3d6" logic_hash = "28c8ad42a3af70fed274edc9105dae5cef13749d71510561a50428c822464934" score = 75 @@ -78052,8 +78609,8 @@ rule ELASTIC_Windows_Hacktool_Sharpwmi_A67D6Fe5 : FILE MEMORY date = "2022-10-20" modified = "2022-11-24" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Hacktool_SharpWMI.yar#L1-L27" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Hacktool_SharpWMI.yar#L1-L27" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "2134a5e1a5eece1336f831a7686c5ea3b6ca5aaa63ab7e7820be937da0678e15" logic_hash = "de8749951ece8d4798ade4661d531515e12edf8e8606ddc330000d847a66a26c" score = 75 @@ -78089,8 +78646,8 @@ rule ELASTIC_Windows_Hacktool_Blackbone_2Ff5Ec38 : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Hacktool_BlackBone.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Hacktool_BlackBone.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "4e3887f950bff034efedd40f1e949579854a24140128246fa6141f2c34de6017" logic_hash = "0c32bd04460cdf7a56664253992a684c2c684b15ac9ca853b27ab24f07f71607" score = 75 @@ -78118,8 +78675,8 @@ rule ELASTIC_Windows_Vulndriver_Iqvw_B8B45E6B : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_VulnDriver_Iqvw.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_VulnDriver_Iqvw.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "37c637a74bf20d7630281581a8fae124200920df11ad7cd68c14c26cc12c5ec9" logic_hash = "b0a8716f550ba231ca7db61bafd6effbc351faa45864f9ebf7be81f63f14a933" score = 60 @@ -78149,8 +78706,8 @@ rule ELASTIC_Windows_Ransomware_Blackhunt_7B46Cb9C : FILE MEMORY date = "2024-03-12" modified = "2024-03-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_BlackHunt.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_BlackHunt.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "6c4e968c9b53906ba0e86a41eccdabe2b736238cb126852023e15850e956293d" logic_hash = "97bb8436574fd814d8278e5a7043e011d0e4f9a7dd9df5e67605f28ac1af1e74" score = 50 @@ -78184,8 +78741,8 @@ rule ELASTIC_Linux_Trojan_Backegmm_B59712E6 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Backegmm.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Backegmm.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "d6c8e15cb65102b442b7ee42186c58fa69cd0cb68f4fd47eb5ad23763371e0be" logic_hash = "a2e6016bfd8475880c28c89b5f5beeef1335de9529d44bbe7c5aaa352aab9a29" score = 75 @@ -78213,8 +78770,8 @@ rule ELASTIC_Windows_Trojan_Sysjoker_1Ef19A12 : FILE MEMORY date = "2022-02-17" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_SysJoker.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_SysJoker.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "61df74731fbe1eafb2eb987f20e5226962eeceef010164e41ea6c4494a4010fc" logic_hash = "25bd58d546549d208f9f95f4c27d1e58f86f87750dae1e293544cc92b25f8b32" score = 75 @@ -78245,8 +78802,8 @@ rule ELASTIC_Windows_Trojan_Sysjoker_34559Bcd : FILE MEMORY date = "2022-02-21" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_SysJoker.yar#L24-L48" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_SysJoker.yar#L24-L48" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "1ffd6559d21470c40dcf9236da51e5823d7ad58c93502279871c3fe7718c901c" logic_hash = "ebe7f6037f14e37b6efe81614c06c6d26fe0cc17d0475b8b19715f80d0d9aad3" score = 75 @@ -78280,8 +78837,8 @@ rule ELASTIC_Windows_Trojan_Hazelcobra_6A9Fe48A : FILE MEMORY date = "2023-11-01" modified = "2023-11-01" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_HazelCobra.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_HazelCobra.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "b5acf14cdac40be590318dee95425d0746e85b1b7b1cbd14da66f21f2522bf4d" logic_hash = "dc4d561497c2e3da270d305ceaf3194b48d64c0d8e212ee6f03a2d89c8e006e8" score = 75 @@ -78312,8 +78869,8 @@ rule ELASTIC_Windows_Trojan_Afdk_C952Fcfa : FILE MEMORY date = "2023-12-01" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Afdk.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Afdk.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "6723a9489e7cfb5e2d37ff9160d55cda065f06907122d73764849808018eb7a0" logic_hash = "a0589a3bf9e733e615b6e552395b3ff513e4fad7efd7d2ebea634aa91d2f60d9" score = 75 @@ -78341,8 +78898,8 @@ rule ELASTIC_Windows_Trojan_Afdk_5F8Cc135 : FILE MEMORY date = "2023-12-01" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Afdk.yar#L21-L41" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Afdk.yar#L21-L41" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "6723a9489e7cfb5e2d37ff9160d55cda065f06907122d73764849808018eb7a0" logic_hash = "0523a0cc3a4446f2ac88c72999568313c6b40f7f8975b8e332c0c6b1e48c5d76" score = 75 @@ -78372,8 +78929,8 @@ rule ELASTIC_Linux_Cryptominer_Loudminer_581F57A9 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Loudminer.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Loudminer.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "2c2729395805fc9d3c1e654c9a065bbafc4f28d8ab235afaae8d2c484060596b" logic_hash = "82db0985f215da1d84e16fce94df7553b43b06082bf5475515dbbcf016c40fe4" score = 75 @@ -78401,8 +78958,8 @@ rule ELASTIC_Linux_Cryptominer_Loudminer_F2298A50 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Loudminer.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Loudminer.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "2c2729395805fc9d3c1e654c9a065bbafc4f28d8ab235afaae8d2c484060596b" logic_hash = "6c2c9b6aea1fb35f8f600dd084ed9cfd56123f7502036e76dd168ccd8b43b28f" score = 75 @@ -78430,8 +78987,8 @@ rule ELASTIC_Linux_Cryptominer_Loudminer_851Fc7Aa : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Loudminer.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Loudminer.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "2c2729395805fc9d3c1e654c9a065bbafc4f28d8ab235afaae8d2c484060596b" logic_hash = "9f271a16fe30fbf0c16533522b733228f19e0c44d173e4c0ef43bf13323e7383" score = 75 @@ -78459,8 +79016,8 @@ rule ELASTIC_Windows_Ransomware_Mountlocker_126A76E2 : FILE MEMORY date = "2021-06-10" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Mountlocker.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Mountlocker.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "4a5ac3c6f8383cc33c795804ba5f7f5553c029bbb4a6d28f1e4d8fb5107902c1" logic_hash = "5a5e157a245a75033abbe6bc7aa66fe6af6d91dc30abe1fdadce85f8f3905b1e" score = 75 @@ -78492,8 +79049,8 @@ rule ELASTIC_Windows_Trojan_Behinder_B9A49F4B : FILE MEMORY date = "2023-03-02" modified = "2023-06-13" reference = "https://www.elastic.co/security-labs/ref2924-howto-maintain-persistence-as-an-advanced-threat" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Behinder.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Behinder.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "a50ca8df4181918fe0636272f31e19815f1b97cce6d871e15e03b0ee0e3da17b" logic_hash = "2303ef82e4dc5e8be87ddc4563dcd06963d17e1fbf25cf246a6c81e4e74adbcb" score = 75 @@ -78523,8 +79080,8 @@ rule ELASTIC_Windows_Trojan_Stormkitty_6256031A : FILE MEMORY date = "2022-03-21" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_StormKitty.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_StormKitty.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "0c69015f534d1da3770dbc14183474a643c4332de6a599278832abd2b15ba027" logic_hash = "a797e87eaf5b173da9dd43fcff03b3d26198dcafa29c3f2ca369773c73001234" score = 75 @@ -78557,8 +79114,8 @@ rule ELASTIC_Windows_Vulndriver_Marvinhw_37326842 : FILE date = "2022-07-21" modified = "2022-07-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_VulnDriver_MarvinHW.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_VulnDriver_MarvinHW.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "6a4875ae86131a594019dec4abd46ac6ba47e57a88287b814d07d929858fe3e5" logic_hash = "f37290912ab7d997d718c074eef48a67a36444e9e97592b6be65855ade2ba246" score = 50 @@ -78589,8 +79146,8 @@ rule ELASTIC_Windows_Trojan_Icedid_1Cd868A6 : FILE MEMORY date = "2021-02-28" modified = "2021-08-23" reference = "https://www.fireeye.com/blog/threat-research/2021/02/melting-unc2198-icedid-to-ransomware-operations.html" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_IcedID.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_IcedID.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "68dce9f214e7691db77a2f03af16a669a3cb655699f31a6c1f5aaede041468ff" logic_hash = "4765b2b1d463f09d7e21367c2832b3ad668aa67d8078798a14295b6e6c846c1c" score = 75 @@ -78618,8 +79175,8 @@ rule ELASTIC_Windows_Trojan_Icedid_237E9Fb6 : FILE MEMORY date = "2021-02-28" modified = "2021-08-23" reference = "https://www.fireeye.com/blog/threat-research/2021/02/melting-unc2198-icedid-to-ransomware-operations.html" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_IcedID.yar#L23-L43" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_IcedID.yar#L23-L43" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "b21f9afc6443548427bf83b5f93e7a54ac3af306d9d71b8348a6f146b2819457" logic_hash = "31479eae077b2d78cb1770eef3b37bec941f35c9ceb329e01dd65a32e785fa74" score = 75 @@ -78647,8 +79204,8 @@ rule ELASTIC_Windows_Trojan_Icedid_F1Ce2F0A : FILE MEMORY date = "2021-02-28" modified = "2021-08-23" reference = "https://www.fireeye.com/blog/threat-research/2021/02/melting-unc2198-icedid-to-ransomware-operations.html" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_IcedID.yar#L45-L65" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_IcedID.yar#L45-L65" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "b21f9afc6443548427bf83b5f93e7a54ac3af306d9d71b8348a6f146b2819457" logic_hash = "a1f1824a7208201616dde40bea514dfc2cdf908bd8ed24b9f96c2bcad2c8107f" score = 75 @@ -78676,8 +79233,8 @@ rule ELASTIC_Windows_Trojan_Icedid_08530E24 : FILE MEMORY date = "2021-03-21" modified = "2021-08-23" reference = "https://www.elastic.co/security-labs/thawing-the-permafrost-of-icedid-summary" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_IcedID.yar#L67-L99" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_IcedID.yar#L67-L99" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "31db92c7920e82e49a968220480e9f130dea9b386083b78a79985b554ecdc6e4" logic_hash = "a63511edde9d873e184ddb4720b4752b0e7df4bdb2114b05c16f2ca0594eb6b8" score = 75 @@ -78718,8 +79275,8 @@ rule ELASTIC_Windows_Trojan_Icedid_11D24D35 : FILE MEMORY date = "2022-02-16" modified = "2022-04-06" reference = "https://www.elastic.co/security-labs/thawing-the-permafrost-of-icedid-summary" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_IcedID.yar#L101-L121" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_IcedID.yar#L101-L121" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "b8d794f6449669ff2d11bc635490d9efdd1f4e92fcb3be5cdb4b40e4470c0982" logic_hash = "4a5d0f37e3e80e370ae79fd45256dbd274ed8f8bcd021e8d6f95a0bc0bc5321f" score = 75 @@ -78748,8 +79305,8 @@ rule ELASTIC_Windows_Trojan_Icedid_0B62E783 : FILE MEMORY date = "2022-04-06" modified = "2022-06-09" reference = "https://www.elastic.co/security-labs/thawing-the-permafrost-of-icedid-summary" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_IcedID.yar#L123-L142" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_IcedID.yar#L123-L142" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "b9fb0a4c28613c556fb67a0b0e7c9d4c1236b60a161ad935e7387aec5911413a" logic_hash = "aca126529dfa8047ed7dfdc60d970759ab5307448d7d764f88e402cd8d2a016f" score = 75 @@ -78777,8 +79334,8 @@ rule ELASTIC_Windows_Trojan_Icedid_91562D18 : FILE MEMORY date = "2022-04-06" modified = "2022-06-09" reference = "https://www.elastic.co/security-labs/thawing-the-permafrost-of-icedid-summary" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_IcedID.yar#L144-L163" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_IcedID.yar#L144-L163" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "b9fb0a4c28613c556fb67a0b0e7c9d4c1236b60a161ad935e7387aec5911413a" logic_hash = "81c87d0d6726bc2dde42fe93c77af53cdd29bb6437fe3d47d1b4550140722c88" score = 75 @@ -78806,8 +79363,8 @@ rule ELASTIC_Windows_Trojan_Icedid_2086Aecb : FILE MEMORY date = "2022-04-06" modified = "2022-03-02" reference = "https://www.elastic.co/security-labs/thawing-the-permafrost-of-icedid-summary" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_IcedID.yar#L165-L184" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_IcedID.yar#L165-L184" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "b9fb0a4c28613c556fb67a0b0e7c9d4c1236b60a161ad935e7387aec5911413a" logic_hash = "561bf7eacfbbf1b4e0c111347f0d6ff4325bdbce8db73bee1ba836b610569c0d" score = 75 @@ -78835,8 +79392,8 @@ rule ELASTIC_Windows_Trojan_Icedid_48029E37 : FILE MEMORY date = "2022-04-06" modified = "2022-06-09" reference = "https://www.elastic.co/security-labs/thawing-the-permafrost-of-icedid-summary" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_IcedID.yar#L186-L205" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_IcedID.yar#L186-L205" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "b9fb0a4c28613c556fb67a0b0e7c9d4c1236b60a161ad935e7387aec5911413a" logic_hash = "1fe337d7a0607938aaf57cf25c1373aadf315b7a8cec133d6d30a38bd58e1027" score = 75 @@ -78864,8 +79421,8 @@ rule ELASTIC_Windows_Trojan_Icedid_56459277 : FILE MEMORY date = "2022-08-21" modified = "2023-03-02" reference = "https://www.elastic.co/security-labs/thawing-the-permafrost-of-icedid-summary" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_IcedID.yar#L207-L237" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_IcedID.yar#L207-L237" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "21b1a635db2723266af4b46539f67253171399830102167c607c6dbf83d6d41c" logic_hash = "a18557217c69a3bb8c3da7725d2e0ed849741f8e36341a4ea80eea09d47a5b45" score = 75 @@ -78904,8 +79461,8 @@ rule ELASTIC_Windows_Trojan_Icedid_7C1619E3 : FILE MEMORY date = "2022-12-20" modified = "2023-02-01" reference = "https://www.elastic.co/security-labs/thawing-the-permafrost-of-icedid-summary" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_IcedID.yar#L239-L261" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_IcedID.yar#L239-L261" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "4f6de748628b8b06eeef3a5fabfe486bfd7aaa92f50dc5a8a8c70ec038cd33b1" logic_hash = "24ddaf474dabc5e91cce08734a035feced9048a3faac4ff236bc97e6caabd642" score = 75 @@ -78936,8 +79493,8 @@ rule ELASTIC_Windows_Trojan_Icedid_D8B23Cd6 : FILE MEMORY date = "2023-01-03" modified = "2023-01-03" reference = "https://www.elastic.co/security-labs/thawing-the-permafrost-of-icedid-summary" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_IcedID.yar#L263-L294" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_IcedID.yar#L263-L294" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "bd4da2f84c29437bc7efe9599a3a41f574105d449ac0d9b270faaca8795153ab" logic_hash = "47e427a4f088de523115f438cad9fc26233158b0518d87703c282df351110762" score = 75 @@ -78977,8 +79534,8 @@ rule ELASTIC_Windows_Trojan_Icedid_A2Ca5F80 : FILE MEMORY date = "2023-01-16" modified = "2023-04-23" reference = "https://www.elastic.co/security-labs/thawing-the-permafrost-of-icedid-summary" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_IcedID.yar#L296-L323" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_IcedID.yar#L296-L323" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "e36266cd66b9542f2eb9d38f9a01f7b480f2bcdbe61fe20944dca33e22bd3281" score = 75 quality = 75 @@ -79014,8 +79571,8 @@ rule ELASTIC_Windows_Trojan_Icedid_B8C59889 : FILE MEMORY date = "2023-05-05" modified = "2023-06-13" reference = "https://www.elastic.co/security-labs/thawing-the-permafrost-of-icedid-summary" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_IcedID.yar#L325-L349" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_IcedID.yar#L325-L349" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "a63d08cd53053bfda17b8707ab3a94cf3d6021097335dc40d5d211fb9faed045" logic_hash = "08c6c604d1791c35a8494e5ec8a96e8c5dd2ca3d6c57971da20057ce8960fa1d" score = 75 @@ -79048,8 +79605,8 @@ rule ELASTIC_Windows_Trojan_Icedid_81Eff9A3 : FILE MEMORY date = "2023-05-05" modified = "2023-06-13" reference = "https://www.elastic.co/security-labs/thawing-the-permafrost-of-icedid-summary" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_IcedID.yar#L351-L371" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_IcedID.yar#L351-L371" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "96dacdf50d1db495c8395d7cf454aa3a824801cf366ac368fe496f89b5f98fe7" logic_hash = "923dd8166cce0ec32b3b8b20cad192b3c15b7ce7c17fd44ddda739ad205a6c06" score = 75 @@ -79078,8 +79635,8 @@ rule ELASTIC_Macos_Trojan_Getshell_F339D74C : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/MacOS_Trojan_Getshell.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/MacOS_Trojan_Getshell.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "b2199c15500728a522c04320aee000938f7eb69d751a55d7e51a2806d8cd0fe7" logic_hash = "77a409f1a0ab5f87a77a6b2ffa2d4ff7bd6d86c0f685c524e2083585bb3fb764" score = 75 @@ -79107,8 +79664,8 @@ rule ELASTIC_Windows_Virus_Neshta_2A5A14C8 : FILE MEMORY date = "2024-01-22" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Virus_Neshta.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Virus_Neshta.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "f298214764ee9ab690cb4b376d8a7893edcd9c05a3c4e6f3a56010974a130bd7" logic_hash = "0b5d0603f4c20a2368f697dd84cfe1790a5d0e5904c76066601c9e3d1b5ed1e1" score = 75 @@ -79137,8 +79694,8 @@ rule ELASTIC_Windows_Trojan_Hancitor_6738D84A : FILE MEMORY date = "2021-06-17" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Hancitor.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Hancitor.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "a674898f39377e538f9ec54197689c6fa15f00f51aa0b5cc75c2bafd86384a40" logic_hash = "448243b6925c4e419b1fd492ac5e8d43a7baa4492ba7a5a0b44bc8e036c77ec2" score = 75 @@ -79168,8 +79725,8 @@ rule ELASTIC_Linux_Ransomware_Gonnacry_53C3832D : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Ransomware_Gonnacry.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Ransomware_Gonnacry.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "f5de75a6db591fe6bb6b656aa1dcfc8f7fe0686869c34192bfa4ec092554a4ac" logic_hash = "2b7453c4eb71b71e6a241f728b077a2ee63d988d55a64fedf61c34222799e262" score = 75 @@ -79197,8 +79754,8 @@ rule ELASTIC_Windows_Ransomware_Lockfile_74185716 : FILE MEMORY date = "2021-08-31" modified = "2022-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Lockfile.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Lockfile.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "bf315c9c064b887ee3276e1342d43637d8c0e067260946db45942f39b970d7ce" logic_hash = "e922c2fc9dd52dd0238847a9d48691bea90d028cf680fc3a1a0dbdfef1d8dce3" score = 75 @@ -79229,8 +79786,8 @@ rule ELASTIC_Windows_Trojan_Privateloader_96Ac2734 : FILE MEMORY date = "2023-01-03" modified = "2023-02-01" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_PrivateLoader.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_PrivateLoader.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "077225467638a420cf29fb9b3f0241416dcb9ed5d4ba32fdcf2bf28f095740bb" logic_hash = "9f96f1c54853866e124d0996504e6efd3d154111390617999cc10520d7f68fe6" score = 75 @@ -79261,8 +79818,8 @@ rule ELASTIC_Linux_Ransomware_Erebus_Ead4F55B : FILE MEMORY date = "2023-07-27" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Ransomware_Erebus.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Ransomware_Erebus.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "6558330f07a7c90c40006346ed09e859b588d031193f8a9679fe11a85c8ccb37" logic_hash = "82e81577372298623ee3ed3583bb18b2c0cfff30abbacf2909e7efca35c83bd7" score = 75 @@ -79292,8 +79849,8 @@ rule ELASTIC_Linux_Ransomware_Hive_Bdc7De59 : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Ransomware_Hive.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Ransomware_Hive.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "713b699c04f21000fca981e698e1046d4595f423bd5741d712fd7e0bc358c771" logic_hash = "33908128258843d63c5dfe5acf15cfd68463f5cbdf08b88ef1bba394058a5a92" score = 75 @@ -79321,8 +79878,8 @@ rule ELASTIC_Windows_Trojan_Wikiloader_C57F3F88 : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_WikiLoader.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_WikiLoader.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "0f71b1805d7feb6830b856c5a5328d3a132af4c37fcd747d82beb0f61c77f6f5" logic_hash = "408c6d811232dbd0c87f75fd28508366151cf9f2f10f012919588db1919e406b" score = 75 @@ -79350,8 +79907,8 @@ rule ELASTIC_Windows_Trojan_Wikiloader_99681F1C : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_WikiLoader.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_WikiLoader.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "0b02cfe16ac73f2e7dc52eaf3b93279b7d02b3d64d061782dfed0c55ab621a8e" logic_hash = "fb293d74186e778856780377120ac2ebe9550a508a0b33e706c39f93a5509df8" score = 75 @@ -79379,8 +79936,8 @@ rule ELASTIC_Windows_Generic_Threat_Bc6Ae28D : FILE MEMORY date = "2023-12-01" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "ce00873eb423c0259c18157a07bf7fd9b07333e528a5b9d48be79194310c9d97" logic_hash = "0ca5ec945858a5238eac048520dea4597f706ad2c96be322d341c84c4ddbce33" score = 75 @@ -79408,8 +79965,8 @@ rule ELASTIC_Windows_Generic_Threat_Ce98C4Bc : FILE MEMORY date = "2023-12-17" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L21-L40" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L21-L40" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "950e8a29f516ef3cf1a81501e97fbbbedb289ad9fb93352edb563f749378da35" logic_hash = "74914f41c03cb2dcb1dc3175cc76574a0d40b66a1a3854af8f50c9858704b66b" score = 75 @@ -79438,8 +79995,8 @@ rule ELASTIC_Windows_Generic_Threat_0Cc1481E : FILE MEMORY date = "2023-12-17" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L42-L60" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L42-L60" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "6ec7781e472a6827c1406a53ed4699407659bd57c33dd4ab51cabfe8ece6f23f" logic_hash = "1a094cf337cb85aa4b7d1d2025571ab0661a7be1fd03d53d8c7370a90385f38c" score = 75 @@ -79467,8 +80024,8 @@ rule ELASTIC_Windows_Generic_Threat_2507C37C : FILE MEMORY date = "2023-12-18" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L62-L80" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L62-L80" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "04296258f054a958f0fd013b3c6a3435280b28e9a27541463e6fc9afe30363cc" logic_hash = "8c5ea1290260993ea5140baa4645f3fd0ebb4d43fce0e9a25f8e8948e683aec1" score = 75 @@ -79496,8 +80053,8 @@ rule ELASTIC_Windows_Generic_Threat_E052D248 : FILE MEMORY date = "2023-12-18" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L82-L100" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L82-L100" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "ed2bbc0d120665044aacb089d8c99d7c946b54d1b08a078aebbb3b91f593da6e" logic_hash = "1a16ce6d1c6707560425156e625ad19a82315564b3f03adafbcc3e65b0e98a6d" score = 75 @@ -79525,8 +80082,8 @@ rule ELASTIC_Windows_Generic_Threat_2Bb7Fbe3 : FILE MEMORY date = "2023-12-18" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L102-L120" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L102-L120" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "65cc8704c0e431589d196eadb0ac8a19151631c8d4ab7375d7cb18f7b763ba7b" logic_hash = "36e1ab766e09e8d06b9179f67a1cb842ba257f140610964a941fb462ed3e803c" score = 75 @@ -79554,8 +80111,8 @@ rule ELASTIC_Windows_Generic_Threat_994F2330 : FILE MEMORY date = "2023-12-18" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L122-L140" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L122-L140" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "0a30cb09c480a2659b6f989ac9fe1bfba1802ae3aad98fa5db7cdd146fee3916" logic_hash = "ace99deae7f5faa22f273ec4fe45ef07f03acd1ae4d9c0f18687ef6cf5b560c2" score = 75 @@ -79583,8 +80140,8 @@ rule ELASTIC_Windows_Generic_Threat_Bf7Aae24 : FILE MEMORY date = "2023-12-18" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L142-L160" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L142-L160" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "6dfc63894f15fc137e27516f2d2a56514c51f25b41b00583123142cf50645e4e" logic_hash = "b6dfa6f4c46bddd643f2f89f6275404c19fd4ed1bbae561029fffa884e99e167" score = 75 @@ -79612,8 +80169,8 @@ rule ELASTIC_Windows_Generic_Threat_D542E5A5 : FILE MEMORY date = "2023-12-18" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L162-L180" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L162-L180" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "3fc4ae7115e0bfa3fc6b75dcff867e7bf9ade9c7f558f31916359d37d001901b" logic_hash = "3c16c02d4fc6e019f0ab0ff4daad61f59275afd8fb3ee263b1b59876233a686e" score = 75 @@ -79641,8 +80198,8 @@ rule ELASTIC_Windows_Generic_Threat_8D10790B : FILE MEMORY date = "2023-12-18" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L182-L200" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L182-L200" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "911535923a5451c10239e20e7130d371e8ee37172e0f14fc8cf224d41f7f4c0f" logic_hash = "84c017abbce1c8702efbe8657e5a857ae222721b0db2260dc814652f4528df26" score = 75 @@ -79670,8 +80227,8 @@ rule ELASTIC_Windows_Generic_Threat_347F9F54 : FILE MEMORY date = "2023-12-18" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L202-L220" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L202-L220" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "45a051651ce1edddd33ecef09bb0fbb978adec9044e64f786b13ed81cabf6a3f" logic_hash = "63df388393a45ffec68ba01ae6d7707b6d5277e0162ded6e631c1f76ad76b711" score = 75 @@ -79699,8 +80256,8 @@ rule ELASTIC_Windows_Generic_Threat_20469956 : FILE MEMORY date = "2023-12-18" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L222-L240" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L222-L240" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "a1f2923f68f5963499a64bfd0affe0a729f5e7bd6bcccfb9bed1d62831a93c47" logic_hash = "da351bec0039a32bb9de1d8623ab3dc26eb752d30a64e613de96f70e1b1c2463" score = 75 @@ -79728,8 +80285,8 @@ rule ELASTIC_Windows_Generic_Threat_742E8A70 : FILE MEMORY date = "2023-12-18" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L242-L260" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L242-L260" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "94f7678be47651aa457256375f3e4d362ae681a9524388c97dc9ed34ba881090" logic_hash = "2925eb8da80ef791b5cf7800a9bf9462203ab6aa743bc69f4fd2343e97eaab7c" score = 75 @@ -79757,8 +80314,8 @@ rule ELASTIC_Windows_Generic_Threat_79174B5C : FILE MEMORY date = "2023-12-18" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L262-L280" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L262-L280" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "c15118230059e85e7a6b65fe1c0ceee8997a3d4e9f1966c8340017a41e0c254c" logic_hash = "06a2f0613719f1273a6b3f62f248c22b1cab2fe6054904619e3720f3f6c55e2e" score = 75 @@ -79786,8 +80343,8 @@ rule ELASTIC_Windows_Generic_Threat_232B71A9 : FILE MEMORY date = "2023-12-20" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L282-L300" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L282-L300" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "1e8b34da2d675af96b34041d4e493e34139fc8779f806dbcf62a6c9c4d9980fe" logic_hash = "c3bef1509c0d0172dbbc7e0e2b5c69e5ec47dc22365d98a914002b53b0f7d918" score = 75 @@ -79815,8 +80372,8 @@ rule ELASTIC_Windows_Generic_Threat_D331D190 : FILE MEMORY date = "2023-12-20" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L302-L320" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L302-L320" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "6d869d320d977f83aa3f0e7719967c7e54c1bdae9ae3729668d755ee3397a96f" logic_hash = "901601c892d709fa596c44df1fbe7772a9f20576c71666570713bf96727a809b" score = 75 @@ -79844,8 +80401,8 @@ rule ELASTIC_Windows_Generic_Threat_24191082 : FILE MEMORY date = "2023-12-20" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L322-L340" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L322-L340" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "4d20878c16d2b401e76d8e7c288cf8ef5aa3c8d4865f440ee6b44d9f3d0cbf33" logic_hash = "a5ea76032a9c189f923d91cd03deb44bd61868e5ad6081afe63249156cbd8927" score = 75 @@ -79873,8 +80430,8 @@ rule ELASTIC_Windows_Generic_Threat_Efdb9E81 : FILE MEMORY date = "2024-01-01" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L342-L361" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L342-L361" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "1c3302b14324c9f4e07829f41cd767ec654db18ff330933c6544c46bd19e89dd" logic_hash = "eae78b07f6c31e3a30ae041a27c67553bb8ea915bc7724583d78832475021955" score = 75 @@ -79903,8 +80460,8 @@ rule ELASTIC_Windows_Generic_Threat_34622A35 : FILE MEMORY date = "2024-01-01" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L363-L381" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L363-L381" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "c021c6adca0ddf38563a13066a652e4d97726175983854674b8dae2f6e59c83f" logic_hash = "2b49bd5d3a18307a46f44d9dfeea858ddaa6084f86f96b83b874cee7603e1c11" score = 75 @@ -79932,8 +80489,8 @@ rule ELASTIC_Windows_Generic_Threat_0Ff403Df : FILE MEMORY date = "2024-01-01" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L383-L401" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L383-L401" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "b3119dc4cea05bef51d1f373b87d69bcff514f6575d4c92da4b1c557f8d8db8f" logic_hash = "38bdd9b6f61ab4bb13abc7af94e92151928df95ade061756611218104e7245fd" score = 75 @@ -79961,8 +80518,8 @@ rule ELASTIC_Windows_Generic_Threat_B1F6F662 : FILE MEMORY date = "2024-01-01" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L403-L423" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L403-L423" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "1b7eaef3cf1bb8021a00df092c829932cccac333990db1c5dac6558a5d906400" logic_hash = "e52ff1eaee00334e1a07367bf88f3907bb0b13035717683d9d98371b92bc45c0" score = 75 @@ -79992,8 +80549,8 @@ rule ELASTIC_Windows_Generic_Threat_2C80562D : FILE MEMORY date = "2024-01-01" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L425-L445" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L425-L445" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "ee8decf1e8e5a927e3a6c10e88093bb4b7708c3fd542d98d43f1a882c6b0198e" logic_hash = "07487ae646ac81b94f940c8d3493dbee023bce687297465fe09375f40dff0fb2" score = 75 @@ -80023,8 +80580,8 @@ rule ELASTIC_Windows_Generic_Threat_E96F9E97 : FILE MEMORY date = "2024-01-01" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L447-L465" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L447-L465" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "bfbab69e9fc517bc46ae88afd0603a498a4c77409e83466d05db2797234ea7fc" logic_hash = "1dcf81b8982425ff74107b899e85e2432f0464554e923f85a7555cda65293b54" score = 75 @@ -80052,8 +80609,8 @@ rule ELASTIC_Windows_Generic_Threat_005Fd471 : FILE MEMORY date = "2024-01-01" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L467-L487" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L467-L487" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "502814ed565a923da15626d46fde8cc7fd422790e32b3cad973ed8ec8602b228" logic_hash = "10493253a6b2ce3141ee980e0607bdbba72580bb4a076f2f4636e9665ffc6db8" score = 75 @@ -80083,8 +80640,8 @@ rule ELASTIC_Windows_Generic_Threat_54B0Ec47 : FILE MEMORY date = "2024-01-03" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L489-L508" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L489-L508" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "9c14203069ff6003e7f408bed71e75394de7a6c1451266c59c5639360bf5718c" logic_hash = "e3d74162a8874fe05042fec98d25b8db50e7f537566fd9f4e40f92bfe868259a" score = 75 @@ -80113,8 +80670,8 @@ rule ELASTIC_Windows_Generic_Threat_Acf6222B : FILE MEMORY date = "2024-01-03" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L510-L528" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L510-L528" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "ce0def96be08193ab96817ce1279e8406746a76cfcf4bf44e394920d7acbcaa6" logic_hash = "a284b6c163dbc022bd36f19fbc1d7ff70143bee566328ad23e7b8b79abd39e91" score = 75 @@ -80142,8 +80699,8 @@ rule ELASTIC_Windows_Generic_Threat_5E718A0C : FILE MEMORY date = "2024-01-03" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L530-L548" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L530-L548" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "430b9369b779208bd3976bd2adc3e63d3f71e5edfea30490e6e93040c1b3bac6" logic_hash = "45068afeda7abae0fe922a21f8f768b6c74a6e0f8e9e8b1f68c3ddf92940bf9a" score = 75 @@ -80171,8 +80728,8 @@ rule ELASTIC_Windows_Generic_Threat_Fac6D993 : FILE MEMORY date = "2024-01-03" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L550-L568" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L550-L568" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "f3e7c88e72cf0c1f4cbee588972fc1434065f7cc9bd95d52379bade1b8520278" logic_hash = "3486793324dbe43c908432e1956bbbdb870beb4641da46b3786581fd3e78811a" score = 75 @@ -80200,8 +80757,8 @@ rule ELASTIC_Windows_Generic_Threat_E7Eaa4Ca : FILE MEMORY date = "2024-01-04" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L570-L587" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L570-L587" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "600da0c88dc0606e05f60ecd3b9a90469eef8ac7a702ef800c833f7fd17eb13e" score = 75 quality = 75 @@ -80228,8 +80785,8 @@ rule ELASTIC_Windows_Generic_Threat_97703189 : FILE MEMORY date = "2024-01-04" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L589-L607" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L589-L607" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "968ba3112c54f3437b9abb6137f633d919d75137d790af074df40a346891cfb5" logic_hash = "318bc82d49e9a3467ec0e0086aaf1092d2aa7c589b5f16ce6fbb3778eda7ef0b" score = 75 @@ -80257,8 +80814,8 @@ rule ELASTIC_Windows_Generic_Threat_Ca0686E1 : FILE MEMORY date = "2024-01-05" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L609-L627" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L609-L627" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "15c7ce1bc55549efc86dea74a90f42fb4665fe15b14f760037897c772159a5b5" logic_hash = "12b2ff66d1be6e2d27f24489b389b5c84660921e8de41653b2b425077cc87669" score = 75 @@ -80286,8 +80843,8 @@ rule ELASTIC_Windows_Generic_Threat_97C1A260 : FILE MEMORY date = "2024-01-07" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L629-L647" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L629-L647" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "2cc85ebb1ef07948b1ddf1a793809b76ee61d78c07b8bf6e702c9b17346a20f1" logic_hash = "5bd84cbdd4ba699c9e9d87e684071342b23138538bd83ffea8c524fcee26a59b" score = 75 @@ -80315,8 +80872,8 @@ rule ELASTIC_Windows_Generic_Threat_A440F624 : FILE MEMORY date = "2024-01-07" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L649-L668" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L649-L668" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "3564fec3d47dfafc7e9c662654865aed74aedeac7371af8a77e573ea92cbd072" logic_hash = "23c759a0db5698b28a69232077a6b714f71e8eaa069d2f02a7d3efc48b178a2b" score = 75 @@ -80345,8 +80902,8 @@ rule ELASTIC_Windows_Generic_Threat_B577C086 : FILE MEMORY date = "2024-01-07" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L670-L688" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L670-L688" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "27dd61d4d9997738e63e813f8b8ea9d5cf1291eb02d20d1a2ad75ac8aa99459c" logic_hash = "a7684340171415ee01e855706192cdffcccd6c82362707229b2c1d096f87dfa8" score = 75 @@ -80374,8 +80931,8 @@ rule ELASTIC_Windows_Generic_Threat_62E1F5Fc : FILE MEMORY date = "2024-01-07" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L690-L710" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L690-L710" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "4a692e244a389af0339de8c2d429b541d6d763afb0a2b1bb20bee879330f2f42" logic_hash = "76e21746ee396f13073b3db1e876246f01cef547d312691dff3dc895ea3a2b82" score = 75 @@ -80405,8 +80962,8 @@ rule ELASTIC_Windows_Generic_Threat_55D6A1Ab : FILE MEMORY date = "2024-01-07" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L712-L731" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L712-L731" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "1ca6ed610479b5aaaf193a2afed8f2ca1e32c0c5550a195d88f689caab60c6fb" logic_hash = "4f3a0b2e45ae4e6a00f137798b700a0925fa6eb19ea6b871d7eeb565548888ba" score = 75 @@ -80435,8 +80992,8 @@ rule ELASTIC_Windows_Generic_Threat_F7D3Cdfd : FILE MEMORY date = "2024-01-07" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L733-L751" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L733-L751" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "f9df83d0b0e06884cdb4a02cd2091ee1fadeabb2ea16ca34cbfef4129ede251f" logic_hash = "23e1008f222eb94a4bd34372834924377e813dc76efa8544b0dcbe7d3e3addde" score = 75 @@ -80464,8 +81021,8 @@ rule ELASTIC_Windows_Generic_Threat_0350Ed31 : FILE MEMORY date = "2024-01-07" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L753-L771" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L753-L771" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "008f9352765d1b3360726363e3e179b527a566bc59acecea06bd16eb16b66c5d" logic_hash = "149dd26466f47b2e7f514bdcc9822470334490da2898840f35fe6b537ce104f6" score = 75 @@ -80493,8 +81050,8 @@ rule ELASTIC_Windows_Generic_Threat_A1Cef0Cd : FILE MEMORY date = "2024-01-08" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L773-L791" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L773-L791" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "71f519c6bd598e17e1298d247a4ad37b78685ca6fd423d560d397d34d16b7db8" logic_hash = "2772906e3a8a088e7c6ea1370af5e5bbe2cbae4f49de9b939524e317be8ddde4" score = 75 @@ -80522,8 +81079,8 @@ rule ELASTIC_Windows_Generic_Threat_E5F4703F : FILE MEMORY date = "2024-01-09" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L793-L811" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L793-L811" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "362bda1fad3fefce7d173617909d3c1a0a8e234e22caf3215ee7c6cef6b2743b" logic_hash = "f81476d5e5a9bcb42b32d6ec3d4b620165f2878c50691ecf59ef6f34b6ad9d1b" score = 75 @@ -80551,8 +81108,8 @@ rule ELASTIC_Windows_Generic_Threat_8B790Aba : FILE MEMORY date = "2024-01-09" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L813-L832" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L813-L832" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "ec98bfff01d384bdff6bbbc5e17620b31fa57c662516157fd476ef587b8d239e" logic_hash = "8a0b2af3d0c95466ca138dfcc3d6f6a702ec92f5cd4f791b1200c79ffd973840" score = 75 @@ -80581,8 +81138,8 @@ rule ELASTIC_Windows_Generic_Threat_76A7579F : FILE MEMORY date = "2024-01-09" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L834-L852" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L834-L852" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "76c73934bcff7e4ee08b068d1e02b8f5c22161262d127de2b4ac2e81d09d84f6" logic_hash = "08ed2d318e7154195911aaf3705626307b48a54aa195eaa054ec53766d3e198d" score = 75 @@ -80610,8 +81167,8 @@ rule ELASTIC_Windows_Generic_Threat_3F060B9C : FILE MEMORY date = "2024-01-10" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L854-L872" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L854-L872" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "32e7a40b13ddbf9fc73bd12c234336b1ae11e2f39476de99ebacd7bbfd22fba0" logic_hash = "193583f63f22452f96c8372fdc9ef04e2a684f847564a7fe75145ea30d426901" score = 75 @@ -80639,8 +81196,8 @@ rule ELASTIC_Windows_Generic_Threat_Dbae6542 : FILE MEMORY date = "2024-01-10" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L874-L892" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L874-L892" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "c73f533f96ed894b9ff717da195083a594673e218ee9a269e360353b9c9a0283" logic_hash = "673c6b4e6aaa127d45b21d0283437000fbc507a84ecd7a326448869d63759aee" score = 75 @@ -80668,8 +81225,8 @@ rule ELASTIC_Windows_Generic_Threat_808F680E : FILE MEMORY date = "2024-01-10" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L894-L912" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L894-L912" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "df6955522532e365239b94e9d834ff5eeeb354eec3e3672c48be88725849ac1c" logic_hash = "22d91a87c01b401d4a203fbabb93a9b45fd6d8819125c56d9c427449b06d2f84" score = 75 @@ -80697,8 +81254,8 @@ rule ELASTIC_Windows_Generic_Threat_073909Cf : FILE MEMORY date = "2024-01-10" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L914-L932" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L914-L932" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "89a6dc518c119b39252889632bd18d9dfdae687f7621310fb14b684d2f85dad8" logic_hash = "5b42a74010549c884ff85a67b9add6b82a8109a953473cc1439581976f8f545e" score = 75 @@ -80726,8 +81283,8 @@ rule ELASTIC_Windows_Generic_Threat_820Fe9C9 : FILE MEMORY date = "2024-01-11" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L934-L952" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L934-L952" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "1102a499b8a863bdbfd978a1d17270990e6b7fe60ce54b9dd17492234aad2f8c" logic_hash = "81a1359bd5781e1eefb6ae06c6b2ad9e94cc6318c1f81f84c06f0b236b6e84d1" score = 75 @@ -80755,8 +81312,8 @@ rule ELASTIC_Windows_Generic_Threat_89Efd1B4 : FILE MEMORY date = "2024-01-11" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L954-L972" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L954-L972" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "937c8bc3c89bb9c05b2cb859c4bf0f47020917a309bbadca36236434c8cdc8b9" logic_hash = "49a7875fd9c31c5c9b593aed75a28fadb586294422b75c7a8eeba2e8ff254753" score = 75 @@ -80784,8 +81341,8 @@ rule ELASTIC_Windows_Generic_Threat_61315534 : FILE MEMORY date = "2024-01-11" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L974-L992" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L974-L992" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "819447ca71080f083b1061ed6e333bd9ef816abd5b0dd0b5e6a58511ab1ce8b9" logic_hash = "0fdfe3bb6ebdaac4324a45dac8680f00684d0030419f26f3f72ed002bf5a2a34" score = 75 @@ -80813,8 +81370,8 @@ rule ELASTIC_Windows_Generic_Threat_Eab96Cf2 : FILE MEMORY date = "2024-01-11" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L994-L1012" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L994-L1012" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "2be8a2c524f1fb2acb2af92bc56eb9377c4e16923a06f5ac2373811041ea7982" logic_hash = "cc1dfc2c9c5e1fbc6282342dfbf3a6c834fa56fb6fc46569a24fa78535c5845f" score = 75 @@ -80842,8 +81399,8 @@ rule ELASTIC_Windows_Generic_Threat_11A56097 : FILE MEMORY date = "2024-01-12" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L1014-L1033" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L1014-L1033" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "98d538c8f074d831b7a91e549e78f6549db5d2c53a10dbe82209d15d1c2e9b56" logic_hash = "42f955c079752c787ac70682bc41fa31f3196d30051d7032276a0d4279d59d58" score = 75 @@ -80872,8 +81429,8 @@ rule ELASTIC_Windows_Generic_Threat_F3Bef434 : FILE MEMORY date = "2024-01-12" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L1035-L1053" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L1035-L1053" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "98d538c8f074d831b7a91e549e78f6549db5d2c53a10dbe82209d15d1c2e9b56" logic_hash = "efba0e1fbe6562a9aeaac23b851c31350e4ac6551e505be4986bddade92ca303" score = 75 @@ -80901,8 +81458,8 @@ rule ELASTIC_Windows_Generic_Threat_C6F131C5 : FILE MEMORY date = "2024-01-12" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L1055-L1073" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L1055-L1073" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "247314baaaa993b8db9de7ef0e2998030f13b99d6fd0e17ffd59e31a8d17747a" logic_hash = "5702a77fee0cd564916abdbfedf76d069bb7a5b6de0c4623150991d52dc02e42" score = 75 @@ -80930,8 +81487,8 @@ rule ELASTIC_Windows_Generic_Threat_B2A054F8 : FILE MEMORY date = "2024-01-12" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L1075-L1095" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L1075-L1095" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "63d2478a5db820731a48a7ad5a20d7a4deca35c6b865a17de86248bef7a64da7" logic_hash = "f64b1666f78646322a4c37dc887d8fcfdb275b0bca812e360579cefd9e323c02" score = 75 @@ -80961,8 +81518,8 @@ rule ELASTIC_Windows_Generic_Threat_Fcab7E76 : FILE MEMORY date = "2024-01-12" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L1097-L1115" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L1097-L1115" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "67d7e016e401bd5d435eecaa9e8ead341aed2f373a1179069f53b64bda3f1f56" logic_hash = "90f50d1227b8e462eaa393690dc2b25601444bf80f2108445a0413bff6bedae8" score = 75 @@ -80990,8 +81547,8 @@ rule ELASTIC_Windows_Generic_Threat_90E4F085 : FILE MEMORY date = "2024-01-12" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L1117-L1137" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L1117-L1137" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "1a6a290d98f5957d00756fc55187c78030de7031544a981fd2bb4cfeae732168" logic_hash = "2afeae6de965ae155914dcedbfe375327a9fca3b42733c23360dd4fddfcc8a3d" score = 75 @@ -81021,8 +81578,8 @@ rule ELASTIC_Windows_Generic_Threat_04A9C177 : FILE MEMORY date = "2024-01-12" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L1139-L1157" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L1139-L1157" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "0cccdde4dcc8916fb6399c181722eb0da2775d86146ce3cb3fc7f8cf6cd67c29" logic_hash = "ca7cf71228b1e13ec05c62cd9924ea5089fdf903d8ea4a5151866996ea81e01e" score = 75 @@ -81050,8 +81607,8 @@ rule ELASTIC_Windows_Generic_Threat_45D1E986 : FILE MEMORY date = "2024-01-12" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L1159-L1177" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L1159-L1177" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "fd159cf2f9bd48b0f6f5958eef8af8feede2bcbbea035a7e56ce1ff72d3f47eb" logic_hash = "d53a4d189b9a49f9b6477e12bce0d41e62827306d1df79e6494ab67669d84f35" score = 75 @@ -81079,8 +81636,8 @@ rule ELASTIC_Windows_Generic_Threat_83C38E63 : FILE MEMORY date = "2024-01-12" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L1179-L1198" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L1179-L1198" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "2121a0e5debcfeedf200d7473030062bc9f5fbd5edfdcd464dfedde272ff1ae7" logic_hash = "89d4036290a29b372918205bba85698d6343109503766cbb13999b5177fc3152" score = 75 @@ -81109,8 +81666,8 @@ rule ELASTIC_Windows_Generic_Threat_Bd24Be68 : FILE MEMORY date = "2024-01-12" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L1200-L1218" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L1200-L1218" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "fd159cf2f9bd48b0f6f5958eef8af8feede2bcbbea035a7e56ce1ff72d3f47eb" logic_hash = "8536593696930d03f1e62586886f0df5438d13fb796b4605df7ad67d9633d5f9" score = 75 @@ -81138,8 +81695,8 @@ rule ELASTIC_Windows_Generic_Threat_A0C7B402 : FILE MEMORY date = "2024-01-16" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L1220-L1238" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L1220-L1238" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "5814d7712304800d92487b8e1108d20ad7b44f48910b1fb0a99e9b36baa4333a" logic_hash = "d0aa75debbefb301b9fc46ceca4944ae8c4b009118214a9589440b59089b853e" score = 75 @@ -81167,8 +81724,8 @@ rule ELASTIC_Windows_Generic_Threat_42B3E0D7 : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L1240-L1258" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L1240-L1258" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "99ad416b155970fda383a63fe61de2e4d0254e9c9e09564e17938e8e2b49b5b7" logic_hash = "58b4c667b6d796f4525afeb706394f593d03393e3a48e2a0b7664f121e6a78fe" score = 75 @@ -81196,8 +81753,8 @@ rule ELASTIC_Windows_Generic_Threat_66142106 : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L1260-L1278" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L1260-L1278" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "cd164a65fb2a496ad7b54c782f25fbfca0540d46d2c0d6b098d7be516c4ce021" logic_hash = "bf5d8db3ed6d2abc3158b04e904351250bf17a6d766e31769b3c5a6e534165b0" score = 75 @@ -81225,8 +81782,8 @@ rule ELASTIC_Windows_Generic_Threat_51A1D82B : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L1280-L1298" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L1280-L1298" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "1a7adde856991fa25fac79048461102fba58cda9492d4f5203b817d767a81018" logic_hash = "2d6b0560e1980deb6aad8e0902d065eeda406506b70bb8bb27c7fa58be9842f8" score = 75 @@ -81254,8 +81811,8 @@ rule ELASTIC_Windows_Generic_Threat_Dee3B4Bf : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L1300-L1318" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L1300-L1318" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "c7f4b63fa5c7386d6444c0d0428a8fe328446efcef5fda93821f05e86efd2fba" logic_hash = "cfd7f9250ab44ffe12b62f84ae753032642d9aa2524d88a6d4d989a2afa043a3" score = 75 @@ -81283,8 +81840,8 @@ rule ELASTIC_Windows_Generic_Threat_Fdbcd3F2 : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L1320-L1338" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L1320-L1338" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "9258e4fe077be21ad7ae348868f1ac6226f6e9d404c664025006ab4b64222369" logic_hash = "ca9136ca44a61795cca44ac9bb0494fdc34c08d6578603ba3be3582956f4a98f" score = 75 @@ -81312,8 +81869,8 @@ rule ELASTIC_Windows_Generic_Threat_B7852Ccf : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L1340-L1360" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L1340-L1360" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "5ac70fa959be4ee37c0c56f0dd04061a5fed78fcbde21b8449fc93e44a8c133a" logic_hash = "4d5c29cceaacfda0c41bcd13cf95e90397b1b6c0c6beeb19b9184f435c8669b9" score = 75 @@ -81343,8 +81900,8 @@ rule ELASTIC_Windows_Generic_Threat_C3C8F21A : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L1362-L1380" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L1362-L1380" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "9a102873dd37d08f53dcf6b5dad2555598a954d18fb3090bbf842655c5fded35" logic_hash = "b4d2b28fb2c9d46884b0b34f7821151b88891a8d881885c704e0e192cf7fca70" score = 75 @@ -81372,8 +81929,8 @@ rule ELASTIC_Windows_Generic_Threat_A3D51E0C : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L1382-L1400" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L1382-L1400" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "18bd25df1025cd04b0642e507b0170bc1a2afba71b2dc4bd5e83cc487860db0d" logic_hash = "f128f6a037abb4af2c11605b182852146780be6451b3062a2914bedb5c286843" score = 75 @@ -81401,8 +81958,8 @@ rule ELASTIC_Windows_Generic_Threat_54Ccad4D : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L1402-L1422" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L1402-L1422" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "fe4aad002722d2173dd661b7b34cdb0e3d4d8cd600e4165975c48bf1b135763f" logic_hash = "b9fb525be22dd2f235c3ac68688ced5298da45194ad032423689f5a085df6e31" score = 75 @@ -81432,8 +81989,8 @@ rule ELASTIC_Windows_Generic_Threat_6Ee18020 : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L1424-L1442" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L1424-L1442" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "d58d8f5a7efcb02adac92362d8c608e6d056824641283497b2e1c1f0e2d19b0a" logic_hash = "8a08973ae2ddde275e007686fc6eca831c1fb398b7221d5022da10f90da0e44d" score = 75 @@ -81461,8 +82018,8 @@ rule ELASTIC_Windows_Generic_Threat_8Eb547Db : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L1444-L1462" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L1444-L1462" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "3fc821b63dfa653b86b11201073997fa4dc273124d050c2a7c267ac789d8a447" logic_hash = "73cabad0656c6b347def017b07138fdbdd5b41da5ccf7d701fea764669058f39" score = 75 @@ -81490,8 +82047,8 @@ rule ELASTIC_Windows_Generic_Threat_803Feff4 : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L1464-L1482" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L1464-L1482" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "8f150dfb13e4a2ff36231f873e4c0677b5db4aa235d8f0aeb41e02f7e31c1e05" logic_hash = "e22b8b208ff104e2843d897c425467f2f0ec0c586c4db578da90aeaef0209e1d" score = 75 @@ -81519,8 +82076,8 @@ rule ELASTIC_Windows_Generic_Threat_9C7D2333 : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L1484-L1502" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L1484-L1502" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "85219f1402c88ab1e69aa99fe4bed75b2ad1918f4e95c448cdc6a4b9d2f9a5d4" logic_hash = "561290ebf3ca2a01914f514d63121be930e7a8c06cfc90ff4b8f0c7cef3408fe" score = 75 @@ -81548,8 +82105,8 @@ rule ELASTIC_Windows_Generic_Threat_747B58Af : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L1504-L1524" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L1504-L1524" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "ee28e93412c59d63155fd79bc99979a5664c48dcb3c77e121d17fa985fcb0ebe" logic_hash = "fd6b36ca50c1017035474b491f716bfb0d53b181fce4b5478a57a1d1a6ddc3e7" score = 75 @@ -81579,8 +82136,8 @@ rule ELASTIC_Windows_Generic_Threat_C3C4E847 : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L1526-L1544" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L1526-L1544" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "86b37f0b2d9d7a810b5739776b4104f1ded3a1228c4ec2d104d26d8eb26aa7ba" logic_hash = "fa147abf7aa872f409e7684c4c60485fc58f57543062573526e56ff9866f8dfe" score = 75 @@ -81608,8 +82165,8 @@ rule ELASTIC_Windows_Generic_Threat_6542Ebda : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L1546-L1564" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L1546-L1564" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "2073e51c7db7040c6046e36585873a0addc2bcddeb6e944b46f96c607dd83595" logic_hash = "30263341bf51a001503dfda9be5771d401bc5b5423682c29a6d4ebc457415d3e" score = 75 @@ -81637,8 +82194,8 @@ rule ELASTIC_Windows_Generic_Threat_1417511B : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L1566-L1584" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L1566-L1584" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "2fc9bd91753ff3334ef7f9861dc1ae79cf5915d79fa50f7104cbb3262b7037da" logic_hash = "e6b53082fa447ac3cf56784771aca742696922e6f740a24d014e04250dc5020c" score = 75 @@ -81666,8 +82223,8 @@ rule ELASTIC_Windows_Generic_Threat_7526F106 : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L1586-L1605" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L1586-L1605" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "5a297c446c27a8d851c444b6b32a346a7f9f5b5e783564742d39e90cd583e0f0" logic_hash = "a0f9eb760be05196f0c5c3e3bf250929b48341a58a11c24722978fa19c4a9f57" score = 75 @@ -81696,8 +82253,8 @@ rule ELASTIC_Windows_Generic_Threat_Cbe3313A : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L1607-L1625" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L1607-L1625" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "1ca2a28c851070b9bfe1f7dd655f2ea10ececef49276c998a1d2a1b48f84cef3" logic_hash = "41a731cefe0c8ee95f1db598b68a8860ef7ff06137ce94d0dd0b5c60c4240e85" score = 75 @@ -81725,8 +82282,8 @@ rule ELASTIC_Windows_Generic_Threat_779Cf969 : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L1627-L1645" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L1627-L1645" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "ef281230c248442c804f1930caba48f0ae6cef110665020139f826ab99bbf274" logic_hash = "ad0f2d78386abf4c6dc6b5a4a88b4dcf8e5bf8086b08bac91e5e00be9936e908" score = 75 @@ -81754,8 +82311,8 @@ rule ELASTIC_Windows_Generic_Threat_D568682A : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L1647-L1665" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L1647-L1665" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "0d98bc52259e0625ec2f24078cf4ae3233e5be0ade8f97a80ca590a0f1418582" logic_hash = "97e172502037c7a5d66327fcc4a237e5548694fc7d73a535838ad56367f15d76" score = 75 @@ -81783,8 +82340,8 @@ rule ELASTIC_Windows_Generic_Threat_Ccb6A7A2 : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L1667-L1686" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L1667-L1686" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "60503212db3f27a4d68bbfc94048ffede04ad37c78a19c4fe428b50f27af7a0d" logic_hash = "312265bbc4330a463bbe7478c70233f5df3353bda3c450562f2414f3675ba91e" score = 75 @@ -81813,8 +82370,8 @@ rule ELASTIC_Windows_Generic_Threat_D62F1D01 : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L1688-L1706" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L1688-L1706" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "380892397b86f47ec5e6ed1845317bf3fd9c00d01f516cedfe032c0549eef239" logic_hash = "fd65eb56f3a48c37f83d3544c039d29c231cac1e2f8f07d176d709432a75a4c3" score = 75 @@ -81842,8 +82399,8 @@ rule ELASTIC_Windows_Generic_Threat_2Bb6F41D : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L1708-L1728" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L1708-L1728" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "afa060352346dda4807dffbcac75bf07e8800d87ff72971b65e9805fabef39c0" logic_hash = "7c4e62b69880eb8a901d7e94b7539786e8ac58808df07cb1cbe9ff45efce518e" score = 75 @@ -81873,8 +82430,8 @@ rule ELASTIC_Windows_Generic_Threat_C54Ed0Ed : FILE MEMORY date = "2024-01-21" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L1730-L1747" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L1730-L1747" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "f0f4878cb003371522ed1419984f15fd5049f1adeb8e051b8b51b31b0d620e96" score = 75 quality = 75 @@ -81901,8 +82458,8 @@ rule ELASTIC_Windows_Generic_Threat_Dbe41439 : FILE MEMORY date = "2024-01-21" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L1749-L1767" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L1749-L1767" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "64afd2bc6cec17402473a29b94325ae2e26989caf5a8b916dc21952149d71b00" logic_hash = "288cdc285d024f2b69847e0d49bd4dc1c86a2a6a24a7b4fb248071855ba39a38" score = 75 @@ -81930,8 +82487,8 @@ rule ELASTIC_Windows_Generic_Threat_51A52B44 : FILE MEMORY date = "2024-01-21" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L1769-L1787" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L1769-L1787" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "303aafcc660baa803344bed6a3a7a5b150668f88a222c28182db588fc1e744e0" logic_hash = "aad1c350f43cf2e0512e085e1a04db6099c568e375423afb9518b1fb89801c21" score = 75 @@ -81959,8 +82516,8 @@ rule ELASTIC_Windows_Generic_Threat_5C18A7F9 : FILE MEMORY date = "2024-01-21" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L1789-L1807" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L1789-L1807" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "fd272678098eae8f5ec8428cf25d2f1d8b65566c59e363d42c7ce9ffab90faaa" logic_hash = "05cea396567ed3e23907dec4e6e3a6629cd1044d9123cde0575a04b73bae6c20" score = 75 @@ -81988,8 +82545,8 @@ rule ELASTIC_Windows_Generic_Threat_Ab01Ba9E : FILE MEMORY date = "2024-01-21" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L1809-L1829" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L1809-L1829" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "2b237716d0c0c9877f54b3fa03823068728dfe0710c5b05e9808eab365a1408e" logic_hash = "cc8d79950e21270938d2ea7e501c7c8fdbebe92767b48b46bb03c08c377e095b" score = 75 @@ -82019,8 +82576,8 @@ rule ELASTIC_Windows_Generic_Threat_917D7645 : FILE MEMORY date = "2024-01-21" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L1831-L1849" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L1831-L1849" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "19b54a20cfa74cbb0f4724155244b52ca854054a205be6d148f826fa008d6c55" logic_hash = "65748ff2e4448f305b9541ea9864cc6bda054d37be5ed34110a2f64c8fef30c7" score = 75 @@ -82048,8 +82605,8 @@ rule ELASTIC_Windows_Generic_Threat_7A09E97D : FILE MEMORY date = "2024-01-21" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L1851-L1869" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L1851-L1869" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "c0c1e333e60547a90ec9d9dac3fc6698b088769bc0f5ec25883b2c4d1fd680a9" logic_hash = "b65b2d12901953c137687a7b466c78e0537a2830c37a4cb13dd0eda457bba937" score = 75 @@ -82077,8 +82634,8 @@ rule ELASTIC_Windows_Generic_Threat_Dc4Ede3B : FILE MEMORY date = "2024-01-21" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L1871-L1889" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L1871-L1889" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "c49f20c5b42c6d813e6364b1fcb68c1b63a2f7def85a3ddfc4e664c4e90f8798" logic_hash = "c402d5f16f2be32912d7a054b51ab6dafc6173bb5a267a7846b3ac9df1c4c19f" score = 75 @@ -82106,8 +82663,8 @@ rule ELASTIC_Windows_Generic_Threat_Bb480769 : FILE MEMORY date = "2024-01-21" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L1891-L1909" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L1891-L1909" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "010e3aeb26533d418bb7d2fdcfb5ec21b36603b6abb63511be25a37f99635bce" logic_hash = "1087e0befceac2606ce5dc5f2b42b45ebad888e7d3e451c3fb89de7e932a31f5" score = 75 @@ -82135,8 +82692,8 @@ rule ELASTIC_Windows_Generic_Threat_5Fbf5680 : FILE MEMORY date = "2024-01-21" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L1911-L1929" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L1911-L1929" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "1b0553a9873d4cda213f5464b5e98904163e347a49282db679394f70d4571e77" logic_hash = "ec5399f6fb29125cb4c096851b9194fa35fb1e5ddd1f4d4f07b155471ae5c619" score = 75 @@ -82164,8 +82721,8 @@ rule ELASTIC_Windows_Generic_Threat_Aa30A738 : FILE MEMORY date = "2024-01-21" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L1931-L1949" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L1931-L1949" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "7726a691bd6c1ee51a9682e0087403a2c5a798ad172c1402acf2209c34092d18" logic_hash = "64967fbc0e74435452752731a8b9385345cc771d27ee33cd018cccdeb26bb75e" score = 75 @@ -82193,8 +82750,8 @@ rule ELASTIC_Windows_Generic_Threat_2E3C2Ec5 : FILE MEMORY date = "2024-01-21" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L1951-L1969" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L1951-L1969" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "91755a6831a4aa2d66fea9c3d6203b0ed3f1f58e0f4e1d1550aba4fe18895695" logic_hash = "51b76a28c1ca4485c73031259f6c40a5e213287acc9b09478dca68c6e258270e" score = 75 @@ -82222,8 +82779,8 @@ rule ELASTIC_Windows_Generic_Threat_9A8Dc290 : FILE MEMORY date = "2024-01-21" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L1971-L1989" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L1971-L1989" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "d951562a841f3706005d7696052d45397e3b4296d4cd96bf187920175fbb1676" logic_hash = "0097a13187b953ebe97809dda2be818cfcd94991c03e75f344e34a3d2c4fe902" score = 75 @@ -82251,8 +82808,8 @@ rule ELASTIC_Windows_Generic_Threat_Bbf2A354 : FILE MEMORY date = "2024-01-22" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L1991-L2009" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L1991-L2009" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "b4e6c748ad88070e39b53a9373946e9e404623326f710814bed439e5ea61fc3e" logic_hash = "6be2fae41199daea6b9d0394c9af7713543333a50620ef417bb8439d5a07f336" score = 75 @@ -82280,8 +82837,8 @@ rule ELASTIC_Windows_Generic_Threat_Da0F3Cbb : FILE MEMORY date = "2024-01-22" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L2011-L2029" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L2011-L2029" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "b2c456d0051ffe1ca7e9de1e944692b10ed466eabb38242ea88e663a23157c58" logic_hash = "262d0bbb69adde8c4c8645813b048f3aaa2dbcc83996606e7ca21c3edea2b5d8" score = 75 @@ -82309,8 +82866,8 @@ rule ELASTIC_Windows_Generic_Threat_7D555B55 : FILE MEMORY date = "2024-01-22" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L2031-L2049" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L2031-L2049" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "7efa5c8fd55a20fbc3a270cf2329d4a38f10ca372f3428bee4c42279fbe6f9c3" logic_hash = "dc3a3622abbc7d0a02d8d9ed4446d0a72a603ecfd6594ecfa615e5418a9c9970" score = 75 @@ -82338,8 +82895,8 @@ rule ELASTIC_Windows_Generic_Threat_0A38C7D0 : FILE MEMORY date = "2024-01-22" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L2051-L2069" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L2051-L2069" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "69ea7d2ea3ed6826ddcefb3c1daa63d8ab53dc6e66c59cf5c2506a8af1c62ef4" logic_hash = "e3fde76825772683c57f830759168fc9a3b3f3387f091828fd971e9ebba06d8a" score = 75 @@ -82367,8 +82924,8 @@ rule ELASTIC_Windows_Generic_Threat_98527D90 : FILE MEMORY date = "2024-01-24" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L2071-L2089" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L2071-L2089" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "fa24e7c6777e89928afa2a0afb2fab4db854ed3887056b5a76aef42ae38c3c82" logic_hash = "5a93f0a372f3a51233c6b2334539017df922f35a0d5f7d1749e0dd79268cb836" score = 75 @@ -82396,8 +82953,8 @@ rule ELASTIC_Windows_Generic_Threat_Baba80Fb : FILE MEMORY date = "2024-01-24" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L2091-L2109" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L2091-L2109" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "dd22cb2318d66fa30702368a7f06e445fba4b69daf9c45f8e83562d2c170a073" logic_hash = "ba0da35bc00b776ae9b427e3a4b312b1b75bdc9b972fb52f26a5df6737f1ddc9" score = 75 @@ -82425,8 +82982,8 @@ rule ELASTIC_Windows_Generic_Threat_9F4A80B2 : FILE MEMORY date = "2024-01-24" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L2111-L2129" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L2111-L2129" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "47d57d00e2de43f33cd56ff653adb59b804e4dbe37304a5fa6a202ee20b50c24" logic_hash = "1df3b8245bc0e995443d598feb5fe2605e05df64b863d4f47c17ecbe8d28c3ea" score = 75 @@ -82454,8 +83011,8 @@ rule ELASTIC_Windows_Generic_Threat_39E1Eb4C : FILE MEMORY date = "2024-01-24" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L2131-L2149" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L2131-L2149" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "a733258bf04ffa058db95c8c908a79650400ebd92600b96dd28ceecac311f94a" logic_hash = "d7791ae7513bc5645bcfa93a2d7bf9f7ef47a6727ea2ba5eb85f3c8528761429" score = 75 @@ -82483,8 +83040,8 @@ rule ELASTIC_Windows_Generic_Threat_D51Dd31B : FILE MEMORY date = "2024-01-24" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L2151-L2170" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L2151-L2170" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "2a61c0305d82b6b4180c3d817c28286ab8ee56de44e171522bd07a60a1d8492d" logic_hash = "85fc7aa81489b304c348ead2d7042bb5518ff4579b1d3e837290032c4b144e47" score = 75 @@ -82513,8 +83070,8 @@ rule ELASTIC_Windows_Generic_Threat_3A321F0A : FILE MEMORY date = "2024-01-29" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L2172-L2190" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L2172-L2190" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "91056e8c53dc1e97c7feafab31f0943f150d89a0b0026bcfb3664d2e93ccfe2b" logic_hash = "83834dd7d4df5de4b6a032f1896f52c1ebdf16ca8ad9766e8872243f1a6da67e" score = 75 @@ -82542,8 +83099,8 @@ rule ELASTIC_Windows_Generic_Threat_A82F45A8 : FILE MEMORY date = "2024-01-29" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L2192-L2210" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L2192-L2210" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "ad07428104d3aa7abec2fd86562eaa8600d3e4b0f8d78ba1446f340d10008b53" logic_hash = "70ebab6b03af38ef8c81664cf49ab07066a9672666599d99c91291a9d2e3af0b" score = 75 @@ -82571,8 +83128,8 @@ rule ELASTIC_Windows_Generic_Threat_D6625Ad7 : FILE MEMORY date = "2024-01-29" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L2212-L2230" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L2212-L2230" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "878c9745320593573597d62c8f3adb3bef0b554cd51b18216f6d9f5d1a32a931" logic_hash = "e90aff7c35f60cc3446f9eeb2131edb7125bfa04eb8f90c5671d06e9ff269755" score = 75 @@ -82600,8 +83157,8 @@ rule ELASTIC_Windows_Generic_Threat_61Bbb571 : FILE MEMORY date = "2024-01-29" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L2232-L2250" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L2232-L2250" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "41e2a6cecb1735e8f09b1ba5dccff3c08afe395b6214396e545347927d1815a8" logic_hash = "6b1ec666f3689638b9db9f041b0a89660b27c32590b747c5da3f4a02f01c7112" score = 75 @@ -82629,8 +83186,8 @@ rule ELASTIC_Windows_Generic_Threat_4A605E93 : FILE MEMORY date = "2024-01-29" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L2252-L2270" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L2252-L2270" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "1a84e25505a54e8e308714b53123396df74df1bde223bb306c0dc6220c1f0bbb" logic_hash = "6ad7afa5bd03916917e2bbf4d736331f4319b20bfde296d7e62315584813699f" score = 75 @@ -82658,8 +83215,8 @@ rule ELASTIC_Windows_Generic_Threat_B509Dfc8 : FILE MEMORY date = "2024-01-29" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L2272-L2290" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L2272-L2290" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "9b5124e5e1be30d3f2ad1020bbdb93e2ceeada4c4d36f71b2abbd728bd5292b8" logic_hash = "90b00caf612f56a898b24c28ae6febda3fd11f382ab1deba522bdd2e2ba254b4" score = 75 @@ -82687,8 +83244,8 @@ rule ELASTIC_Windows_Generic_Threat_7A49053E : FILE MEMORY date = "2024-01-29" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L2292-L2312" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L2292-L2312" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "29fb2b18cfd72a2966640ff59e67c89f93f83fc17afad2dfcacf9f53e9ea3446" logic_hash = "6db95f20a2bcdfd7cb37cb33dae6351dd19f51a8c3cae54b1bb034af17378094" score = 75 @@ -82718,8 +83275,8 @@ rule ELASTIC_Windows_Generic_Threat_Fca7F863 : FILE MEMORY date = "2024-01-29" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L2314-L2332" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L2314-L2332" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "9d0e786dd8f1dc05eae910c6bcf15b5d05b4b6b0543618ca0c2ff3c4bb657af3" logic_hash = "ad45fe6e8257d012824b36aaee1beccb82c1b78031de86c1f1dd26d5be88aa6f" score = 75 @@ -82747,8 +83304,8 @@ rule ELASTIC_Windows_Generic_Threat_Cafbd6A3 : FILE MEMORY date = "2024-01-29" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L2334-L2353" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L2334-L2353" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "97081a51aa016d0e6c9ecadc09ff858bf43364265a006db9d7cc133f8429bc46" logic_hash = "28813fc8a49b6ec3fe7675409fde923f0f30851429a526c142e0a228b4e0efa6" score = 75 @@ -82777,8 +83334,8 @@ rule ELASTIC_Windows_Generic_Threat_D8F834A9 : FILE MEMORY date = "2024-01-29" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L2355-L2373" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L2355-L2373" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "c118c2064a5839ebd57a67a7be731fffe89669a8f17c1fe678432d4ff85e7929" logic_hash = "9fa1a65f3290867e4c59f14242f7261741e792b8be48c053ac320a315f2c1beb" score = 75 @@ -82806,8 +83363,8 @@ rule ELASTIC_Windows_Generic_Threat_De3F91C6 : FILE MEMORY date = "2024-01-31" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L2375-L2393" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L2375-L2393" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "e2cd4a8ccbf4a3a93c1387c66d94e9506b5981357004929ce5a41fcedfffb20f" logic_hash = "032ac2adb11782d823f50bfedf4e4decb731dbe7d3abbb3b05ccff598ba7edb8" score = 75 @@ -82835,8 +83392,8 @@ rule ELASTIC_Windows_Generic_Threat_F0516E98 : FILE MEMORY date = "2024-01-31" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L2395-L2414" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L2395-L2414" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "21d01bd53f43aa54f22786d7776c7bc90320ec6f7a6501b168790be46ff69632" logic_hash = "28f5b1a05d90745f432aee6bb9da3855d70b18d556153059794c5e53bbd5117c" score = 75 @@ -82865,8 +83422,8 @@ rule ELASTIC_Windows_Generic_Threat_3C4D9Cbe : FILE MEMORY date = "2024-01-31" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L2416-L2434" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L2416-L2434" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "21d01bd53f43aa54f22786d7776c7bc90320ec6f7a6501b168790be46ff69632" logic_hash = "b32f9a3b86c60d4d69c59250ac59e93aee70ede890b059b13be999adbe043d2c" score = 75 @@ -82894,8 +83451,8 @@ rule ELASTIC_Windows_Generic_Threat_Deb82E8C : FILE MEMORY date = "2024-01-31" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L2436-L2455" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L2436-L2455" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "0f5791588a9898a3db29326785d31b52b524c3097370f6aa28564473d353cd38" logic_hash = "c24baecab39c72f6bb30713022297cb9fb41ef5339a353702f3f780a630d5b27" score = 75 @@ -82924,8 +83481,8 @@ rule ELASTIC_Windows_Generic_Threat_278C589E : FILE MEMORY date = "2024-01-31" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L2457-L2475" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L2457-L2475" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "cccc6c1bf15a7d5725981de950475e272c277bc3b9d266c5debf0fc698770355" logic_hash = "59bbbecd73541750f7221b12895ccf51e1a6863ceca62e23f541df904ad23587" score = 75 @@ -82953,8 +83510,8 @@ rule ELASTIC_Windows_Generic_Threat_6B621667 : FILE MEMORY date = "2024-01-31" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L2477-L2495" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L2477-L2495" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "b50b39e460ecd7633a42f0856359088de20512c932fc35af6531ff48c9fa638a" logic_hash = "3574b7ef24c4387a9919ed9831af7657047b26d8922ab78788619bbd3d0edd56" score = 75 @@ -82982,8 +83539,8 @@ rule ELASTIC_Windows_Generic_Threat_C374Cd85 : FILE MEMORY date = "2024-01-31" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Generic_Threat.yar#L2497-L2515" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Generic_Threat.yar#L2497-L2515" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "1c677585a8b724332849c411ffe2563b2b753fd6699c210f0720352f52a6ab72" logic_hash = "8e183f780400f3bf9840798d53b431a4bf28bc43e07d69a3d614217e02f5dd79" score = 75 @@ -83011,8 +83568,8 @@ rule ELASTIC_Linux_Exploit_CVE_2021_3156_F3Fb10Cd : FILE CVE_2021_3156 date = "2021-09-15" modified = "2021-09-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_CVE_2021_3156.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_CVE_2021_3156.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "65fb8baa5ec3bfb4473e4b2f565b461dd59989d43c72b1c5ec2e1a68baa8b51a" logic_hash = "cc80e0b2355877cd9ceecae19d4dcebb641d90a24c0751bf706134b31bf26750" score = 75 @@ -83041,8 +83598,8 @@ rule ELASTIC_Linux_Exploit_CVE_2021_3156_7F5672D0 : FILE CVE_2021_3156 date = "2021-09-15" modified = "2021-09-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_CVE_2021_3156.yar#L22-L45" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_CVE_2021_3156.yar#L22-L45" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "1a4517d2582ac97b88ae568c23e75beba93daf8518bd3971985d6a798049fd61" logic_hash = "e25907f11a2f292441a96e19834ad89636593a3f8998ec0010e43830f5aa0c64" score = 75 @@ -83075,8 +83632,8 @@ rule ELASTIC_Windows_Trojan_Tofsee_26124Fe4 : FILE MEMORY date = "2022-03-31" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Tofsee.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Tofsee.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494" logic_hash = "e765953dec7c7b2a1fbebf92c2fff46453c8258722ad5ca92ba4c7526a8b0c66" score = 75 @@ -83096,6 +83653,50 @@ rule ELASTIC_Windows_Trojan_Tofsee_26124Fe4 : FILE MEMORY condition: any of them } +rule ELASTIC_Windows_Trojan_Metastealer_F94E2464 : FILE MEMORY +{ + meta: + description = "Detects Windows Trojan Metastealer (Windows.Trojan.MetaStealer)" + author = "Elastic Security" + id = "f94e2464-b41a-46fd-89c1-335aa8c14425" + date = "2024-03-27" + modified = "2024-05-08" + reference = "https://github.com/elastic/protections-artifacts/" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_MetaStealer.yar#L1-L34" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" + hash = "14ca15c0751207103c38f1a2f8fdc73e5dd3d58772f6e5641e54e0c790ecd132" + logic_hash = "bf374bda2ca7c7bcec1ff092bbc9c3fd95c33faa78a6ea105a7b12b8e80a2e23" + score = 75 + quality = 75 + tags = "FILE, MEMORY" + fingerprint = "fb35feaf8e2d0994d022da1c8e872dc8b05b04e25ab6fed2ed1997267edfccd9" + severity = 100 + arch_context = "x86" + scan_context = "file, memory" + license = "Elastic License v2" + os = "windows" + + strings: + $string1 = "AvailableLanguages" fullword + $string2 = "GetGraphicCards" fullword + $string3 = "GetVs" fullword + $string4 = "GetSerialNumber" fullword + $string5 = "net.tcp://" wide + $string6 = "AntivirusProduct|AntiSpyWareProduct|FirewallProduct" wide + $string7 = "wallet.dat" wide + $string8 = "[A-Za-z\\d]{24}\\.[\\w-]{6}\\.[\\w-]{27}" wide + $string9 = "Software\\Valve\\Steam" wide + $string10 = "{0}\\FileZilla\\recentservers.xml" wide + $string11 = "{0}\\FileZilla\\sitemanager.xml" wide + $string12 = "([a-zA-Z0-9]{1000,1500})" wide + $string13 = "\\qemu-ga.exe" wide + $string14 = "metaData" wide + $string15 = "%DSK_23%" wide + $string16 = "CollectMemory" fullword + + condition: + all of them +} rule ELASTIC_Linux_Generic_Threat_A658B75F : FILE MEMORY { meta: @@ -83105,8 +83706,8 @@ rule ELASTIC_Linux_Generic_Threat_A658B75F : FILE MEMORY date = "2024-01-17" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Generic_Threat.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Generic_Threat.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "df430ab9f5084a3e62a6c97c6c6279f2461618f038832305057c51b441c648d9" logic_hash = "1ef7267438b8d15ed770f0784a7d428cbc2680144b0ef179337875d5b4038d08" score = 75 @@ -83135,8 +83736,8 @@ rule ELASTIC_Linux_Generic_Threat_Ea5Ade9A : FILE MEMORY date = "2024-01-17" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Generic_Threat.yar#L22-L40" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Generic_Threat.yar#L22-L40" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "d75189d883b739d9fe558637b1fab7f41e414937a8bae7a9d58347c223a1fcaa" logic_hash = "12a9b5e54d6d528ecb559b6e2ea3aa72effa7f0efbf2c33581a4efedc292e4c1" score = 75 @@ -83164,8 +83765,8 @@ rule ELASTIC_Linux_Generic_Threat_80Aea077 : FILE MEMORY date = "2024-01-17" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Generic_Threat.yar#L42-L60" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Generic_Threat.yar#L42-L60" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "002827c41bc93772cd2832bc08dfc413302b1a29008adbb6822343861b9818f0" logic_hash = "cab860ad5f0c49555adb845504acb4dbeabb94dbc287202be35020e055e6f27b" score = 75 @@ -83193,8 +83794,8 @@ rule ELASTIC_Linux_Generic_Threat_2E214A04 : FILE MEMORY date = "2024-01-17" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Generic_Threat.yar#L62-L81" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Generic_Threat.yar#L62-L81" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "cad65816cc1a83c131fad63a545a4bd0bdaa45ea8cf039cbc6191e3c9f19dead" logic_hash = "0d29aa6214b0a05f9af10cdc080ffa33452156e13c057f31997630cebcda294a" score = 75 @@ -83223,8 +83824,8 @@ rule ELASTIC_Linux_Generic_Threat_0B770605 : FILE MEMORY date = "2024-01-17" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Generic_Threat.yar#L83-L102" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Generic_Threat.yar#L83-L102" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "99418cbe1496d5cd4177a341e6121411bc1fab600d192a3c9772e8e6cd3c4e88" logic_hash = "d4aae755870765a119ee7ae648d4388e0786e8ab6f7f196d81c6356be7d0ddfb" score = 75 @@ -83253,8 +83854,8 @@ rule ELASTIC_Linux_Generic_Threat_92064B27 : FILE MEMORY date = "2024-01-17" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Generic_Threat.yar#L104-L122" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Generic_Threat.yar#L104-L122" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "8e5cfcda52656a98105a48783b9362bad22f61bcb6a12a27207a08de826432d9" logic_hash = "adb9ed7280065f77440bd1e106bc800ebe6251119151cd54b76dc2917b013f65" score = 75 @@ -83282,8 +83883,8 @@ rule ELASTIC_Linux_Generic_Threat_De6Be095 : FILE MEMORY date = "2024-01-17" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Generic_Threat.yar#L124-L143" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Generic_Threat.yar#L124-L143" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "2431239d6e60ca24a5440e6c92da62b723a7e35c805f04db6b80f96c8cf9fee6" logic_hash = "cbd7578830169703b047adb1785b05d226f2507a65c203ee344d8e2b3a24f6c9" score = 75 @@ -83312,8 +83913,8 @@ rule ELASTIC_Linux_Generic_Threat_898D9308 : FILE MEMORY date = "2024-01-18" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Generic_Threat.yar#L145-L164" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Generic_Threat.yar#L145-L164" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "ce89863a16787a6f39c25fd15ee48c4d196223668a264217f5d1cea31f8dc8ef" logic_hash = "8b5deedf18d660d0b76dc987843ff5cc01432536a04ab4925e9b08269fd847e4" score = 75 @@ -83342,8 +83943,8 @@ rule ELASTIC_Linux_Generic_Threat_23D54A0E : FILE MEMORY date = "2024-01-18" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Generic_Threat.yar#L166-L185" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Generic_Threat.yar#L166-L185" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "a2b54f789a1c4cbed13e0e2a5ab61e0ce5bb42d44fe52ad4b7dd3da610045257" logic_hash = "7e52eaf9c49bd6cbdb89b0c525b448864e1ea55d00bc052898613174fe5956cc" score = 75 @@ -83372,8 +83973,8 @@ rule ELASTIC_Linux_Generic_Threat_D7802B0A : FILE MEMORY date = "2024-01-18" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Generic_Threat.yar#L187-L205" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Generic_Threat.yar#L187-L205" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "a2b54f789a1c4cbed13e0e2a5ab61e0ce5bb42d44fe52ad4b7dd3da610045257" logic_hash = "3e1452204fef11d63870af5f143ae73f4b8e5a4db83a53851444fbf8a0ea6a26" score = 75 @@ -83401,8 +84002,8 @@ rule ELASTIC_Linux_Generic_Threat_08E4Ee8C : FILE MEMORY date = "2024-01-18" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Generic_Threat.yar#L207-L225" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Generic_Threat.yar#L207-L225" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "35eeba173fb481ac30c40c1659ccc129eae2d4d922e27cf071047698e8d95aea" logic_hash = "a927415afbab32adee49a583fc35bc3d44764f87bbbb3497b38af6feb92cd9a8" score = 75 @@ -83430,8 +84031,8 @@ rule ELASTIC_Linux_Generic_Threat_D60E5924 : FILE MEMORY date = "2024-01-18" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Generic_Threat.yar#L227-L246" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Generic_Threat.yar#L227-L246" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "fdcc2366033541053a7c2994e1789f049e9e6579226478e2b420ebe8a7cebcd3" logic_hash = "012111e4a38c1f901dcd830cc26ef8dcfbde7986fcc8b8eebddb8d8b7a0cec6a" score = 75 @@ -83460,8 +84061,8 @@ rule ELASTIC_Linux_Generic_Threat_6Bed4416 : FILE MEMORY date = "2024-01-18" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Generic_Threat.yar#L248-L266" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Generic_Threat.yar#L248-L266" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "a2b54f789a1c4cbed13e0e2a5ab61e0ce5bb42d44fe52ad4b7dd3da610045257" logic_hash = "c098e27a12d5d10af67d1b78572bc7daeb500504527428366e1d9a4e55e0f4d7" score = 75 @@ -83489,8 +84090,8 @@ rule ELASTIC_Linux_Generic_Threat_Fc5B5B86 : FILE MEMORY date = "2024-01-18" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Generic_Threat.yar#L268-L286" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Generic_Threat.yar#L268-L286" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "134b063d9b5faed11c6db6848f800b63748ca81aeca46caa0a7c447d07a9cd9b" logic_hash = "a11ed323df7283188cf99ca89abbd18673fef88660df1150d4dc72de04a836a8" score = 75 @@ -83518,8 +84119,8 @@ rule ELASTIC_Linux_Generic_Threat_2C8D824C : FILE MEMORY date = "2024-01-18" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Generic_Threat.yar#L288-L306" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Generic_Threat.yar#L288-L306" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "9106bdd27e67d6eebfaec5b1482069285949de10afb28a538804ce64add88890" logic_hash = "c8fc90ec5e93ff39443f513e83f34140819a30b737da2a412ba97a7b221ca9dc" score = 75 @@ -83547,8 +84148,8 @@ rule ELASTIC_Linux_Generic_Threat_936B24D5 : FILE MEMORY date = "2024-01-18" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Generic_Threat.yar#L308-L326" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Generic_Threat.yar#L308-L326" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "fb8eb0c876148a4199cc873b84fd9c1c6abc1341e02d118f72ffb0dae37592a4" logic_hash = "972bbc4950c49ff7bc880b1d24b586072eb8541584b97a00ac501fac133a3157" score = 75 @@ -83576,8 +84177,8 @@ rule ELASTIC_Linux_Generic_Threat_98Bbca63 : FILE MEMORY date = "2024-01-22" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Generic_Threat.yar#L328-L347" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Generic_Threat.yar#L328-L347" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "1d4d3d8e089dcca348bb4a5115ee2991575c70584dce674da13b738dd0d6ff98" logic_hash = "1728d47b3f364cff02ae61ccf381ecab0c1fe46a5c76d832731fdf7acc1caf55" score = 75 @@ -83606,8 +84207,8 @@ rule ELASTIC_Linux_Generic_Threat_9Aaf894F : FILE MEMORY date = "2024-01-22" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Generic_Threat.yar#L349-L367" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Generic_Threat.yar#L349-L367" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "467ac05956eec6c74217112721b3008186b2802af2cafed6d2038c79621bcb08" logic_hash = "b28d6a8c23aba4371e2e5f48861d2bcc8bdfa7212738eda7b1b4a3059d159cf2" score = 75 @@ -83635,8 +84236,8 @@ rule ELASTIC_Linux_Generic_Threat_Ba3A047D : FILE MEMORY date = "2024-01-22" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Generic_Threat.yar#L369-L388" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Generic_Threat.yar#L369-L388" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "3064e89f3585f7f5b69852f1502e34a8423edf5b7da89b93fb8bd0bef0a28b8b" logic_hash = "ffcfb90c0c796b7b343adbd2142193759ececddd0700c0bb4e2898947464b1a2" score = 75 @@ -83665,8 +84266,8 @@ rule ELASTIC_Linux_Generic_Threat_902Cfdc5 : FILE MEMORY date = "2024-01-23" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Generic_Threat.yar#L390-L408" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Generic_Threat.yar#L390-L408" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "3fa5057e1be1cfeb73f6ebcdf84e00c37e9e09f1bec347d5424dd730a2124fa8" logic_hash = "0f86914cb598262744660e65048f75d071307ae47d069971bfcd049a7d4b36e5" score = 75 @@ -83694,8 +84295,8 @@ rule ELASTIC_Linux_Generic_Threat_094C1238 : FILE MEMORY date = "2024-01-23" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Generic_Threat.yar#L410-L428" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Generic_Threat.yar#L410-L428" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "2bfe7d51d59901af345ef06dafd8f0e950dcf8461922999670182bfc7082befd" logic_hash = "fb82e16bf153c88377cc8655557bc1f021af6e04e1160129ce9555e078d00a0d" score = 75 @@ -83723,8 +84324,8 @@ rule ELASTIC_Linux_Generic_Threat_A8Faf785 : FILE MEMORY date = "2024-01-23" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Generic_Threat.yar#L430-L448" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Generic_Threat.yar#L430-L448" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "6028562baf0a7dd27329c8926585007ba3e0648da25088204ebab2ac8f723e70" logic_hash = "3ab5d9ba39be2553173f6eb4d2a1ca22bfb9f1bd537fed247f273eba1eabd782" score = 75 @@ -83752,8 +84353,8 @@ rule ELASTIC_Linux_Generic_Threat_04E8E4A5 : FILE MEMORY date = "2024-01-23" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Generic_Threat.yar#L450-L468" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Generic_Threat.yar#L450-L468" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "248f010f18962c8d1cc4587e6c8b683a120a1e838d091284ba141566a8a01b92" logic_hash = "9b04725bf0a75340c011028b201ed08eb9de305a5b4630cc79156c0a847cdc9e" score = 75 @@ -83781,8 +84382,8 @@ rule ELASTIC_Linux_Generic_Threat_47B147Ec : FILE MEMORY date = "2024-02-01" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Generic_Threat.yar#L470-L488" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Generic_Threat.yar#L470-L488" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "cc7734a10998a4878b8f0c362971243ea051ce6c1689444ba6e71aea297fb70d" logic_hash = "84c68f2ed76d644122daf81d41d4eb0be9aa8b1c82993464d3138ae30992110f" score = 75 @@ -83810,8 +84411,8 @@ rule ELASTIC_Linux_Generic_Threat_887671E9 : FILE MEMORY date = "2024-02-01" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Generic_Threat.yar#L490-L508" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Generic_Threat.yar#L490-L508" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "701c7c75ed6a7aaf59f5a1f04192a1f7d49d73c1bd36453aed703ad5560606dc" logic_hash = "eefe9391a9ce716dbe16f11b8ccea89d032fdad42fcabd84ffe584409c550847" score = 75 @@ -83839,8 +84440,8 @@ rule ELASTIC_Linux_Generic_Threat_9Cf10F10 : FILE MEMORY date = "2024-02-01" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Generic_Threat.yar#L510-L528" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Generic_Threat.yar#L510-L528" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "d07c9be37dc37f43a54c8249fe887dbc4058708f238ff3d95ed21f874cbb84e8" logic_hash = "ca4ae64b73fb7013008e8049d17479032d904a3faf5ad0f2ad079971a231a3b8" score = 75 @@ -83868,8 +84469,8 @@ rule ELASTIC_Linux_Generic_Threat_75813Ab2 : FILE MEMORY date = "2024-02-01" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Generic_Threat.yar#L530-L549" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Generic_Threat.yar#L530-L549" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "5819eb73254fd2a698eb71bd738cf3df7beb65e8fb5e866151e8135865e3fd9a" logic_hash = "06e5daed278273137e416ef3ee6ac8496b144a9c3ce213ec92881ba61d7db6cb" score = 75 @@ -83898,8 +84499,8 @@ rule ELASTIC_Linux_Generic_Threat_11041685 : FILE MEMORY date = "2024-02-01" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Generic_Threat.yar#L551-L570" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Generic_Threat.yar#L551-L570" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "296440107afb1c8c03e5efaf862f2e8cc6b5d2cf979f2c73ccac859d4b78865a" logic_hash = "19f4109e73981424527ece8c375274f97fd3042427b7875071451a8081a9aae7" score = 75 @@ -83928,8 +84529,8 @@ rule ELASTIC_Linux_Generic_Threat_0D22F19C : FILE MEMORY date = "2024-02-01" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Generic_Threat.yar#L572-L591" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Generic_Threat.yar#L572-L591" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "da5a204af600e73184455d44aa6e01d82be8b480aa787b28a1df88bb281eb4db" logic_hash = "ee43796b0717717cb012385d5bb3aece433c11780f1a293d280c39411f9fed98" score = 75 @@ -83958,8 +84559,8 @@ rule ELASTIC_Linux_Generic_Threat_4A46B0E1 : FILE MEMORY date = "2024-02-01" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Generic_Threat.yar#L593-L612" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Generic_Threat.yar#L593-L612" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "3ba47ba830ab8deebd9bb906ea45c7df1f7a281277b44d43c588c55c11eba34a" logic_hash = "e3f6804f502fad8c893fb4c3c27506b6ef17d7e0d0a01399c6d185bad92e895a" score = 75 @@ -83988,8 +84589,8 @@ rule ELASTIC_Linux_Generic_Threat_0A02156C : FILE MEMORY date = "2024-02-01" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Generic_Threat.yar#L614-L633" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Generic_Threat.yar#L614-L633" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "f23d4b1fd10e3cdd5499a12f426e72cdf0a098617e6b178401441f249836371e" logic_hash = "3ceea812f0252ec703a92482ce7a3ef0aa65bad149df2aa0107e07a45490b8f1" score = 75 @@ -84018,8 +84619,8 @@ rule ELASTIC_Linux_Exploit_Wuftpd_0991E62F : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_Wuftpd.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_Wuftpd.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "c0b6303300f38013840abe17abe192db6a99ace78c83bc7ef705f5c568bc98fd" logic_hash = "71ad26a182c7f16e7e0ad7f7afe0dcf1d38fe953dc0806341d7e21ee4acea87d" score = 75 @@ -84047,8 +84648,8 @@ rule ELASTIC_Windows_Trojan_Garble_Eae7F2F7 : FILE MEMORY date = "2022-06-08" modified = "2022-09-29" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Garble.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Garble.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "4820a1ec99981e03675a86c4c01acba6838f04945b5f753770b3de4e253e1b8c" logic_hash = "5d88579b0f0f71b8b4310c141fb243f39696e158227da0a1e0140b030b783c65" score = 75 @@ -84076,8 +84677,8 @@ rule ELASTIC_Linux_Cryptominer_Ursu_3C05F8Ab : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Ursu.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Ursu.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "d72361010184f5a48386860918052dbb8726d40e860ea0287994936702577956" logic_hash = "8261e4ee40131cd7df61914cd7bdf154e8a2b5fa3abd9d301436f9371253f510" score = 75 @@ -84105,8 +84706,8 @@ rule ELASTIC_Windows_Trojan_Shadowpad_Be71209D : FILE MEMORY date = "2023-01-31" modified = "2023-02-01" reference = "https://www.elastic.co/security-labs/update-to-the-REF2924-intrusion-set-and-related-campaigns" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_ShadowPad.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_ShadowPad.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "452b08d6d2aa673fb6ccc4af6cebdcb12b5df8722f4d70d1c3491479e7b39c05" logic_hash = "24e035bbcd5d44877e6e582a995d0035ad26c53e832c34b0c8a3836cb1a11637" score = 75 @@ -84135,8 +84736,8 @@ rule ELASTIC_Windows_Trojan_Shadowpad_0D899241 : MEMORY date = "2023-01-31" modified = "2023-02-01" reference = "https://www.elastic.co/security-labs/update-to-the-REF2924-intrusion-set-and-related-campaigns" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_ShadowPad.yar#L23-L48" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_ShadowPad.yar#L23-L48" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "cb3a425565b854f7b892e6ebfb3734c92418c83cd590fc1ee9506bcf4d8e02ea" logic_hash = "57385e149c6419aed2dcd3ecbbe26d8598918395a6480dd5cdb799ce7328901a" score = 75 @@ -84170,8 +84771,8 @@ rule ELASTIC_Windows_Ransomware_Ransomexx_Fabff49C : FILE MEMORY date = "2021-08-07" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Ransomexx.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Ransomexx.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "480af18104198ad3db1518501ee58f9c4aecd19dbbf2c5dd7694d1d87e9aeac7" logic_hash = "67d5123b706685ea5ab939aec31cb1549297778d91dd38b14e109945c52da71a" score = 75 @@ -84202,8 +84803,8 @@ rule ELASTIC_Linux_Trojan_Swrort_5Ad1A4F9 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Swrort.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Swrort.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "fa5695c355a6dc1f368a4b36a45e8f18958dacdbe0eac80c618fbec976bac8fe" logic_hash = "3a1fa978e0c8ab0dd4e7965a3f91306d6123c19f21b86d3f8088979bf58c3a07" score = 75 @@ -84231,8 +84832,8 @@ rule ELASTIC_Linux_Trojan_Swrort_4Cb5B116 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Swrort.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Swrort.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "703c16d4fcc6f815f540d50d8408ea00b4cf8060cc5f6f3ba21be047e32758e0" logic_hash = "9404856fc3290f3a8f9bf891fde9a614fc4484719eb3b51ce7ab601a41e0c3a5" score = 75 @@ -84260,8 +84861,8 @@ rule ELASTIC_Linux_Trojan_Swrort_22C2D6B6 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Swrort.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Swrort.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "6df073767f48dd79f98e60aa1079f3ab0b89e4f13eedc1af3c2c073e5e235bbc" logic_hash = "f661544d267a55feec786ab3d4fc4f002afa8e2b58833461f56b745ec65acfd4" score = 75 @@ -84289,8 +84890,8 @@ rule ELASTIC_Linux_Virus_Rst_1214E2Ae : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Virus_Rst.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Virus_Rst.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "b0e4f44d2456960bb6b20cb468c4ca1390338b83774b7af783c3d03e49eebe44" logic_hash = "82de4a97f414d591daba2d5d49b941ec4c51d6a6af36f97f062eaac5c74ebe30" score = 75 @@ -84318,8 +84919,8 @@ rule ELASTIC_Windows_Trojan_Redlinestealer_17Ee6A17 : FILE MEMORY date = "2021-06-12" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_RedLineStealer.yar#L1-L27" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_RedLineStealer.yar#L1-L27" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "497bc53c1c75003fe4ae3199b0ff656c085f21dffa71d00d7a3a33abce1a3382" logic_hash = "0c868d0673c01e2c115d6822c34c877db77265251167f3a890a448a1de5c6a2d" score = 75 @@ -84355,8 +84956,8 @@ rule ELASTIC_Windows_Trojan_Redlinestealer_F54632Eb : FILE MEMORY date = "2021-06-12" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_RedLineStealer.yar#L29-L56" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_RedLineStealer.yar#L29-L56" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25" logic_hash = "1779919556ee5c9a78342aabafb8408e035cb39632b25c54da6bf195894901dc" score = 75 @@ -84393,8 +84994,8 @@ rule ELASTIC_Windows_Trojan_Redlinestealer_3D9371Fd : FILE MEMORY date = "2022-02-17" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_RedLineStealer.yar#L58-L82" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_RedLineStealer.yar#L58-L82" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "0ec522dfd9307772bf8b600a8b91fd6facd0bf4090c2b386afd20e955b25206a" logic_hash = "1c8a64ce7615f502602ab960638dd55f4deaeea3b49d894274d64d4d0b6a1d10" score = 75 @@ -84428,8 +85029,8 @@ rule ELASTIC_Windows_Trojan_Redlinestealer_63E7E006 : FILE MEMORY date = "2023-05-01" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_RedLineStealer.yar#L84-L104" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_RedLineStealer.yar#L84-L104" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "e062c99dc9f3fa780ea9c6249fa4ef96bbe17fd1df38dbe11c664a10a92deece" logic_hash = "2085eaf622b52372124e9b23d19e3e4a7fdb7a4559ad9a09216c1cbae96ca5b6" score = 75 @@ -84459,8 +85060,8 @@ rule ELASTIC_Windows_Trojan_Redlinestealer_F07B3Cb4 : FILE MEMORY date = "2023-05-03" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_RedLineStealer.yar#L106-L125" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_RedLineStealer.yar#L106-L125" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "5e491625475fc25c465fc7f6db98def189c15a133af7d0ac1ecbc8d887c4feb6" logic_hash = "64536e3b340254554154ac1b33adfb4f3c72a2c6c0d1ef27827621b905d431c5" score = 75 @@ -84489,8 +85090,8 @@ rule ELASTIC_Windows_Trojan_Redlinestealer_4Df4Bcb6 : FILE MEMORY date = "2023-05-04" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_RedLineStealer.yar#L127-L145" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_RedLineStealer.yar#L127-L145" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "9389475bd26c1d3fd04a083557f2797d0ee89dfdd1f7de67775fcd19e61dfbb3" logic_hash = "d9027fa9c8d9c938159a734431bb2be67fd7cca1f898c2208f7b909157524da4" score = 75 @@ -84518,8 +85119,8 @@ rule ELASTIC_Windows_Trojan_Redlinestealer_15Ee6903 : FILE MEMORY date = "2023-05-04" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_RedLineStealer.yar#L147-L166" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_RedLineStealer.yar#L147-L166" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "46b506cafb2460ca2969f69bcb0ee0af63b6d65e6b2a6249ef7faa21bde1a6bd" logic_hash = "22c8a1f4b5b94261cfabdbcc00e45b9437a0132d4e9d4543b734d4f303336696" score = 75 @@ -84548,8 +85149,8 @@ rule ELASTIC_Windows_Trojan_Redlinestealer_6Dfafd7B : FILE MEMORY date = "2024-01-05" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_RedLineStealer.yar#L168-L186" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_RedLineStealer.yar#L168-L186" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "809e303ba26b894f006b8f2d3983ff697aef13b67c36957d98c56aae9afd8852" logic_hash = "888bc2fdfae8673cd6bce56fc9894b3cab6d7e3c384d854d6bc8aef47fdecf1c" score = 75 @@ -84568,6 +85169,37 @@ rule ELASTIC_Windows_Trojan_Redlinestealer_6Dfafd7B : FILE MEMORY condition: all of them } +rule ELASTIC_Windows_Trojan_Redlinestealer_983Cd7A7 : FILE MEMORY +{ + meta: + description = "Detects Windows Trojan Redlinestealer (Windows.Trojan.RedLineStealer)" + author = "Elastic Security" + id = "983cd7a7-4e7b-413f-b859-b5cbfbf14ae6" + date = "2024-03-27" + modified = "2024-05-08" + reference = "https://github.com/elastic/protections-artifacts/" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_RedLineStealer.yar#L188-L208" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" + hash = "7aa20c57b8815dd63c8ae951e1819c75b5d2deec5aae0597feec878272772f35" + logic_hash = "2104bad5ec42bc72ec611607a53086a85359bdb4bf084d7377e9a8e234b0e928" + score = 75 + quality = 75 + tags = "FILE, MEMORY" + fingerprint = "6dd74c3b67501506ee43340c07b53ddb94e919d27ad96f55eb4eff3de1470699" + severity = 100 + arch_context = "x86" + scan_context = "file, memory" + license = "Elastic License v2" + os = "windows" + + strings: + $decrypt_config_bytes = { 72 ?? ?? ?? 70 80 ?? ?? ?? 04 72 ?? ?? ?? 70 80 ?? ?? ?? 04 72 ?? ?? ?? 70 80 ?? ?? ?? 04 72 ?? ?? ?? 70 80 ?? ?? ?? 04 [0-6] 2A } + $str1 = "net.tcp://" wide + $str2 = "\\Discord\\Local Storage\\leveldb" wide + + condition: + all of them +} rule ELASTIC_Macos_Trojan_Rustbucket_E64F7A92 : FILE MEMORY { meta: @@ -84577,8 +85209,8 @@ rule ELASTIC_Macos_Trojan_Rustbucket_E64F7A92 : FILE MEMORY date = "2023-06-26" modified = "2023-06-29" reference = "https://www.elastic.co/security-labs/DPRK-strikes-using-a-new-variant-of-rustbucket" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/MacOS_Trojan_RustBucket.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/MacOS_Trojan_RustBucket.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "9ca914b1cfa8c0ba021b9e00bda71f36cad132f27cf16bda6d937badee66c747" logic_hash = "bd6005d72faba6aaeebdcbd8c771995cbfc667faf01eb93825afe985954a47fc" score = 75 @@ -84608,8 +85240,8 @@ rule ELASTIC_Windows_Vulndriver_Dbutil_Ffe07C79 : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_VulnDriver_DBUtil.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_VulnDriver_DBUtil.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "87e38e7aeaaaa96efe1a74f59fca8371de93544b7af22862eb0e574cec49c7c3" logic_hash = "18b1c93c395b105f446b4c968441e0a43e42b1bd7efcf6501a89eb92cbd21824" score = 75 @@ -84637,8 +85269,8 @@ rule ELASTIC_Windows_Vulndriver_Dbutil_852Ba283 : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_VulnDriver_DBUtil.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_VulnDriver_DBUtil.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "0296e2ce999e67c76352613a718e11516fe1b0efc3ffdb8918fc999dd76a73a5" logic_hash = "78acd081c2517f9c53cb311481c0cc40cc3699b222afc290da1a3698e7bf75b7" score = 75 @@ -84666,8 +85298,8 @@ rule ELASTIC_Linux_Hacktool_Earthworm_4De7B584 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Hacktool_Earthworm.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Hacktool_Earthworm.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "9d61aabcf935121b4f7fc6b0d082d7d6c31cb43bf253a8603dd46435e66b7955" logic_hash = "019b2504df192e673f96a86464bb5e8ba5e89190e51bfe7d702753f76c00b979" score = 75 @@ -84695,8 +85327,8 @@ rule ELASTIC_Linux_Hacktool_Earthworm_E3Da43E2 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Hacktool_Earthworm.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Hacktool_Earthworm.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "da0cffc4222d11825778fe4fa985fef2945caa0cc3b4de26af0a06509ebafb21" logic_hash = "b129b7060b6af4ff2aae2678a455b969579132891fba44e4fdc2481a5437bdf9" score = 60 @@ -84724,8 +85356,8 @@ rule ELASTIC_Linux_Hacktool_Earthworm_82D5C4Cf : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Hacktool_Earthworm.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Hacktool_Earthworm.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "dc412d4f2b0e9ca92063a47adfb0657507d3f2a54a415619db5a7ccb59afb204" logic_hash = "81f35293bd3dd0cfbbf67f036773e16625bb74e06320fa1fff5bc428ef2f3a43" score = 60 @@ -84753,8 +85385,8 @@ rule ELASTIC_Linux_Hacktool_Earthworm_4Ec2Ec63 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Hacktool_Earthworm.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Hacktool_Earthworm.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "dc412d4f2b0e9ca92063a47adfb0657507d3f2a54a415619db5a7ccb59afb204" logic_hash = "25f616c5440a48aef0f824cb6859e88787db4f42c1ec904a3d3bd72f3a64116e" score = 75 @@ -84782,8 +85414,8 @@ rule ELASTIC_Windows_Ransomware_Maui_266Dea64 : FILE MEMORY date = "2022-07-08" modified = "2022-07-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Maui.yar#L1-L29" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Maui.yar#L1-L29" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "5b7ecf7e9d0715f1122baf4ce745c5fcd769dee48150616753fec4d6da16e99e" logic_hash = "2094920615b6297adb222003d25a8d0934a89f24869e7e70644a4956021c7afc" score = 75 @@ -84821,8 +85453,8 @@ rule ELASTIC_Windows_Trojan_Darkgate_Fa1F1338 : FILE MEMORY date = "2023-12-14" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_DarkGate.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_DarkGate.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "1fce9ee9254dd0641387cc3b6ea5f6a60f4753132c20ca03ce4eed2aa1042876" logic_hash = "d5447a57fc57af52c263b84522346a3e94a464a698de8be77eab3b56156164f2" score = 75 @@ -84852,8 +85484,8 @@ rule ELASTIC_Windows_Trojan_Darkgate_07Ef6F14 : FILE MEMORY date = "2023-12-14" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_DarkGate.yar#L23-L42" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_DarkGate.yar#L23-L42" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "1fce9ee9254dd0641387cc3b6ea5f6a60f4753132c20ca03ce4eed2aa1042876" logic_hash = "2820286b362b107fc7fc3ec8f1a004a7d7926a84318f2943f58239f1f7e8f1f0" score = 75 @@ -84882,8 +85514,8 @@ rule ELASTIC_Windows_Hacktool_Capcom_7Abae448 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Hacktool_Capcom.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Hacktool_Capcom.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "da6ca1fb539f825ca0f012ed6976baf57ef9c70143b7a1e88b4650bf7a925e24" logic_hash = "88f25c479cc8970e05ef9d08143afbbbfa17322f34379ba571e3a09105b33ee0" score = 75 @@ -84912,8 +85544,8 @@ rule ELASTIC_Windows_Wiper_Doublezero_65Ec0C50 : FILE MEMORY date = "2022-03-22" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Wiper_DoubleZero.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Wiper_DoubleZero.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "3b2e708eaa4744c76a633391cf2c983f4a098b46436525619e5ea44e105355fe" logic_hash = "bce33817d99f71b9d087ea079ef8db08b496315b72cf9d1cf6f0b107a604e52c" score = 75 @@ -84945,8 +85577,8 @@ rule ELASTIC_Windows_Trojan_Diceloader_B32C6B99 : FILE MEMORY date = "2021-04-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Diceloader.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Diceloader.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "a3b3f56a61c6dc8ba2aa25bdd9bd7dc2c5a4602c2670431c5cbc59a76e2b4c54" logic_hash = "f9e023f340edc4c46b2926e750c2ad3a3798e34415e43c0ea2d83073e3dc526a" score = 75 @@ -84980,8 +85612,8 @@ rule ELASTIC_Windows_Trojan_Diceloader_15Eeb7B9 : FILE MEMORY date = "2021-04-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Diceloader.yar#L27-L46" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Diceloader.yar#L27-L46" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "a1202df600d11ad2c61050e7ba33701c22c2771b676f54edd1846ef418bea746" logic_hash = "f1ab9ad69f9ea75343c7404b82a3f7a4976a442b980a98fe5b95c55d4f9cb34e" score = 75 @@ -85010,8 +85642,8 @@ rule ELASTIC_Linux_Hacktool_Portscan_A40C7Ef0 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Hacktool_Portscan.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Hacktool_Portscan.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "c389c42bac5d4261dbca50c848f22c701df4c9a2c5877dc01e2eaa81300bdc29" logic_hash = "6118ea86d628450e79ee658f4b95bae40080764a25240698d8ca7fcb7e6adaaf" score = 75 @@ -85039,8 +85671,8 @@ rule ELASTIC_Linux_Hacktool_Portscan_6C6000C2 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Hacktool_Portscan.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Hacktool_Portscan.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "8877009fc8ee27ba3b35a7680b80d21c84ee7296bcabe1de51aeeafcc8978da7" logic_hash = "0cae81cbc0fdf48b4e7ac09865f05e2ad93d79b7a6f1af76a632727127ab050f" score = 75 @@ -85068,8 +85700,8 @@ rule ELASTIC_Linux_Hacktool_Portscan_E191222D : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Hacktool_Portscan.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Hacktool_Portscan.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "e2f4313538c3ef23adbfc50f37451c318bfd1ffd0e5aaa346cce4cc37417f812" logic_hash = "6ffb2add4a76214ffd555cf1fe356371acd3638216094097b355670ecfe02ecd" score = 75 @@ -85097,8 +85729,8 @@ rule ELASTIC_Linux_Hacktool_Portscan_E57B0A0C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Hacktool_Portscan.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Hacktool_Portscan.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "f8ee385316b60ee551565876287c06d76ac5765f005ca584d1ca6da13a6eb619" logic_hash = "b2f67805e9381864591fdf61846284da97f8dd2f5c60484ce9c6e76d2f6f3872" score = 75 @@ -85126,8 +85758,8 @@ rule ELASTIC_Windows_Vulndriver_Iobitunlocker_Defb90Fd : FILE date = "2023-07-25" modified = "2023-07-25" reference = "https://theevilbit.github.io/posts/iobit_unlocker_lpe/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_VulnDriver_IoBitUnlocker.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_VulnDriver_IoBitUnlocker.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "0aff83f28d70f425539fee3d6a780210d0406264f8a4eb124e32b074e8ffd556" hash = "5ce1a8eac73ef1d0741f34d9fb2661da322117a63bffe60ccad092da89664c42" logic_hash = "4b0f440c66b7c9a193f0d6675c2a4246036ebc5c0c83856f45ec40a041e9cd07" @@ -85160,8 +85792,8 @@ rule ELASTIC_Macos_Trojan_Generic_A829D361 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/MacOS_Trojan_Generic.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/MacOS_Trojan_Generic.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "5b2a1cd801ae68a890b40dbd1601cdfeb5085574637ae8658417d0975be8acb5" logic_hash = "70a954e8b44b1ce46f5ce0ebcf43b46e1292f0b8cdb46aa67f980d3c9b0a6f61" score = 75 @@ -85189,8 +85821,8 @@ rule ELASTIC_Windows_Trojan_Rudebird_3Cbf7Bc6 : FILE MEMORY date = "2023-05-09" modified = "2023-06-13" reference = "https://www.elastic.co/security-labs/introducing-the-ref5961-intrusion-set" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_RudeBird.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_RudeBird.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "2095c3b6bde779b5661c7796b5e33bb0c43facf791b272a603b786f889a06a95" score = 75 quality = 75 @@ -85217,8 +85849,8 @@ rule ELASTIC_Linux_Exploit_Enoket_79B52A4C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_Enoket.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_Enoket.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "3ae8f7e7df62316400d0c5fe0139d7a48c9f184e92706b552aad3d827d3dbbbf" logic_hash = "204082a3be602b3f6aebb013a46e6f9c98b5dad2476350afa60c1954b13598fe" score = 75 @@ -85246,8 +85878,8 @@ rule ELASTIC_Linux_Exploit_Enoket_5969A348 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_Enoket.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_Enoket.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "4b4d7ca9e1ffa2c46cb097d4a014c59b1a9feb93b3adcb5936ef6a1dfef9b0ae" logic_hash = "e47af0fba86c9152d17911b984070a8419b98da8916538ebb1065a5348da6e31" score = 75 @@ -85275,8 +85907,8 @@ rule ELASTIC_Linux_Exploit_Enoket_80Fac3E9 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_Enoket.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_Enoket.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "3355ad81c566914a7d7734b40c46ded0cfa53aa22c6e834d42e185bf8bbe6128" logic_hash = "19cb7f02ca80095293c4a09f7ea616c31364af1e4189a9211aaba54aaa2db14e" score = 75 @@ -85304,8 +85936,8 @@ rule ELASTIC_Linux_Exploit_Enoket_7Da5F86A : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_Enoket.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_Enoket.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "406b003978d79d453d3e2c21b991b113bf2fc53ffbf3a1724c5b97a4903ef550" logic_hash = "df5769a87230f5e563849302f32673b5f5de2595e12de72c27921d45edc58928" score = 75 @@ -85333,8 +85965,8 @@ rule ELASTIC_Linux_Exploit_Enoket_C77C0D6D : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_Enoket.yar#L81-L99" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_Enoket.yar#L81-L99" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "3ae8f7e7df62316400d0c5fe0139d7a48c9f184e92706b552aad3d827d3dbbbf" logic_hash = "504d61715bd5dba7f777fcb2d62eb53d8d54dad2dcf93f2fc2d7dcd359c4b994" score = 75 @@ -85362,8 +85994,8 @@ rule ELASTIC_Linux_Exploit_Enoket_Fbf508E1 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_Enoket.yar#L101-L119" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_Enoket.yar#L101-L119" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "d1fa8520d3c3811d29c3d5702e7e0e7296b3faef0553835c495223a2bc015214" logic_hash = "21b1d69677c3fddb210dcf5947e8321abccd5a1ebbde8438a83fee5d4b29443d" score = 75 @@ -85391,8 +86023,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_01365E46 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Trickbot.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Trickbot.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "5c450d4be39caef1d9ec943f5dfeb6517047175fec166a52970c08cd1558e172" logic_hash = "4d61de2cb37e12f62326c1717f6ed44554f5d2aa7ede6033d0c988e5e64df54d" score = 75 @@ -85420,8 +86052,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_06Fd4Ac4 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Trickbot.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Trickbot.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "bde387f1e22d1399fb99f6d41732a37635d8e90f29626f2995914a073a7cac89" score = 75 quality = 75 @@ -85449,8 +86081,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_Ce4305D1 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Trickbot.yar#L41-L58" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Trickbot.yar#L41-L58" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "c547114475383e5d84f6b8cb72585ddd5778ae3afa491deddeef8a5ec56be1b5" score = 75 quality = 75 @@ -85477,8 +86109,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_1E56Fad7 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Trickbot.yar#L60-L77" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Trickbot.yar#L60-L77" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "815b37804f79fb4607e6b84294882d818233c3df13aececb3d341244900a2e44" score = 75 quality = 75 @@ -85505,8 +86137,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_93C9A2A4 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Trickbot.yar#L79-L96" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Trickbot.yar#L79-L96" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "dadeeba6147b118b80e014ab067eac7a2c3c2990958a6c7016562d8b64fef53c" score = 75 quality = 75 @@ -85533,8 +86165,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_5340Afa3 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Trickbot.yar#L98-L115" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Trickbot.yar#L98-L115" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "8b9d3c978f0c4a04ee5b3446b990172206b17496036bc1cc04180ea7e9b99734" score = 75 quality = 75 @@ -85561,8 +86193,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_E7932501 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Trickbot.yar#L117-L134" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Trickbot.yar#L117-L134" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "f82704a408a0cf1def2a5926dc4c02fa56afea1422c88ba41af50d44c60edb07" score = 75 quality = 75 @@ -85589,8 +86221,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_Cd0868D5 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Trickbot.yar#L136-L153" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Trickbot.yar#L136-L153" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "053a99e5e722fd2aa1cae96266cc344954f9c3a12d0851fa9d5e95a6420651f4" score = 75 quality = 75 @@ -85617,8 +86249,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_515504E2 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Trickbot.yar#L155-L172" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Trickbot.yar#L155-L172" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "5410068e09de4a1283f98f6364ddf243373e228ba060b00699db6323f1167684" score = 75 quality = 75 @@ -85645,8 +86277,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_A0Fc8F35 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Trickbot.yar#L174-L191" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Trickbot.yar#L174-L191" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "7ab2b45ddfc1d7fa409a6ea3dfd8d4940e1bdf3fc0cb6c7e8d49c60e7bda5b1b" score = 75 quality = 75 @@ -85673,8 +86305,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_Cb95Dc06 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Trickbot.yar#L193-L210" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Trickbot.yar#L193-L210" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "563b2311d37ace2d09601a70325352db3fcbf135e7ce518965f5410081b5d626" score = 75 quality = 75 @@ -85701,8 +86333,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_9D4D3Fa4 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Trickbot.yar#L212-L229" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Trickbot.yar#L212-L229" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "7c3c9917a95248fd990b6947a0304ded473bf1bcceec8f4498a7955e879d348b" score = 75 quality = 75 @@ -85729,8 +86361,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_34F00046 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Trickbot.yar#L231-L248" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Trickbot.yar#L231-L248" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "f9d646645d6726e3aac5cc3eaea9edf1c89c7e743aff7cfa73998a72f3446711" score = 75 quality = 75 @@ -85757,8 +86389,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_F2A18B09 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Trickbot.yar#L250-L267" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Trickbot.yar#L250-L267" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "c4c4b0b1df1e8fde87284fb27d46e917c47b479a675fec60faeca6185511907d" score = 75 quality = 75 @@ -85785,8 +86417,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_D916Ae65 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Trickbot.yar#L269-L286" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Trickbot.yar#L269-L286" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "e0aafe498cd9f0e8addfef78027943a754ca797aafae0cb40f1c6425de501339" score = 75 quality = 75 @@ -85813,8 +86445,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_52722678 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Trickbot.yar#L288-L305" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Trickbot.yar#L288-L305" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "6340171fdde68b32de480f1f410aa4c491a8fffa7c1f699bf5fa72a12ecb77b8" score = 75 quality = 75 @@ -85841,8 +86473,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_28A60148 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Trickbot.yar#L307-L324" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Trickbot.yar#L307-L324" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "20a26ed3f0da3a77867597494bf0069a2093ec19b1c5e179c0e7934c1b69d4b9" score = 75 quality = 75 @@ -85869,8 +86501,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_997B25A0 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Trickbot.yar#L326-L343" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Trickbot.yar#L326-L343" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "ca688086c4628c64c32a99083d620bcb5373e3100d154331451a3e9f86081aca" score = 75 quality = 75 @@ -85897,8 +86529,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_B17B33A1 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Trickbot.yar#L345-L362" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Trickbot.yar#L345-L362" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "7fa69674d1e985bafe310597f23ae80113136768141f0a1931baf88b2509e6ef" score = 75 quality = 75 @@ -85925,8 +86557,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_23D77Ae5 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Trickbot.yar#L364-L396" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Trickbot.yar#L364-L396" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "844974a2d3266e1f9ba275520c0e8a5d176df69a0ccd5135b99facf798a5d209" logic_hash = "e5f5cf854ebd0e25fffbd6796217f22223a06937e1cacb33baa105ac41731256" score = 75 @@ -85968,8 +86600,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_5574Be7D : FILE MEMORY date = "2021-03-29" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Trickbot.yar#L398-L432" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Trickbot.yar#L398-L432" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "8c5c0d27153f60ef8aec57def2f88e3d5f9a7385b5e8b8177bab55fa7fac7b18" logic_hash = "ed0fc98c5d628ce38b923e1410eaf7a4a65ecffea42bed35314e30c99a52219b" score = 75 @@ -86013,8 +86645,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_1473F0B4 : FILE MEMORY date = "2021-03-29" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Trickbot.yar#L434-L459" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Trickbot.yar#L434-L459" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "9cfb441eb5c60ab1c90b58d4878543ee554ada2cceee98d6b867e73490d30fec" logic_hash = "dc13625e58c029c60b8670f8e63cd7786bf3e9705c462f3cbbf5b39e7c02f9a1" score = 75 @@ -86049,8 +86681,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_Dcf25Dde : FILE MEMORY date = "2021-03-29" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Trickbot.yar#L461-L502" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Trickbot.yar#L461-L502" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "ba2a255671d33677cab8d93531eb25c0b1f1ac3e3085b95365a017463662d787" logic_hash = "64d15d92faf0919a8fa1ce6772750cde47eaa24b09cf4243393777334bad9712" score = 75 @@ -86101,8 +86733,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_46Dc12Dd : FILE MEMORY date = "2021-03-29" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Trickbot.yar#L504-L528" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Trickbot.yar#L504-L528" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "bf38a787aee5afdcab00b95ccdf036bc7f91f07151b4444b54165bb70d649ce5" logic_hash = "e01209a83f4743cbad7dda01595c053277868bd47208e48214b557ae339b5b3c" score = 50 @@ -86136,8 +86768,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_78A26074 : FILE MEMORY date = "2021-03-29" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Trickbot.yar#L530-L564" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Trickbot.yar#L530-L564" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "8cd75fa8650ebcf0a6200283e474a081cc0be57307e54909ee15f4d04621dde0" logic_hash = "3837c22f7f9d55f03cb0bc1336798f0e2a91549c187b9f5136491cbafd26ce6e" score = 75 @@ -86181,8 +86813,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_217B9C97 : FILE MEMORY date = "2021-03-29" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Trickbot.yar#L566-L601" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Trickbot.yar#L566-L601" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "1e90a73793017720c9a020069ed1c87879174c19c3b619e5b78db8220a63e9b7" logic_hash = "9b2b8a8154d4aba06029fd35d896331449f7baa961f183fb0cb47e890610ff99" score = 75 @@ -86227,8 +86859,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_D2110921 : FILE MEMORY date = "2021-03-29" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Trickbot.yar#L603-L632" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Trickbot.yar#L603-L632" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "05ef40f7745db836de735ac73d6101406e1d9e58c6b5f5322254eb75b98d236a" logic_hash = "39ef17836f29c358f596e0047d582b5f1d1af523c8f6354ac8a783eda9969554" score = 75 @@ -86267,8 +86899,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_0114D469 : FILE MEMORY date = "2021-03-29" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Trickbot.yar#L634-L667" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Trickbot.yar#L634-L667" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "083cb35a7064aa5589efc544ac1ed1b04ec0f89f0e60383fcb1b02b63f4117e9" logic_hash = "6ca8e73f758d3fa956fe53cc83abb43806359f93df05c42a58e2f394a1a3c117" score = 75 @@ -86311,8 +86943,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_07239Dad : FILE MEMORY date = "2021-03-29" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Trickbot.yar#L669-L703" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Trickbot.yar#L669-L703" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "dbd534f2b5739f89e99782563062169289f23aa335639a9552173bedc98bb834" logic_hash = "231592d1a45798de6d22c922626ca28ef4019bae95d552a0f2822823d8dec384" score = 75 @@ -86356,8 +86988,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_Fd7A39Af : FILE MEMORY date = "2021-03-29" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Trickbot.yar#L705-L739" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Trickbot.yar#L705-L739" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "d5bb8d94b71d475b5eb9bb4235a428563f4104ea49f11ef02c8a08d2e859fd68" logic_hash = "15cb286504e6167c78e194488555f565965a03e7714fe16692a115df26985a01" score = 75 @@ -86401,8 +87033,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_2D89E9Cd : FILE MEMORY date = "2021-03-29" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Trickbot.yar#L741-L785" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Trickbot.yar#L741-L785" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "3963649ebfabe8f6277190be4300ecdb68d4b497ac5f81f38231d3e6c862a0a8" logic_hash = "c15833687c2aed55aae0bb5de83c088cb66edeb4ad1964543522f5477c1f1942" score = 75 @@ -86456,8 +87088,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_32930807 : FILE MEMORY date = "2021-03-30" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Trickbot.yar#L787-L808" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Trickbot.yar#L787-L808" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "e999b83629355ec7ff3b6fda465ef53ce6992c9327344fbf124f7eb37808389d" logic_hash = "e98503696bd72cab4d0d1633991bdb87c0537fd1e2d95507ccd474125328f318" score = 75 @@ -86488,8 +87120,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_618B27D2 : FILE MEMORY date = "2021-03-30" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Trickbot.yar#L810-L843" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Trickbot.yar#L810-L843" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "d3ec8f4a46b21fb189fc3d58f3d87bf9897653ecdf90b7952dcc71f3b4023b4e" logic_hash = "e66a9dd7efdbff8b9e30119d0e99187e3dfa4ca1c1bc1ade0f8f1003d10e2620" score = 75 @@ -86532,8 +87164,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_6Eb31E7B : FILE MEMORY date = "2021-03-30" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Trickbot.yar#L845-L872" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Trickbot.yar#L845-L872" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "3e3d82ea4764b117b71119e7c2eecf46b7c2126617eafccdfc6e96e13da973b1" logic_hash = "5b6902c8644c79bd183725f0e41bf2f7ae425bf0eb1dddea6fd1a38b77f176ba" score = 75 @@ -86570,8 +87202,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_91516Cf4 : FILE MEMORY date = "2021-03-30" modified = "2021-08-31" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Trickbot.yar#L874-L896" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Trickbot.yar#L874-L896" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "6cd0d4666553fd7184895502d48c960294307d57be722ebb2188b004fc1a8066" logic_hash = "6c0bdd6827bebb337c0012cdb6e931cd96ce2ad61f3764f288b96ff049b2d007" score = 75 @@ -86603,8 +87235,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_Be718Af9 : FILE MEMORY date = "2021-03-30" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Trickbot.yar#L898-L921" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Trickbot.yar#L898-L921" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "c1f1bc58456cff7413d7234e348d47a8acfdc9d019ae7a4aba1afc1b3ed55ffa" logic_hash = "d020f7d1637fc4ee3246e97c9acae0be1782e688154bd109f53f807211beebd7" score = 75 @@ -86637,8 +87269,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_F8Dac4Bc : FILE MEMORY date = "2021-03-30" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Trickbot.yar#L923-L954" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Trickbot.yar#L923-L954" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "13d102d546b9384f944f2a520ba32fb5606182bed45a8bba681e4374d7e5e322" logic_hash = "d4536aac0ee402abcb87826e45c892d6f39562bc1e39b72ae8880dc077f230d9" score = 75 @@ -86679,8 +87311,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_9C0Fa8Fe : FILE MEMORY date = "2021-07-13" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Trickbot.yar#L956-L974" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Trickbot.yar#L956-L974" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "f528c3ea7138df7c661d88fafe56d118b6ee1d639868212378232ca09dc9bfad" logic_hash = "23aebc3139c34ecd609db7920fa0d5e194173409e1862555e4c468dad6c46299" score = 75 @@ -86708,8 +87340,8 @@ rule ELASTIC_Windows_Trojan_Flawedgrace_8C5Eb04B : FILE MEMORY date = "2023-11-01" modified = "2023-11-02" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_FlawedGrace.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_FlawedGrace.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "966112f3143d751a95c000a990709572ac8b49b23c0e57b2691955d6fda1016e" logic_hash = "dc07197cb9a02ff8d271f78756c2784c74d09e530af20377a584dbfe77e973aa" score = 75 @@ -86741,8 +87373,8 @@ rule ELASTIC_Windows_Vulndriver_Echodrv_D17Ff31C : FILE date = "2023-10-31" modified = "2023-11-03" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_VulnDriver_EchoDrv.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_VulnDriver_EchoDrv.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "ea3c5569405ed02ec24298534a983bcb5de113c18bc3fd01a4dd0b5839cd17b9" logic_hash = "0b2eb3c5da8703749ee63662495d6e8738ccdc353f3ac3df48e25a77312c0da0" score = 75 @@ -86770,8 +87402,8 @@ rule ELASTIC_Linux_Webshell_Generic_E80Ff633 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Webshell_Generic.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Webshell_Generic.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "7640ba6f2417931ef901044152d5bfe1b266219d13b5983d92ddbdf644de5818" logic_hash = "d345e6ce3e51ed55064aafb1709e9bee7ef2ce87ec80165ac1b58eebd83cefee" score = 75 @@ -86799,8 +87431,8 @@ rule ELASTIC_Linux_Webshell_Generic_41A5Fa40 : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "18ac7fbc3d8d3bb8581139a20a7fee8ea5b7fcfea4a9373e3d22c71bae3c9de0" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Webshell_Generic.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Webshell_Generic.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "574148bc58626aac00add1989c65ad56315c7e2a8d27c7b96be404d831a7a576" score = 75 quality = 73 @@ -86827,8 +87459,8 @@ rule ELASTIC_Linux_Exploit_CVE_2021_4034_1C8F235D : FILE CVE_2021_4034 date = "2022-01-26" modified = "2022-07-22" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_CVE_2021_4034.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_CVE_2021_4034.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "94052c42aa41d0911e4b425dcfd6b829cec8f673bf1245af4050ef9c257f6c4b" logic_hash = "217df6687076a715712a053672d7b02567a3ee38ce9c0ccf80d23fcfde35592a" score = 75 @@ -86857,8 +87489,8 @@ rule ELASTIC_Windows_Ransomware_Crytox_29859242 : FILE MEMORY date = "2024-01-18" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Crytox.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Crytox.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "55a27cb6280f31c077987d338151b13e9dc0cc1c14d47a32e64de6d6c1a6a742" logic_hash = "47ca96e14b2b56bc6ef1ed22b42adac7aa557170632c2dc085fae3baf6198f40" score = 75 @@ -86886,8 +87518,8 @@ rule ELASTIC_Windows_Vulndriver_Llaccess_C57534E8 : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_VulnDriver_LLAccess.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_VulnDriver_LLAccess.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "000547560fea0dd4b477eb28bf781ea67bf83c748945ce8923f90fdd14eb7a4b" logic_hash = "8bf629fd2ce0b1f15c7aacd573659b649dcf968556232683b29d68b27d12e577" score = 75 @@ -86917,8 +87549,8 @@ rule ELASTIC_Windows_Trojan_Generic_A681F24A : FILE MEMORY date = "2021-06-10" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Generic.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Generic.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "a796f316b1ed7fa809d9ad5e9b25bd780db76001345ea83f5035a33618f927fa" logic_hash = "72bfefc8f92dbe65d197e02bf896315dcbc54d7b68d0434f43de026ccf934f40" score = 75 @@ -86948,8 +87580,8 @@ rule ELASTIC_Windows_Trojan_Generic_Ae824B13 : REF1296 FILE MEMORY date = "2022-02-03" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Generic.yar#L23-L43" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Generic.yar#L23-L43" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "cee46c1efdaa1815606f932a4f79b316e02c1b481e73c4c2f8b7c72023e8684c" score = 75 quality = 67 @@ -86979,8 +87611,8 @@ rule ELASTIC_Windows_Trojan_Generic_Eb47E754 : REF1296 FILE MEMORY date = "2022-02-03" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Generic.yar#L45-L65" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Generic.yar#L45-L65" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "1d96e813ed0261bd0d7caca2803ed8d5fe4d77ea00efc9130eef86aa872c4656" score = 75 quality = 67 @@ -87010,8 +87642,8 @@ rule ELASTIC_Windows_Trojan_Generic_C7Fd8D38 : FILE MEMORY date = "2022-02-17" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Generic.yar#L67-L89" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Generic.yar#L67-L89" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "a1702ec12c2bf4a52e11fbdab6156358084ad2c662c8b3691918ef7eabacde96" logic_hash = "81c56cd741692a7f2a894c2b8f2676aad47f14221228b9466a2ab0f05d76c623" score = 75 @@ -87043,8 +87675,8 @@ rule ELASTIC_Windows_Trojan_Generic_Bbe6C282 : FILE MEMORY date = "2022-03-02" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Generic.yar#L91-L109" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Generic.yar#L91-L109" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "a44c46d4b9cf1254aaabd1e689f84c4d2c3dd213597f827acabface03a1ae6d1" logic_hash = "fe874d69ae71775cf997845c90e731479569e2ac1ac882a4b8c3c73d015b1f30" score = 75 @@ -87072,8 +87704,8 @@ rule ELASTIC_Windows_Trojan_Generic_889B1248 : FILE MEMORY date = "2022-03-11" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Generic.yar#L111-L132" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Generic.yar#L111-L132" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "a48d57a139c7e3efa0c47f8699e2cf6159dc8cdd823b16ce36257eb8c9d14d53" logic_hash = "b3bb93b95377d6c6606d29671395b78c0954cc47d5cc450436799638d0458469" score = 75 @@ -87104,8 +87736,8 @@ rule ELASTIC_Windows_Trojan_Generic_02A87A20 : FILE MEMORY date = "2022-03-04" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Generic.yar#L134-L152" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Generic.yar#L134-L152" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "13037b749aa4b1eda538fda26d6ac41c8f7b1d02d83f47b0d187dd645154e033" logic_hash = "610db1b429ed2ecfc552f73ed4782cb56254e6fc98b728ffeff6938fbcce9616" score = 75 @@ -87133,8 +87765,8 @@ rule ELASTIC_Windows_Trojan_Generic_4Fbff084 : FILE MEMORY date = "2023-02-28" modified = "2023-04-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Generic.yar#L154-L175" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Generic.yar#L154-L175" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "7010a69ba77e65e70f4f3f4a10af804e6932c2218ff4abd5f81240026822b401" logic_hash = "47d1a01e0edee3239d99ff1f32eb4cfc77d6e38823fed799a562e142d3d3a22d" score = 75 @@ -87165,8 +87797,8 @@ rule ELASTIC_Windows_Trojan_Generic_73Ed7375 : FILE MEMORY date = "2023-05-09" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Generic.yar#L177-L196" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Generic.yar#L177-L196" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "2b17328a3ef0e389419c9c86f81db4118cf79640799e5c6fdc97de0fc65ad556" logic_hash = "7e27c9377d0b2058a2a36da4ac7d37a54c566f3246e69aa356171edae6b478c5" score = 75 @@ -87195,8 +87827,8 @@ rule ELASTIC_Windows_Trojan_Generic_96Cdf3C4 : FILE MEMORY date = "2023-05-09" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Generic.yar#L198-L217" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Generic.yar#L198-L217" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "9a4d68de36f1706a3083de7eb41f839d8c7a4b8b585cc767353df12866a48c81" logic_hash = "f92e5549aca320d71e1eec8daa82e8bbf3517c7f23f376bb355fdfa32da2e7a9" score = 75 @@ -87225,8 +87857,8 @@ rule ELASTIC_Windows_Trojan_Generic_F0C79978 : FILE MEMORY date = "2023-07-27" modified = "2023-09-20" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Generic.yar#L219-L238" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Generic.yar#L219-L238" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "8f800b35bfbc8474f64b76199b846fe56b24a3ffd8c7529b92ff98a450d3bd38" logic_hash = "b16971ed0947660dda8d79c11531a9498a80e00f2dbc2c0eb63895b7f5c5f980" score = 75 @@ -87255,8 +87887,8 @@ rule ELASTIC_Windows_Trojan_Generic_40899C85 : FILE MEMORY date = "2023-12-15" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Generic.yar#L240-L260" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Generic.yar#L240-L260" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "88eb4f2e7085947bfbd03c69573fdca0de4a74bab844f09ecfcf88e358af20cc" logic_hash = "317034add0343baa26548712de8b2acc04946385fbee048cea0bd8d7ae642b36" score = 75 @@ -87286,8 +87918,8 @@ rule ELASTIC_Windows_Trojan_Generic_9997489C : FILE MEMORY date = "2024-01-31" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Generic.yar#L262-L290" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Generic.yar#L262-L290" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "857bbf64ced06f76eb50afbfbb699c62e11625196213c2e5267b828cca911b74" score = 75 quality = 75 @@ -87325,8 +87957,8 @@ rule ELASTIC_Windows_Trojan_Generic_2993E5A5 : FILE MEMORY date = "2024-03-18" modified = "2024-03-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Generic.yar#L292-L310" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Generic.yar#L292-L310" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "9f9b926cef69e879462d9fa914dda8c60a01f3d409b55afb68c3fb94bf1a339b" logic_hash = "37a10597d1afeb9411f6c652537186628291cbe6af680abe12bb96591add7e78" score = 75 @@ -87354,8 +87986,8 @@ rule ELASTIC_Windows_Trojan_Generic_0E135D58 : FILE MEMORY date = "2024-03-19" modified = "2024-03-19" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Generic.yar#L312-L330" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Generic.yar#L312-L330" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c" logic_hash = "bc10218b1d761f72836bb5f9bb41d3f0fe13c4baa1109025269f938ec642aec4" score = 75 @@ -87383,8 +88015,8 @@ rule ELASTIC_Windows_Vulndriver_Elby_65B09743 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_VulnDriver_Elby.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_VulnDriver_Elby.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "eea53103e7a5a55dc1df79797395a2a3e96123ebd71cdd2db4b1be80e7b3f02b" logic_hash = "7c7438520b238daf38d4ac91cbdee48bbfa9c85bd76208a436ce59edcfcecb80" score = 75 @@ -87414,8 +88046,8 @@ rule ELASTIC_Windows_Trojan_Pony_D5516Fe8 : FILE MEMORY date = "2021-08-14" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Pony.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Pony.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "423e792fcd00265960877482e8148a0d49f0898f4bbc190894721fde22638567" logic_hash = "4a850d32fb28477e7e3fef2dda6ba327b800e2ebcae1a483970cde78f34a4ff7" score = 75 @@ -87449,8 +88081,8 @@ rule ELASTIC_Linux_Hacktool_Cleanlog_C2907D77 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Hacktool_Cleanlog.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Hacktool_Cleanlog.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "613ac236130ab1654f051d6f0661fa62414f3bef036ea4cc585b4b21a4bb9d2b" logic_hash = "39b72973bbcddf14604b8ea08339657cba317c23fd4d69d4aa0903b262397988" score = 75 @@ -87478,8 +88110,8 @@ rule ELASTIC_Linux_Hacktool_Cleanlog_3Eb725D1 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Hacktool_Cleanlog.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Hacktool_Cleanlog.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "4df4ebcc61ab2cdb8e5112eeb4e2f29e4e841048de43d7426b1ec11afe175bf6" logic_hash = "a9530aca53d935f3e77a5f0fc332db16e3a2832be67c067e5a6d18e7ec00e39f" score = 75 @@ -87507,8 +88139,8 @@ rule ELASTIC_Linux_Hacktool_Cleanlog_400B7595 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Hacktool_Cleanlog.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Hacktool_Cleanlog.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "4df4ebcc61ab2cdb8e5112eeb4e2f29e4e841048de43d7426b1ec11afe175bf6" logic_hash = "e36acf708875efda88143124e11fef5b0e2f99d17b0c49344db969cf0d454db1" score = 75 @@ -87536,8 +88168,8 @@ rule ELASTIC_Windows_Vulndriver_ATSZIO_E22Cc429 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_VulnDriver_ATSZIO.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_VulnDriver_ATSZIO.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "01e024cb14b34b6d525c642a710bfa14497ea20fd287c39ba404b10a8b143ece" logic_hash = "e3f057d5a5c47a1f3b4d50e2ad0ebb3a4ffe0efe513a0d375f827fadb3328d80" score = 75 @@ -87566,8 +88198,8 @@ rule ELASTIC_Windows_Trojan_Svcready_Af498D39 : FILE MEMORY date = "2022-06-12" modified = "2022-07-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_SVCReady.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_SVCReady.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "08e427c92010a8a282c894cf5a77a874e09c08e283a66f1905c131871cc4d273" logic_hash = "e3520103064cf82cd1747f8889667929d23466c9febfda7e4968a3679db97d71" score = 75 @@ -87599,8 +88231,8 @@ rule ELASTIC_Windows_Vulndriver_Speedfan_9B590Eee : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_VulnDriver_Speedfan.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_VulnDriver_Speedfan.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "22be050955347661685a4343c51f11c7811674e030386d2264cd12ecbf544b7c" logic_hash = "6f75c0e6b89dd1ceb85c73b7e51fd261ca2804e14a5f8ed6ce3352b3f1bcdfe4" score = 75 @@ -87629,8 +88261,8 @@ rule ELASTIC_Windows_Trojan_Suddenicon_99487621 : FILE MEMORY date = "2023-03-29" modified = "2023-03-30" reference = "https://www.elastic.co/security-labs/elastic-users-protected-from-suddenicon-supply-chain-attack" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_SuddenIcon.yar#L1-L26" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_SuddenIcon.yar#L1-L26" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "aa4e398b3bd8645016d8090ffc77d15f926a8e69258642191deb4e68688ff973" logic_hash = "9a441c47e8b95d8aaec6f495d6ddfec2ed6b0762637ea48e64c9ea01b0945019" score = 75 @@ -87664,8 +88296,8 @@ rule ELASTIC_Windows_Trojan_Suddenicon_8B07C275 : FILE MEMORY date = "2023-03-29" modified = "2023-03-30" reference = "https://www.elastic.co/security-labs/elastic-users-protected-from-suddenicon-supply-chain-attack" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_SuddenIcon.yar#L28-L48" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_SuddenIcon.yar#L28-L48" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "aa4e398b3bd8645016d8090ffc77d15f926a8e69258642191deb4e68688ff973" logic_hash = "64e8bd8929c9fb8cae16f772e3266b02b4ddec770ff8d5379a93a483eb8ff660" score = 75 @@ -87694,8 +88326,8 @@ rule ELASTIC_Windows_Trojan_Suddenicon_Ac021Ae0 : FILE MEMORY date = "2023-03-30" modified = "2023-03-30" reference = "https://www.elastic.co/security-labs/elastic-users-protected-from-suddenicon-supply-chain-attack" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_SuddenIcon.yar#L50-L76" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_SuddenIcon.yar#L50-L76" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "033eabdd8ce8ecc4e1a657161c1f298c7dfe536ee2dbf9375cfda894638a7bee" score = 75 quality = 75 @@ -87730,8 +88362,8 @@ rule ELASTIC_Linux_Trojan_Bpfdoor_59E029C3 : FILE MEMORY date = "2022-05-10" modified = "2022-05-10" reference = "https://www.elastic.co/security-labs/a-peek-behind-the-bpfdoor" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_BPFDoor.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_BPFDoor.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "144526d30ae747982079d5d340d1ff116a7963aba2e3ed589e7ebc297ba0c1b3" logic_hash = "64620a3404b331855d0b8018c1626c88cb28380785beac1a391613ae8dc1b1bf" score = 75 @@ -87763,8 +88395,8 @@ rule ELASTIC_Linux_Trojan_Bpfdoor_0F768F60 : FILE MEMORY date = "2022-05-10" modified = "2022-05-10" reference = "https://www.elastic.co/security-labs/a-peek-behind-the-bpfdoor" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_BPFDoor.yar#L26-L50" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_BPFDoor.yar#L26-L50" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "3a1b174f0c19c28f71e1babde01982c56d38d3672ea14d47c35ae3062e49b155" logic_hash = "1aaa74c2d8fbb230cbfc0e08fd6865b5f7e90e4abcdb97121e52afb7569b2dbc" score = 75 @@ -87797,8 +88429,8 @@ rule ELASTIC_Linux_Trojan_Bpfdoor_8453771B : FILE MEMORY date = "2022-05-10" modified = "2022-05-10" reference = "https://www.elastic.co/security-labs/a-peek-behind-the-bpfdoor" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_BPFDoor.yar#L52-L78" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_BPFDoor.yar#L52-L78" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "591198c234416c6ccbcea6967963ca2ca0f17050be7eed1602198308d9127c78" logic_hash = "546e5c56ceb6b99db14dc225a2ec4872cb54859a0f2f6ad520d4f446793e031e" score = 75 @@ -87833,8 +88465,8 @@ rule ELASTIC_Linux_Trojan_Bpfdoor_F690Fe3B : FILE MEMORY date = "2022-05-10" modified = "2022-05-10" reference = "https://www.elastic.co/security-labs/a-peek-behind-the-bpfdoor" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_BPFDoor.yar#L80-L99" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_BPFDoor.yar#L80-L99" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "591198c234416c6ccbcea6967963ca2ca0f17050be7eed1602198308d9127c78" logic_hash = "35c6be75348a30f415a1a4bb94ae7e3a2f49f54a0fb3ddc4bae1aa3e03c1a909" score = 75 @@ -87862,8 +88494,8 @@ rule ELASTIC_Linux_Trojan_Bpfdoor_1A7D804B : FILE MEMORY date = "2022-05-10" modified = "2022-05-10" reference = "https://www.elastic.co/security-labs/a-peek-behind-the-bpfdoor" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_BPFDoor.yar#L101-L127" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_BPFDoor.yar#L101-L127" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "76bf736b25d5c9aaf6a84edd4e615796fffc338a893b49c120c0b4941ce37925" logic_hash = "b0c4b168d92947e599e8c74d0ae6a91766c8a034c34e9c07e2472620c9b61037" score = 75 @@ -87898,8 +88530,8 @@ rule ELASTIC_Linux_Trojan_Bpfdoor_E14B0B79 : FILE MEMORY date = "2022-05-10" modified = "2022-05-10" reference = "https://www.elastic.co/security-labs/a-peek-behind-the-bpfdoor" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_BPFDoor.yar#L129-L152" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_BPFDoor.yar#L129-L152" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "dc8346bf443b7b453f062740d8ae8d8d7ce879672810f4296158f90359dcae3a" logic_hash = "7cdf111ae253bffef7243ad3722f1a79f81f45d80f938f9542af8e056f75d3fc" score = 75 @@ -87931,8 +88563,8 @@ rule ELASTIC_Linux_Trojan_Bpfdoor_F1Cd26Ad : FILE MEMORY date = "2023-05-11" modified = "2023-05-16" reference = "https://www.elastic.co/security-labs/a-peek-behind-the-bpfdoor" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_BPFDoor.yar#L154-L175" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_BPFDoor.yar#L154-L175" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "afa8a32ec29a31f152ba20a30eb483520fe50f2dce6c9aa9135d88f7c9c511d7" logic_hash = "ad3e130d5a1203c55b5c8d369c7d9989f66f76c9bd57e2314a30f4c931e4b98d" score = 75 @@ -87962,8 +88594,8 @@ rule ELASTIC_Windows_Trojan_Hawkeye_77C36Ace : FILE MEMORY date = "2021-08-16" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Hawkeye.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Hawkeye.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "28e28025060f1bafd4eb96c7477cab73497ca2144b52e664b254c616607d94cd" logic_hash = "e8c1060efde0c4a073247d03a19dedb1c0acc8506fbf6eac93ac44f00fc73be1" score = 75 @@ -87995,8 +88627,8 @@ rule ELASTIC_Windows_Trojan_Hawkeye_975D546C : FILE MEMORY date = "2023-03-23" modified = "2023-04-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Hawkeye.yar#L25-L48" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Hawkeye.yar#L25-L48" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "aca133bf1d72cf379101e6877871979d6e6e8bc4cc692a5ba815289735014340" logic_hash = "cbd8ce991059f961236a4bb83ea5a78efa661199b40fca8b09550856e932198b" score = 75 @@ -88029,8 +88661,8 @@ rule ELASTIC_Macos_Backdoor_Fakeflashlxk_06Fd8071 : FILE MEMORY date = "2021-11-11" modified = "2022-07-22" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/MacOS_Backdoor_Fakeflashlxk.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/MacOS_Backdoor_Fakeflashlxk.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "107f844f19e638866d8249e6f735daf650168a48a322d39e39d5e36cfc1c8659" logic_hash = "853d44465a472786bb48bbe1009e0ff925f79e4fd72f0eac537dd271c1ec3703" score = 75 @@ -88060,8 +88692,8 @@ rule ELASTIC_Windows_Trojan_Buerloader_C8A60F46 : FILE MEMORY date = "2021-08-16" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Buerloader.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Buerloader.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "3abed86f46c8be754239f8c878f035efaae91c33b8eb8818c5bbed98c4d9a3ac" logic_hash = "d11b117efc10547e77ce8979f8a1d42f34937101e58a0e36228baa37cd30d2aa" score = 75 @@ -88094,8 +88726,8 @@ rule ELASTIC_Windows_Trojan_Dbatloader_F93A8E90 : FILE MEMORY date = "2022-03-11" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_DBatLoader.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_DBatLoader.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "f72d7e445702bbf6b762ebb19d521452b9c76953d93b4d691e0e3e508790256e" logic_hash = "6fe91d91bb383c66a6dc623b02817411a39b88030142517f4048c5c25fbb4ac5" score = 75 @@ -88123,8 +88755,8 @@ rule ELASTIC_Macos_Trojan_Hloader_A3945Baf : FILE MEMORY date = "2023-10-23" modified = "2023-10-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/MacOS_Trojan_HLoader.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/MacOS_Trojan_HLoader.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "2360a69e5fd7217e977123c81d3dbb60bf4763a9dae6949bc1900234f7762df1" logic_hash = "0383485b6bbcdae210a6c949f6796023b2f7ec3f1edbd2116207fc2b75a67849" score = 75 @@ -88154,8 +88786,8 @@ rule ELASTIC_Windows_Wiper_Hermeticwiper_7206A969 : FILE MEMORY date = "2022-02-24" modified = "2022-02-24" reference = "https://www.elastic.co/security-labs/elastic-protects-against-data-wiper-malware-targeting-ukraine-hermeticwiper" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Wiper_HermeticWiper.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Wiper_HermeticWiper.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "1bc44eef75779e3ca1eefb8ff5a64807dbc942b1e4a2672d77b9f6928d292591" logic_hash = "84c61b8223a6ebf1ccfa4fdccee3c9091abca4553e55ac6c2492cff5503b4774" score = 75 @@ -88188,8 +88820,8 @@ rule ELASTIC_Linux_Trojan_Morpes_D2Ae1Edf : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Morpes.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Morpes.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "14c4c297388afe4be47be091146aea6c6230880e9ea43759ef29fc1471c4b86b" logic_hash = "27eb8b4d0f91477c2ac26a5e25bfc52903faf5501300ec40773d3fc6797c3218" score = 75 @@ -88217,8 +88849,8 @@ rule ELASTIC_Linux_Cryptominer_Bscope_348B7Fa0 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Bscope.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Bscope.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "a6fb80d77986e00a6b861585bd4e573a927e970fb0061bf5516f83400ad7c0db" logic_hash = "bc6a59dcc36676273c61fa71231fd8709884beebb7ab64b58f22551393b20c71" score = 75 @@ -88246,8 +88878,8 @@ rule ELASTIC_Windows_Hacktool_Winpeas_Ng_66197D54 : FILE MEMORY date = "2022-12-21" modified = "2023-02-01" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L1-L27" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L1-L27" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "f3e1e5b6fd2d548dfe0af8730b15eb7ef40e128a0777855f569b2a99d6101195" logic_hash = "7bccf37960e2f197bb0021ecb12872f0f715b674d9774d02ec4e396f18963029" score = 75 @@ -88283,8 +88915,8 @@ rule ELASTIC_Windows_Hacktool_Winpeas_Ng_E8Ed269C : FILE MEMORY date = "2022-12-21" modified = "2023-02-01" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L29-L57" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L29-L57" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "f3e1e5b6fd2d548dfe0af8730b15eb7ef40e128a0777855f569b2a99d6101195" logic_hash = "c56b6dfb2c3ae657615c825a4d5d5640c2204fa4217262e1ccb4359d5a914a63" score = 75 @@ -88322,8 +88954,8 @@ rule ELASTIC_Windows_Hacktool_Winpeas_Ng_413Caa6B : FILE MEMORY date = "2022-12-21" modified = "2023-02-01" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L59-L87" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L59-L87" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "f3e1e5b6fd2d548dfe0af8730b15eb7ef40e128a0777855f569b2a99d6101195" logic_hash = "4f2417d61be5e68630408a151cd73372aef9e7f4638acf4e80bfa5b2811119a7" score = 75 @@ -88361,8 +88993,8 @@ rule ELASTIC_Windows_Hacktool_Winpeas_Ng_23Fee092 : FILE MEMORY date = "2022-12-21" modified = "2023-02-01" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L89-L115" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L89-L115" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "f3e1e5b6fd2d548dfe0af8730b15eb7ef40e128a0777855f569b2a99d6101195" logic_hash = "ed019c9198b5d9ff8392bfd7e0b23a7b1383eabce4c71c665a3ca4a943c8b6ee" score = 75 @@ -88398,8 +89030,8 @@ rule ELASTIC_Windows_Hacktool_Winpeas_Ng_861D3264 : FILE MEMORY date = "2022-12-21" modified = "2023-02-01" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L117-L145" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L117-L145" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "f3e1e5b6fd2d548dfe0af8730b15eb7ef40e128a0777855f569b2a99d6101195" logic_hash = "e6a0a0a24c70d69c0aa56063d2db0f5a0fedcda5b96d945ac14520524b1d00fd" score = 75 @@ -88437,8 +89069,8 @@ rule ELASTIC_Windows_Hacktool_Winpeas_Ng_57587F8C : FILE MEMORY date = "2022-12-21" modified = "2023-02-01" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L147-L175" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L147-L175" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "f3e1e5b6fd2d548dfe0af8730b15eb7ef40e128a0777855f569b2a99d6101195" logic_hash = "175b8b6f9fca189f2fc41f1029ad512db2c8b0e52ea04bfbc3d410d355928ab9" score = 75 @@ -88476,8 +89108,8 @@ rule ELASTIC_Windows_Hacktool_Winpeas_Ng_Cae025B1 : FILE MEMORY date = "2022-12-21" modified = "2023-02-01" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L177-L203" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L177-L203" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "f3e1e5b6fd2d548dfe0af8730b15eb7ef40e128a0777855f569b2a99d6101195" logic_hash = "9c34443cffed43513242321e2170484dbb0d41b251aee8ea640d44da76918122" score = 75 @@ -88513,8 +89145,8 @@ rule ELASTIC_Windows_Hacktool_Winpeas_Ng_4A9B9603 : FILE MEMORY date = "2022-12-21" modified = "2023-02-01" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L205-L231" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L205-L231" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "f3e1e5b6fd2d548dfe0af8730b15eb7ef40e128a0777855f569b2a99d6101195" logic_hash = "8d78483b54d3be6988b1f5df826b8709b7aa2045ff3a3e754c359365d053bb27" score = 75 @@ -88550,8 +89182,8 @@ rule ELASTIC_Windows_Hacktool_Winpeas_Ng_4Db2C852 : FILE MEMORY date = "2022-12-21" modified = "2023-02-01" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L233-L261" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L233-L261" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "f3e1e5b6fd2d548dfe0af8730b15eb7ef40e128a0777855f569b2a99d6101195" logic_hash = "88c88103a055d25ba97f08e2f47881001ad8a2200a33ac04246494963dfe6638" score = 75 @@ -88589,8 +89221,8 @@ rule ELASTIC_Windows_Hacktool_Winpeas_Ng_Bcedc8B2 : FILE MEMORY date = "2022-12-21" modified = "2023-02-01" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L263-L291" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L263-L291" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "f3e1e5b6fd2d548dfe0af8730b15eb7ef40e128a0777855f569b2a99d6101195" logic_hash = "7f0a6a9168b5ff7cc02ccadd211cc8096307651be65c2b3e7cc9fdbbde08ab9f" score = 75 @@ -88628,8 +89260,8 @@ rule ELASTIC_Windows_Hacktool_Winpeas_Ng_B6Bb3E7C : FILE MEMORY date = "2022-12-21" modified = "2023-02-01" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L293-L321" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L293-L321" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "f3e1e5b6fd2d548dfe0af8730b15eb7ef40e128a0777855f569b2a99d6101195" logic_hash = "e2eaf91b9c5d3616fb2f6f6bc4b44841b1efa3b4efe7ac72afe225728523af75" score = 75 @@ -88667,8 +89299,8 @@ rule ELASTIC_Windows_Hacktool_Winpeas_Ng_94474B0B : FILE MEMORY date = "2022-12-21" modified = "2023-02-01" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L323-L351" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L323-L351" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "f3e1e5b6fd2d548dfe0af8730b15eb7ef40e128a0777855f569b2a99d6101195" logic_hash = "e209c9ce1f4b11c5fdeade3298329d62f5cf561403c87077d94b6921e81ffaea" score = 75 @@ -88706,8 +89338,8 @@ rule ELASTIC_Windows_Trojan_Beam_E41B243A : FILE MEMORY date = "2021-12-07" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Beam.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Beam.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "233a1f1dcbb679d31dab7744358b434cccabfc752baf53ba991388ced098f7c8" logic_hash = "295837743ecfa51e1713d19cba24ff8885c8716201caac058ae8b2bc9e008e6c" score = 75 @@ -88738,8 +89370,8 @@ rule ELASTIC_Windows_Trojan_Beam_5A951D13 : FILE MEMORY date = "2021-12-07" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Beam.yar#L24-L42" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Beam.yar#L24-L42" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "233a1f1dcbb679d31dab7744358b434cccabfc752baf53ba991388ced098f7c8" logic_hash = "3419b649717b69f07334bd966f438dd0b77f03572fe14f4b88ce95a2a86cae07" score = 75 @@ -88767,8 +89399,8 @@ rule ELASTIC_Windows_Vulndriver_Ryzen_7Df5A747 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_VulnDriver_Ryzen.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_VulnDriver_Ryzen.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "a13054f349b7baa8c8a3fcbd31789807a493cc52224bbff5e412eb2bd52a6433" logic_hash = "192b51f0bbd2cab4c1d3da6f82fbee7129a53abaa6e8769d3681821112017824" score = 75 @@ -88798,8 +89430,8 @@ rule ELASTIC_Windows_Vulndriver_Ryzen_9B01C718 : FILE date = "2023-01-22" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_VulnDriver_Ryzen.yar#L23-L43" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_VulnDriver_Ryzen.yar#L23-L43" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "bb82d8c29127955d58dff58978605a9daa718425c74c4bce5ae3e53712909148" logic_hash = "5734f6a249656f22a2a363b42ae77b5e6b7673bc96bad34b04b1be7f2b584b08" score = 75 @@ -88829,8 +89461,8 @@ rule ELASTIC_Windows_Hacktool_Physmem_Cc0978Df : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Hacktool_PhysMem.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Hacktool_PhysMem.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "c299063e3eae8ddc15839767e83b9808fd43418dc5a1af7e4f44b97ba53fbd3d" logic_hash = "e2fabf5889dbdc98dc6942be4fb0de4351d64a06bab945993b2a2c4afe89984e" score = 75 @@ -88859,8 +89491,8 @@ rule ELASTIC_Windows_Hacktool_Physmem_B3Fa382B : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Hacktool_PhysMem.yar#L22-L40" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Hacktool_PhysMem.yar#L22-L40" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "88df37ede18bea511f1782c1a6c4915690b29591cf2c1bf5f52201fbbb4fa2b9" logic_hash = "36a60b78de15a52721ad4830b37daffc33d7689e8b180fe148876da00562273a" score = 75 @@ -88888,8 +89520,8 @@ rule ELASTIC_Windows_Ransomware_Whispergate_C80F3B4B : FILE MEMORY date = "2022-01-17" modified = "2022-01-17" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_WhisperGate.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_WhisperGate.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "a196c6b8ffcb97ffb276d04f354696e2391311db3841ae16c8c9f56f36a38e92" logic_hash = "04452141a867d4f6fce618c21795cc142a1265b56c62ecb9e579003d36b4b2b9" score = 75 @@ -88918,8 +89550,8 @@ rule ELASTIC_Windows_Ransomware_Whispergate_3476008E : FILE MEMORY date = "2022-01-18" modified = "2022-01-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_WhisperGate.yar#L22-L43" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_WhisperGate.yar#L22-L43" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "9ef7dbd3da51332a78eff19146d21c82957821e464e8133e9594a07d716d892d" logic_hash = "729818df1b6b82fc00eba0fe1c9139ec4746e1775146ab7fdea9e25dec1cddea" score = 75 @@ -88950,8 +89582,8 @@ rule ELASTIC_Linux_Trojan_Dropperl_B97Baf37 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Dropperl.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Dropperl.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "aff94f915fc81d5a2649ebd7c21ec8a4c2fc0d622ec9b790b43cc49f7feb83da" logic_hash = "e58130c33242bc3020602c2c0254bed2bbc564c4a11806c6cfcd858fd724c362" score = 75 @@ -88979,8 +89611,8 @@ rule ELASTIC_Linux_Trojan_Dropperl_E2443Be5 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Dropperl.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Dropperl.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "aff94f915fc81d5a2649ebd7c21ec8a4c2fc0d622ec9b790b43cc49f7feb83da" logic_hash = "85733ff904cfa3eddaa4c4fbfc51c00494c3a3725e2eb722bbf33c82e7135336" score = 75 @@ -89008,8 +89640,8 @@ rule ELASTIC_Linux_Trojan_Dropperl_683C2Ba1 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Dropperl.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Dropperl.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "a02e166fbf002dd4217c012f24bb3a8dbe310a9f0b0635eb20a7d315049367e1" logic_hash = "eef2bdef7e20633f7dc92f653b43e3a217e8cbdbac63d05540bdd520e22dd1ed" score = 75 @@ -89037,8 +89669,8 @@ rule ELASTIC_Linux_Trojan_Dropperl_8Bca73F6 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Dropperl.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Dropperl.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "e7c17b7916b38494b9a07c249acb99499808959ba67125c29afec194ca4ae36c" logic_hash = "2cfad4e436198391185fdae5c4af18ae43841db19da33473fdf18b64b0399613" score = 75 @@ -89066,8 +89698,8 @@ rule ELASTIC_Linux_Trojan_Dropperl_C4018572 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Dropperl.yar#L81-L99" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Dropperl.yar#L81-L99" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "c1515b3a7a91650948af7577b613ee019166f116729b7ff6309b218047141f6d" logic_hash = "10d70540532c5c2984dc7e492672450924cb8f34c8158638191886057596b0a1" score = 75 @@ -89095,8 +89727,8 @@ rule ELASTIC_Linux_Trojan_Dropperl_733C0330 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Dropperl.yar#L101-L119" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Dropperl.yar#L101-L119" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "b303f241a2687dba8d7b4987b7a46b5569bd2272e2da3e0c5e597b342d4561b6" logic_hash = "37bf7777e26e556f09b8cb0e7e3c8425226a6412c3bed0d95fdab7229b6f4815" score = 75 @@ -89124,8 +89756,8 @@ rule ELASTIC_Linux_Trojan_Dropperl_39F4Cd0D : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Dropperl.yar#L121-L139" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Dropperl.yar#L121-L139" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "c08e1347877dc77ad73c1e017f928c69c8c78a0e3c16ac5455668d2ad22500f3" logic_hash = "5b61f54604b110d2c8efaf1782a2e520baac96c6d3e8d1eda0877475c504bf89" score = 75 @@ -89153,8 +89785,8 @@ rule ELASTIC_Windows_Trojan_Jesterstealer_B35C6F4B : FILE MEMORY date = "2022-02-28" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_JesterStealer.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_JesterStealer.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "10c3846867f70dd26c5a54332ed22070c9e5e0e4f52f05fdae12ead801f7933b" logic_hash = "acc49348267e963af9ff6ba7afa053d4056d4068b4386a872e33e025790ba759" score = 75 @@ -89188,8 +89820,8 @@ rule ELASTIC_Windows_Trojan_Jesterstealer_8F657F58 : FILE MEMORY date = "2022-02-28" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_JesterStealer.yar#L27-L45" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_JesterStealer.yar#L27-L45" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "10c3846867f70dd26c5a54332ed22070c9e5e0e4f52f05fdae12ead801f7933b" logic_hash = "20a0d8be9c25d50d4dddd455ecb9739f772f57e988855c7fc2df597b2f67585b" score = 75 @@ -89217,8 +89849,8 @@ rule ELASTIC_Macos_Hacktool_Bifrost_39Bcbdf8 : FILE MEMORY date = "2021-10-12" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/MacOS_Hacktool_Bifrost.yar#L1-L27" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/MacOS_Hacktool_Bifrost.yar#L1-L27" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "e2b64df0add316240b010db7d34d83fc9ac7001233259193e5a72b6e04aece46" logic_hash = "a2ff4f1aca51e80f2b277e9171e99a80a75177d1d17d487de2eb8872832cb0d5" score = 75 @@ -89254,8 +89886,8 @@ rule ELASTIC_Windows_Trojan_Jupyter_56152E31 : FILE MEMORY date = "2021-07-22" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Jupyter.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Jupyter.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "ce486097ad2491aba8b1c120f6d0aa23eaf59cf698b57d2113faab696d03c601" logic_hash = "7b32e9caca744f4f6b48aefa5fda111e6b7ac81a62dd1fb8873d2c800ac3c42b" score = 75 @@ -89286,8 +89918,8 @@ rule ELASTIC_Windows_Trojan_Poshc2_E2D3881E : FILE MEMORY date = "2023-03-29" modified = "2023-04-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_PoshC2.yar#L1-L26" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_PoshC2.yar#L1-L26" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "7a718a4f74656346bd9a2e29e008705fc2b1c4d167a52bd4f6ff10b3f2cd9395" logic_hash = "4f3e2a9f22826a155a3007193a0f75a5fde6e423734a60f30628ea3bb33d3457" score = 75 @@ -89322,8 +89954,8 @@ rule ELASTIC_Windows_Exploit_Dcom_7A1Bcec7 : FILE date = "2021-01-12" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Exploit_Dcom.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Exploit_Dcom.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "84073caf71d0e0523adeb96169c85b8f0bfea09e7ef3bf677bfc19d3b536d8a5" logic_hash = "484576ab5369f99dc7086d724ead12d464f2bedaf84c93b74e137ddd98600b06" score = 75 @@ -89351,8 +89983,8 @@ rule ELASTIC_Windows_Hacktool_Executeassembly_F41F4Df6 : FILE MEMORY date = "2023-03-28" modified = "2023-04-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Hacktool_ExecuteAssembly.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Hacktool_ExecuteAssembly.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "a468ba2ba77aafa2a572c8947d414e74604a7c1c6e68a0b87fbfce4f8854dd61" logic_hash = "ab72dec636a96338e16fd57f2db4bb52e38fe61315b42c2ffe9c4566fc0326d3" score = 75 @@ -89381,8 +90013,8 @@ rule ELASTIC_Linux_Trojan_Getshell_98D002Bf : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Getshell.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Getshell.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "97b7650ab083f7ba23417e6d5d9c1d133b9158e2c10427d1f1e50dfe6c0e7541" logic_hash = "358575f55910b060bde94bbc55daa9650a43cf1470b77d1842ddcaa8b299700a" score = 75 @@ -89410,8 +90042,8 @@ rule ELASTIC_Linux_Trojan_Getshell_213D4D69 : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "05fc4dcce9e9e1e627ebf051a190bd1f73bc83d876c78c6b3d86fc97b0dfd8e8" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Getshell.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Getshell.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "2075def88b31ac32e44c270ab20273c8b91f37e25a837c0353f76bcf431cdcb3" score = 75 quality = 75 @@ -89438,8 +90070,8 @@ rule ELASTIC_Linux_Trojan_Getshell_3Cf5480B : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "0e41c0d6286fb7cd3288892286548eaebf67c16f1a50a69924f39127eb73ff38" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Getshell.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Getshell.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "87b0db74e81d4f236b11f51a72fba2e4263c988402292b2182d19293858c6126" score = 75 quality = 75 @@ -89466,8 +90098,8 @@ rule ELASTIC_Linux_Trojan_Getshell_8A79B859 : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "1154ba394176730e51c7c7094ff3274e9f68aaa2ed323040a94e1c6f7fb976a2" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Getshell.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Getshell.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "2aa3914ec4cc04e5daa2da1460410b4f0e5e7a37c5a2eae5a02ff5f55382f1fe" score = 75 quality = 75 @@ -89494,8 +90126,8 @@ rule ELASTIC_Linux_Cryptominer_Xpaj_Fdbd614E : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Xpaj.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Xpaj.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "3e2b1b36981713217301dd02db33fb01458b3ff47f28dfdc795d8d1d332f13ea" logic_hash = "70e6450f98411750361481aaad0d3ea079f58b1ae09970f04da09c20137a50fa" score = 75 @@ -89523,8 +90155,8 @@ rule ELASTIC_Linux_Hacktool_Bruteforce_Bad95Bd6 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Hacktool_Bruteforce.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Hacktool_Bruteforce.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "8e8be482357ebddc6ac3ea9ee60241d011063f7e558a59e6bd119e72e4862024" logic_hash = "8001e6503baeb52c66c9b30026544913270085406a1fe4c45d14629811d36d5f" score = 75 @@ -89552,8 +90184,8 @@ rule ELASTIC_Linux_Hacktool_Bruteforce_66A14C03 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Hacktool_Bruteforce.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Hacktool_Bruteforce.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "a2d8e2c34ae95243477820583c0b00dfe3f475811d57ffb95a557a227f94cd55" logic_hash = "c8b2925c2e3f95e78f117ddd52e208d143d19ee75e9283f7f15d10e930eaac5f" score = 75 @@ -89581,8 +90213,8 @@ rule ELASTIC_Linux_Hacktool_Bruteforce_Eb83B6Aa : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Hacktool_Bruteforce.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Hacktool_Bruteforce.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "8dec88576f61f37fbaece3c30e71d338c340c8fb9c231f9d7b1c32510d2c3167" logic_hash = "bc79860e414d07ee8000eea3d61827272d66faa90a8bf6c65fcda90a4bd762ef" score = 75 @@ -89610,8 +90242,8 @@ rule ELASTIC_Linux_Exploit_Perl_4A4B8A42 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_Perl.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_Perl.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "d1fa8520d3c3811d29c3d5702e7e0e7296b3faef0553835c495223a2bc015214" logic_hash = "c1f7b1c20fe6db6acbe46be38cc97a40de6ca047a4e4490e86610dbff356b395" score = 75 @@ -89639,8 +90271,8 @@ rule ELASTIC_Linux_Exploit_Perl_982Bb709 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_Perl.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_Perl.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "f3e4e2b5af9d0c72aae83cec57e5c091a95c549f826e8f13559aaf7d300f6e13" logic_hash = "b38e6cb15034c38c31f6b267b9ecaabe8dfa950a2fc8863cfff7705182cffb3a" score = 75 @@ -89668,8 +90300,8 @@ rule ELASTIC_Linux_Trojan_Setag_351Eeb76 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Setag.yar#L1-L18" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Setag.yar#L1-L18" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "3519d9e4bfa18c19b49d0fa15ef78151bd13db9614406c4569720d20830f3cbb" score = 75 quality = 75 @@ -89696,8 +90328,8 @@ rule ELASTIC_Linux_Trojan_Setag_01E2F79B : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Setag.yar#L20-L38" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Setag.yar#L20-L38" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "5b5e8486174026491341a750f6367959999bbacd3689215f59a62dbb13a45fcc" logic_hash = "1e0336760f364acbbe0e8aec10bc7bfb48ed7e33cde56d8914617664cb93fd9b" score = 75 @@ -89725,8 +90357,8 @@ rule ELASTIC_Linux_Trojan_Subsevux_E9E80C1E : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Subsevux.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Subsevux.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "a4ccd399ea99d4e31fbf2bbf8017c5368d29e630dc2985e90f07c10c980fa084" logic_hash = "8bc38f26da5a3350cbae3e93b890220bb461ff77e83993a842f68db8f757e435" score = 75 @@ -89754,8 +90386,8 @@ rule ELASTIC_Macos_Trojan_Aobokeylogger_Bd960F34 : FILE MEMORY date = "2021-10-18" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/MacOS_Trojan_Aobokeylogger.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/MacOS_Trojan_Aobokeylogger.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "2b50146c20621741642d039f1e3218ff68e5dbfde8bb9edaa0a560ca890f0970" logic_hash = "f89fbf1d6bf041de0ce32f7920818c34ce0eeb6779bb7fac6f223bbea1c6f6fa" score = 75 @@ -89783,8 +90415,8 @@ rule ELASTIC_Linux_Hacktool_Prochide_7333221A : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Hacktool_Prochide.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Hacktool_Prochide.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "fad956a6a38abac8a8a0f14cc50f473ec6fc1c9fd204e235b89523183931090b" logic_hash = "413f19744240eae0a87d56da1e524e2afa0fe0ec385bd9369218713b13a93495" score = 75 @@ -89803,6 +90435,84 @@ rule ELASTIC_Linux_Hacktool_Prochide_7333221A : FILE MEMORY condition: all of them } +rule ELASTIC_Windows_Hacktool_Chromekatz_Fa232Bba : FILE MEMORY +{ + meta: + description = "Detects Windows Hacktool Chromekatz (Windows.Hacktool.ChromeKatz)" + author = "Elastic Security" + id = "fa232bba-07dd-45e0-9ca3-b1465eb9616d" + date = "2024-03-27" + modified = "2024-05-08" + reference = "https://github.com/elastic/protections-artifacts/" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Hacktool_ChromeKatz.yar#L1-L28" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" + hash = "3f6922049422df14f1a1777001fea54b18fbfb0a4b03c4ee27786bfbc3b8ab87" + logic_hash = "c86291fadd51845cbd7428b159e401d78ac77090e14e34d06bf7bf2018f4502a" + score = 75 + quality = 75 + tags = "FILE, MEMORY" + fingerprint = "bf1da659e0de9c4e22851e77878066ae5f4aca75e61b35392887c12e125c91f8" + severity = 100 + arch_context = "x86" + scan_context = "file, memory" + license = "Elastic License v2" + os = "windows" + + strings: + $s1 = "CookieKatz.exe" + $s2 = "Targeting Chrome" + $s3 = "Targeting Msedgewebview2" + $s4 = "Failed to find the first pattern" + $s5 = "WalkCookieMap" + $s6 = "Found CookieMonster on 0x%p" + $s7 = "Cookie Key:" + $s8 = "Failed to read cookie value" wide + $s9 = "Failed to read cookie struct" wide + $s10 = "Error reading left node" + + condition: + 5 of them +} +rule ELASTIC_Windows_Infostealer_Phemedronestealer_Bed8Ea8A : FILE MEMORY +{ + meta: + description = "Detects Windows Infostealer Phemedronestealer (Windows.Infostealer.PhemedroneStealer)" + author = "Elastic Security" + id = "bed8ea8a-f2a3-4a51-ae57-4986da4d21aa" + date = "2024-03-21" + modified = "2024-05-08" + reference = "https://github.com/elastic/protections-artifacts/" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Infostealer_PhemedroneStealer.yar#L1-L30" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" + hash = "38279fdad25c7972be9426cadb5ad5e3ee7e9761b0a41ed617945cb9a3713702" + logic_hash = "88fc33abfe6c7a611aa0c354645b06e9e74121ffc9a5acd20b4d3a59287489d6" + score = 75 + quality = 75 + tags = "FILE, MEMORY" + fingerprint = "29702a2dc8b20c230ffef00dfff725133b707e35523e075ff85484a20da3c760" + severity = 100 + arch_context = "x86" + scan_context = "file, memory" + license = "Elastic License v2" + os = "windows" + + strings: + $a1 = "b_" + $a2 = "b_" + $a3 = "b_" + $a4 = "b_" + $a5 = "b_" + $a6 = "b_" + $b1 = "Phemedrone.Senders" + $b2 = "Phemedrone.Protections" + $b3 = "Phemedrone.Extensions" + $b4 = "Phemedrone.Cryptography" + $b5 = "Phemedrone-Report.zip" + $b6 = "Phemedrone Stealer Report" + + condition: + all of ($a*) or all of ($b*) +} rule ELASTIC_Linux_Trojan_Rotajakiro_Fb24F399 : FILE MEMORY { meta: @@ -89812,8 +90522,8 @@ rule ELASTIC_Linux_Trojan_Rotajakiro_Fb24F399 : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "023a7f9ed082d9dd7be6eba5942bfa77f8e618c2d15a8bc384d85223c5b91a0c" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Rotajakiro.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Rotajakiro.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "be33fdda50ef0ea1a0cf45835cc2b7a805cecb3fff371ed6d93e01c2d477d867" score = 75 quality = 75 @@ -89840,8 +90550,8 @@ rule ELASTIC_Windows_Trojan_Remcos_B296E965 : FILE MEMORY date = "2021-06-10" modified = "2021-08-23" reference = "https://www.elastic.co/security-labs/exploring-the-ref2731-intrusion-set" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Remcos.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Remcos.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed" logic_hash = "069072abd1182eee50cb9937503d47845e7315d8e3cd6b63576adc8f21820c82" score = 75 @@ -89872,8 +90582,8 @@ rule ELASTIC_Windows_Trojan_Remcos_7591E9F1 : FILE MEMORY date = "2023-06-23" modified = "2023-07-10" reference = "https://www.elastic.co/security-labs/exploring-the-ref2731-intrusion-set" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Remcos.yar#L25-L49" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Remcos.yar#L25-L49" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "4e6e5ecd1cf9c88d536c894d74320c77967fe08c75066098082bf237283842fa" logic_hash = "96acf1ba7740a8d34d929ed4a4fa446c984c3a8f64a603d428e782b6997e4d20" score = 75 @@ -89906,8 +90616,8 @@ rule ELASTIC_Linux_Trojan_Cerbu_69D5657E : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Cerbu.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Cerbu.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "f10bf3cf2fdfbd365d3c2d8dedb2d01b85236eaa97d15370dbcb5166149d70e9" logic_hash = "644e8d5a1b5c8618e71497f21b0244215924e293e274b9164692dd927cd74ba8" score = 75 @@ -89935,8 +90645,8 @@ rule ELASTIC_Windows_Trojan_Microbackdoor_903E33C3 : FILE MEMORY date = "2022-03-07" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_MicroBackdoor.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_MicroBackdoor.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "fbbfcc81a976b57739ef13c1545ea4409a1c69720469c05ba249a42d532f9c21" logic_hash = "5f96f68df442eb1da21d87c3ae954c4e36cf87db583cbef1775f8ca9e76b776e" score = 75 @@ -89964,8 +90674,8 @@ rule ELASTIC_Windows_Trojan_Microbackdoor_46F2E5Fd : FILE MEMORY date = "2022-03-07" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_MicroBackdoor.yar#L21-L44" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_MicroBackdoor.yar#L21-L44" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "fbbfcc81a976b57739ef13c1545ea4409a1c69720469c05ba249a42d532f9c21" logic_hash = "580be4c5b058916c2bc67a7964522a7c369bb254394e3cedbf0da025105231c4" score = 75 @@ -89998,8 +90708,8 @@ rule ELASTIC_Linux_Trojan_Godlua_Ed8E6228 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Godlua.yar#L1-L18" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Godlua.yar#L1-L18" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "848ef3b198737f080f19c5fa55dfbc31356427398074f9125c65cb532c52ce7a" score = 75 quality = 75 @@ -90026,8 +90736,8 @@ rule ELASTIC_Linux_Trojan_Generic_402Be6C5 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Generic.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Generic.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "d30a8f5971763831f92d9a6dd4720f52a1638054672a74fdb59357ae1c9e6deb" logic_hash = "b32111972bc21822f0f2c8e47198c90b70e78667410175257b9542c212fc3a1d" score = 75 @@ -90055,8 +90765,8 @@ rule ELASTIC_Linux_Trojan_Generic_5420D3E7 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Generic.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Generic.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "103b8fced0aebd73cb8ba9eff1a55e6b6fa13bb0a099c9234521f298ee8d2f9f" logic_hash = "8ba3566ec900e37f05f11d40c65ffe1dfc587c553fa9c28b71ced7a9a90f50c3" score = 75 @@ -90084,8 +90794,8 @@ rule ELASTIC_Linux_Trojan_Generic_4F4Cc3Ea : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Generic.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Generic.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "32e25641360dbfd50125c43754cd327cf024f1b3bfd75b617cdf8a17024e2da5" logic_hash = "9eb0d93b8c1a579ca8362d033edecbbe6a9ade82f6ae5688c183b97ed7b97faa" score = 75 @@ -90113,8 +90823,8 @@ rule ELASTIC_Linux_Trojan_Generic_703A0258 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Generic.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Generic.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "b086d0119042fc960fe540c23d0a274dd0fb6f3570607823895c9158d4f75974" logic_hash = "cb37930637b8da91188d199ee20f1b64a0b1f13e966a99e69b983e623dac51de" score = 75 @@ -90142,8 +90852,8 @@ rule ELASTIC_Linux_Trojan_Generic_378765E4 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Generic.yar#L81-L99" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Generic.yar#L81-L99" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "1ed42910e09e88777ae9958439d14176cb77271edf110053e1a29372fce21ec1" logic_hash = "dd10305f553fa94ff83fafa84cff3d544f097b617fca20760eef838902e1f7db" score = 75 @@ -90171,8 +90881,8 @@ rule ELASTIC_Linux_Trojan_Generic_F657Fb4F : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Generic.yar#L101-L119" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Generic.yar#L101-L119" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "1ed42910e09e88777ae9958439d14176cb77271edf110053e1a29372fce21ec1" logic_hash = "af4fa2c21b47f360b425ebbfea624e3728cd682e54e367d265b4f3a6515b0720" score = 75 @@ -90200,8 +90910,8 @@ rule ELASTIC_Linux_Trojan_Generic_Be1757Ef : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Generic.yar#L121-L139" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Generic.yar#L121-L139" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "f3e4e2b5af9d0c72aae83cec57e5c091a95c549f826e8f13559aaf7d300f6e13" logic_hash = "567d33c262e5f812c6a702bcc0a1f0cf576b67bf7cf67bb82b5f9ce9f233aaff" score = 75 @@ -90229,8 +90939,8 @@ rule ELASTIC_Linux_Trojan_Generic_7A95Ef79 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Generic.yar#L141-L159" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Generic.yar#L141-L159" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "f59340a740af8f7f4b96e3ea46d38dbe81f2b776820b6f53b7028119c5db4355" logic_hash = "6da43e4bab6b2024b49dfc943f099fb21c06d8d4a082a05594b07cb55989183c" score = 75 @@ -90258,8 +90968,8 @@ rule ELASTIC_Linux_Trojan_Generic_1C5E42B7 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Generic.yar#L161-L179" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Generic.yar#L161-L179" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "b078a02963610475217682e6e1d6ae0b30935273ed98743e47cc2553fbfd068f" logic_hash = "cd759b87a303fafb9461d0a73b6a6b3f468b1f3db0189ba0e584a629e5d78da1" score = 75 @@ -90287,8 +90997,8 @@ rule ELASTIC_Linux_Trojan_Generic_8Ca4B663 : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Generic.yar#L181-L199" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Generic.yar#L181-L199" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "1ddf479e504867dfa27a2f23809e6255089fa0e2e7dcf31b6ce7d08f8d88947e" logic_hash = "43b8cae2075f55a98b226f865d54e1c96345db0564815d849b3458d3f3ffee7f" score = 75 @@ -90316,8 +91026,8 @@ rule ELASTIC_Linux_Trojan_Generic_D3Fe3Fae : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Generic.yar#L201-L219" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Generic.yar#L201-L219" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "2a2542142adb05bff753e0652e119c1d49232d61c49134f13192425653332dc3" logic_hash = "0b980a0bcf8340410fe2b53d109f629c6e871ebe82af467153d7b50b73fd8644" score = 60 @@ -90345,8 +91055,8 @@ rule ELASTIC_Linux_Trojan_Generic_5E981634 : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Generic.yar#L221-L239" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Generic.yar#L221-L239" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "448e8d71e335cabf5c4e9e8d2d31e6b52f620dbf408d8cc9a6232a81c051441b" logic_hash = "4623c07a15588788ec8a484642a33f2d18127849302d57520a0dac875564f62c" score = 75 @@ -90374,8 +91084,8 @@ rule ELASTIC_Linux_Trojan_Generic_D8953Ca0 : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Generic.yar#L241-L259" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Generic.yar#L241-L259" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "552753661c3cc7b3a4326721789808482a4591cb662bc813ee50d95f101a3501" logic_hash = "cbc1a60a1d9525f7230336dff07f56e6a0b99e7c70c99d3f4363c06ed0071716" score = 75 @@ -90403,8 +91113,8 @@ rule ELASTIC_Linux_Trojan_Generic_181054Af : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Generic.yar#L261-L279" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Generic.yar#L261-L279" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "e677f1eed0dbb4c680549e0bf86d92b0a28a85c6d571417baaba0d0719da5f93" logic_hash = "e92807b603dd33fe7a083985644a213913a77e81c068623fdac7931148207b91" score = 75 @@ -90432,8 +91142,8 @@ rule ELASTIC_Linux_Trojan_Generic_C3D529A2 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Generic.yar#L281-L299" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Generic.yar#L281-L299" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "b46135ae52db6399b680e5c53f891d101228de5cd6c06b6ae115e4a763a5fb22" logic_hash = "a508acd95844a4385943166f715606199048d96be0098bc89f9be7b9db34833e" score = 75 @@ -90461,8 +91171,8 @@ rule ELASTIC_Linux_Trojan_Generic_4675Dffa : FILE MEMORY date = "2023-07-28" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Generic.yar#L301-L320" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Generic.yar#L301-L320" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "43e14c9713b1ca1f3a7f4bcb57dd3959d3a964be5121eb5aba312de41e2fb7a6" logic_hash = "d2865a869d0cf0bf784106fe6242a4c7f58e58a43c4d4ae0241b10569810904d" score = 75 @@ -90491,8 +91201,8 @@ rule ELASTIC_Linux_Cryptominer_Attribute_3683D149 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Attribute.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Attribute.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "ec9e74d52d745275718fe272bfd755335739ad5f680f73f5a4e66df6eb141a63" logic_hash = "71aa8aa4171671af4aa0271b64da95ac1d8766de12a949c97ebcac9369224ecd" score = 75 @@ -90520,8 +91230,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_D13544D7 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Malxmr.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Malxmr.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "85fa30ba59602199fd99463acf50bd607e755c2e18cd8843ffcfb6b1aca24bb3" logic_hash = "fcb2fc7a84fbcd23f9a9d9fd2750c45ff881689670a373fce0cc444183d11999" score = 75 @@ -90549,8 +91259,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_Ad09E090 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Malxmr.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Malxmr.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "cdd3d567fbcbdd6799afad241ae29acbe4ab549445e5c4fc0678d16e75b40dfa" logic_hash = "6c2d548ba9f01444e8fe4b0aa8a0556970acac06d39bb7c87446b6b91ab0d129" score = 75 @@ -90578,8 +91288,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_12299814 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Malxmr.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Malxmr.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "eb3802496bd2fef72bd2a07e32ea753f69f1c2cc0b5a605e480f3bbb80b22676" logic_hash = "52e8bcd0512cedf0fa048b6990a5d331f4302d99b00681c83a76587415894b1e" score = 75 @@ -90607,8 +91317,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_A47B77E4 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Malxmr.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Malxmr.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "995b43ccb20343494e314824343a567fd85f430e241fdeb43704d9d4937d76cc" logic_hash = "bd2b14c8b8e2649af837224fadb32bf0fb67ac403189063a8cb10ad344fb8015" score = 75 @@ -90636,8 +91346,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_21D0550B : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Malxmr.yar#L81-L99" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Malxmr.yar#L81-L99" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "07db41a4ddaac802b04df5e5bbae0881fead30cb8f6fa53a8a2e1edf14f2d36b" logic_hash = "c9a12eee281b1e944b5572142c5e18ff087989f45026a94268df22d483210178" score = 75 @@ -90665,8 +91375,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_C8Adb449 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Malxmr.yar#L101-L119" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Malxmr.yar#L101-L119" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "00ec7a6e9611b5c0e26c148ae5ebfedc57cf52b21e93c2fe3eac85bf88edc7ea" logic_hash = "9c43602dc752dd737a983874bee5ec6af145ce5fdd45d03864a1afdc2aec3ad4" score = 75 @@ -90694,8 +91404,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_Bcab1E8F : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Malxmr.yar#L121-L139" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Malxmr.yar#L121-L139" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "19df7fd22051abe3f782432398ea30f8be88cf42ef14bc301b1676f35b37cd7e" logic_hash = "72643b2860f40c7e901c671d7cc9992870b91912df5d75d2ffba0dfb8684f8d3" score = 75 @@ -90723,8 +91433,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_6671F33A : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Malxmr.yar#L141-L159" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Malxmr.yar#L141-L159" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "85fa30ba59602199fd99463acf50bd607e755c2e18cd8843ffcfb6b1aca24bb3" logic_hash = "a15c842c7c7ec3b11183a1502f8ec03ea786e3f0d47fbab58c62ffff7b018030" score = 75 @@ -90752,8 +91462,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_74418Ec5 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Malxmr.yar#L161-L179" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Malxmr.yar#L161-L179" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "d79ad967ac9fc0b1b6d54e844de60d7ba3eaad673ee69d30f9f804e5ccbf2880" logic_hash = "e74463f53611baaec7c8e126218d8353c6e3a5e71c20e98a7035df6b771b690b" score = 75 @@ -90781,8 +91491,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_979160F6 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Malxmr.yar#L181-L198" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Malxmr.yar#L181-L198" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "e70097fb263c90576e87e76cc7be391dbf9c9d73bbd7fb8e5ec282e6ac1f648d" score = 75 quality = 75 @@ -90809,8 +91519,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_Fe7139E5 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Malxmr.yar#L200-L218" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Malxmr.yar#L200-L218" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "8b13dc59db58b6c4cd51abf9c1d6f350fa2cb0dbb44b387d3e171eacc82a04de" logic_hash = "d1ef74f2a74950845091b2ebc2f7fd05980bcbd2aea4fdd9549c54cec1768501" score = 75 @@ -90838,8 +91548,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_F35A670C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Malxmr.yar#L220-L238" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Malxmr.yar#L220-L238" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "a73808211ba00b92f8d0027831b3aa74db15f068c53dd7f20fcadb294224f480" logic_hash = "95a8aeffb7193c3f4adfea5b7f0741a53528620c57cbdb4d471d756db03c6493" score = 75 @@ -90867,8 +91577,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_70E5946E : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Malxmr.yar#L240-L258" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Malxmr.yar#L240-L258" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "2c2729395805fc9d3c1e654c9a065bbafc4f28d8ab235afaae8d2c484060596b" logic_hash = "324deafee2b14c125100e49b90ea95bc1fc55020a7e81a69c7730a57430560f4" score = 75 @@ -90896,8 +91606,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_033F06Dd : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Malxmr.yar#L260-L278" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Malxmr.yar#L260-L278" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "3afc8d2d85aca61108d21f82355ad813eba7a189e81dde263d318988c5ea50bd" logic_hash = "a0c788dbcd43cab2af1614d5d90ed9e07a45b547241f729e09709d2a1ec24e60" score = 75 @@ -90925,8 +91635,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_Ce0C185F : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Malxmr.yar#L280-L298" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Malxmr.yar#L280-L298" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "cdd3d567fbcbdd6799afad241ae29acbe4ab549445e5c4fc0678d16e75b40dfa" logic_hash = "f88c5a295cc62f5a91e26731fc60aaf450376cbb282f43304ba2a5ac5d149dd4" score = 75 @@ -90954,8 +91664,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_Da08E491 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Malxmr.yar#L300-L318" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Malxmr.yar#L300-L318" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "4638d9ece32cd1385121146378772d487666548066aecd7e40c3ba5231f54cc0" logic_hash = "f98252c33f8d76981bbc51de87a11a7edca7292a864fc2a305d29cd21961729e" score = 75 @@ -90983,8 +91693,8 @@ rule ELASTIC_Windows_Hacktool_Sharpapplocker_9645Cf22 : FILE MEMORY date = "2022-11-20" modified = "2023-01-11" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Hacktool_SharpAppLocker.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Hacktool_SharpAppLocker.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "0f7390905abc132889f7b9a6d5b42701173aafbff5b8f8882397af35d8c10965" logic_hash = "cb72ecf7715b288acddac51dab091d84c64e3bd30276cba38a0d773e6693875c" score = 75 @@ -91015,8 +91725,8 @@ rule ELASTIC_Windows_Trojan_Smokeloader_4E31426E : FILE MEMORY date = "2021-07-21" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Smokeloader.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Smokeloader.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174" logic_hash = "44ac7659964519ae72f83076bcd1b3e5244eb9cadd9a3b123dda78b0e9e07424" score = 75 @@ -91044,8 +91754,8 @@ rule ELASTIC_Windows_Trojan_Smokeloader_4Ee15B92 : FILE MEMORY date = "2022-02-17" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Smokeloader.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Smokeloader.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "09b9283286463b35ea2d5abfa869110eb124eb8c1788eb2630480d058e82abf2" logic_hash = "7d5ba6a4cc1f1b87f7ea1963b41749f5488197ea28b31f20a235091236250463" score = 75 @@ -91073,8 +91783,8 @@ rule ELASTIC_Windows_Trojan_Smokeloader_Ea14B2A5 : FILE MEMORY date = "2023-05-03" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Smokeloader.yar#L41-L60" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Smokeloader.yar#L41-L60" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "15fe237276b9c2c6ceae405c0739479d165b406321891c8a31883023e7b15d54" logic_hash = "8a96985902f82979f1512d4d30cfa41fd23562b8f86bf2f722351ef2adf4365f" score = 75 @@ -91103,8 +91813,8 @@ rule ELASTIC_Windows_Trojan_Smokeloader_De52Ed44 : FILE MEMORY date = "2023-05-04" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Smokeloader.yar#L62-L81" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Smokeloader.yar#L62-L81" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "c689a384f626616005d37a94e6a5a713b9eead1b819a238e4e586452871f6718" logic_hash = "95a60079a316016ca3f78f18e7920b962f5770bef4211dd70e37f45bbe069406" score = 75 @@ -91133,8 +91843,8 @@ rule ELASTIC_Windows_Vulndriver_Rtkio_13B3C88B : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_VulnDriver_Rtkio.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_VulnDriver_Rtkio.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "478917514be37b32d5ccf76e4009f6f952f39f5553953544f1b0688befd95e82" logic_hash = "1e37650292884e28dcc51c42bc1b1d1e8efc13b0727f7865ff1dc7b8e1a72380" score = 75 @@ -91163,8 +91873,8 @@ rule ELASTIC_Windows_Vulndriver_Rtkio_D595781E : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_VulnDriver_Rtkio.yar#L22-L41" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_VulnDriver_Rtkio.yar#L22-L41" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "4ed2d2c1b00e87b926fb58b4ea43d2db35e5912975f4400aa7bd9f8c239d08b7" logic_hash = "289eb17025d989cc74e109b1c03378e9760817a84f1a759153ff6ff6b6401e6d" score = 75 @@ -91193,8 +91903,8 @@ rule ELASTIC_Windows_Vulndriver_Rtkio_B09Af431 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_VulnDriver_Rtkio.yar#L43-L62" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_VulnDriver_Rtkio.yar#L43-L62" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "b205835b818d8a50903cf76936fcf8160060762725bd74a523320cfbd091c038" logic_hash = "916a6e63dc4c7ee0bfdf4a455ee467a1d03c1042db60806511aa7cbf3b096190" score = 75 @@ -91223,8 +91933,8 @@ rule ELASTIC_Windows_Vulndriver_Rtkio_5693E967 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_VulnDriver_Rtkio.yar#L64-L83" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_VulnDriver_Rtkio.yar#L64-L83" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "ab8f2217e59319b88080e052782e559a706fa4fb7b8b708f709ff3617124da89" logic_hash = "4cbc7a52de7f610cdb12bf40a9099bcfae818dcb5e4119a8c34499433aeebd7e" score = 75 @@ -91253,8 +91963,8 @@ rule ELASTIC_Linux_Trojan_Adlibrary_2E908E5F : FILE MEMORY date = "2022-08-23" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Adlibrary.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Adlibrary.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "acb22b88ecfb31664dc07b2cb3490b78d949cd35a67f3fdcd65b1a4335f728f1" logic_hash = "0d0df636876adf0268b7a409bfc9d8bfad298793d11297596ef91aeba86889da" score = 75 @@ -91282,8 +91992,8 @@ rule ELASTIC_Linux_Trojan_Nuker_12F26779 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Nuker.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Nuker.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "440105a62c75dea5575a1660fe217c9104dc19fb5a9238707fe40803715392bf" logic_hash = "8bafbc2792bd4cacd309efd72d2d8787342685d66785ea41cb57c91519a3c545" score = 75 @@ -91311,8 +92021,8 @@ rule ELASTIC_Linux_Trojan_Pornoasset_927F314F : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Pornoasset.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Pornoasset.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "d653598df857535c354ba21d96358d4767d6ada137ee32ce5eb4972363b35f93" logic_hash = "7267375346c1628e04c8272c24bde04a5d6ae2b420f64dfe58657cfc3eecc0e7" score = 75 @@ -91340,8 +92050,8 @@ rule ELASTIC_Multi_Trojan_Sliver_42298C4A : FILE MEMORY date = "2021-10-20" modified = "2022-01-14" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Multi_Trojan_Sliver.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Multi_Trojan_Sliver.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "3b45aae401ac64c055982b5f3782a3c4c892bdb9f9a5531657d50c27497c8007" logic_hash = "a84bdb51fcdeb4629365bdb727b53087604ee0eb112c8d6c3ecf315598ec678a" score = 75 @@ -91375,8 +92085,8 @@ rule ELASTIC_Multi_Trojan_Sliver_3Bde542D : FILE MEMORY date = "2022-08-31" modified = "2022-09-29" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Multi_Trojan_Sliver.yar#L27-L50" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Multi_Trojan_Sliver.yar#L27-L50" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "05461e1c2a2e581a7c30e14d04bd3d09670e281f9f7c60f4169e9614d22ce1b3" logic_hash = "23a0e28c1423f577a147efdf927f2dc71871760e38d4d7494ead2920b90ef05e" score = 75 @@ -91409,8 +92119,8 @@ rule ELASTIC_Multi_Trojan_Sliver_3D6B7Cd3 : FILE MEMORY date = "2022-12-01" modified = "2023-09-20" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Multi_Trojan_Sliver.yar#L52-L88" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Multi_Trojan_Sliver.yar#L52-L88" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "9846124cfd124eed466465d187eeacb4d405c558dd84ba8e575d8a7b3290403e" logic_hash = "3cbd3358b7d59d6a2912069f4cb8de005b6fafd61e44111d1f6cf0418eb2d1fc" score = 75 @@ -91456,8 +92166,8 @@ rule ELASTIC_Windows_Exploit_Fakepipe_6Bc93551 : FILE MEMORY date = "2024-02-28" modified = "2024-03-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Exploit_FakePipe.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Exploit_FakePipe.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "545a41ccfcd0a4f09c1c62bef2dde61b52fa92abada71ab72b3f4febb9265f75" logic_hash = "daf78c4a2db337f51054e108b5b54c8aa32300eae3bd39c5fc2d4769221c8aea" score = 75 @@ -91488,8 +92198,8 @@ rule ELASTIC_Windows_Trojan_Zeus_E51C60D7 : FILE MEMORY date = "2021-02-07" modified = "2021-10-04" reference = "https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Zeus.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Zeus.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3" logic_hash = "cde738f95dbad1fbad59e20528b2f577e5e3ee5fcb37c68a45d53c689d2af525" score = 75 @@ -91522,8 +92232,8 @@ rule ELASTIC_Linux_Trojan_Rozena_56651C1D : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Rozena.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Rozena.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "997684fb438af3f5530b0066d2c9e0d066263ca9da269d6a7e160fa757a51e04" logic_hash = "a6d283b0c398cb1004defe7f5669f912112262e5aaf677ae4ca7fd15565cb988" score = 75 @@ -91551,8 +92261,8 @@ rule ELASTIC_Windows_Trojan_Parallax_D72Ec0E2 : FILE MEMORY date = "2022-09-05" modified = "2022-09-29" reference = "https://www.elastic.co/security-labs/exploring-the-ref2731-intrusion-set" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Parallax.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Parallax.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "6c2c84624912f3b612ae435cf3e8000192a1b168b30205ed4a93b7fab7e336ad" score = 75 quality = 75 @@ -91582,8 +92292,8 @@ rule ELASTIC_Windows_Trojan_Parallax_B4Ea4F1A : FILE MEMORY date = "2022-09-08" modified = "2022-09-29" reference = "https://www.elastic.co/security-labs/exploring-the-ref2731-intrusion-set" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Parallax.yar#L24-L55" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Parallax.yar#L24-L55" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "731fe7bd339ec6b0372b4809004a21f53537bd82f084960b8d018f994dcdc06a" score = 75 quality = 42 @@ -91623,8 +92333,8 @@ rule ELASTIC_Windows_Trojan_Pizzapotion_D334C613 : FILE MEMORY date = "2023-09-13" modified = "2023-09-20" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_PizzaPotion.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_PizzaPotion.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "37bee101cf34a84cba49adb67a555c6ebd3b8ac7c25d50247b0a014c82630003" logic_hash = "de7d395c8a993abf9858858e56ba0ec4acbf0fa1c8bfe4a34ae95be2205967fc" score = 75 @@ -91657,8 +92367,8 @@ rule ELASTIC_Linux_Exploit_CVE_2022_0847_E831C285 : FILE MEMORY CVE_2022_0847 date = "2022-03-10" modified = "2022-03-14" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_CVE_2022_0847.yar#L1-L27" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_CVE_2022_0847.yar#L1-L27" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "c6b2cef2f2bc04e3ae33e0d368eb39eb5ea38d1bca390df47f7096117c1aecca" logic_hash = "e15daf5de9bf66060e373a6e772669eade543ed56bef6b6924a0ee44e59522e1" score = 75 @@ -91694,8 +92404,8 @@ rule ELASTIC_Linux_Backdoor_Python_00606Bac : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Backdoor_Python.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Backdoor_Python.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "b3e3728d43535f47a1c15b915c2d29835d9769a9dc69eb1b16e40d5ba1b98460" logic_hash = "92ad2cf4aa848c8f3bcedd319654bf5ef873cd4daba62572381c7e20f0296b82" score = 75 @@ -91723,8 +92433,8 @@ rule ELASTIC_Windows_Vulndriver_Zam_928812A7 : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_VulnDriver_Zam.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_VulnDriver_Zam.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "543991ca8d1c65113dff039b85ae3f9a87f503daec30f46929fd454bc57e5a91" logic_hash = "82ca874d60d8a0ee04aca39f59415f22797e7e0337314c88dd8ebad1a823d200" score = 75 @@ -91753,8 +92463,8 @@ rule ELASTIC_Windows_Trojan_Whispergate_9192618B : FILE MEMORY date = "2022-01-17" modified = "2022-01-17" reference = "https://www.elastic.co/security-labs/operation-bleeding-bear" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_WhisperGate.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_WhisperGate.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "dcbbae5a1c61dbbbb7dcd6dc5dd1eb1169f5329958d38b58c3fd9384081c9b78" logic_hash = "28bb08d61d99d2bfc49ba18cdbabc34c31a715ae6439ab25bbce8cc6958ed381" score = 75 @@ -91786,8 +92496,8 @@ rule ELASTIC_Linux_Virus_Thebe_1Eb5985A : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Virus_Thebe.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Virus_Thebe.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "30af289be070f4e0f8761f04fb44193a037ec1aab9cc029343a1a1f2a8d67670" logic_hash = "7d4bc4b1615048dec1f1fac599afa667e06ccb369bb1242b25887e0ce2a5066a" score = 75 @@ -91815,8 +92525,8 @@ rule ELASTIC_Windows_Vulndriver_BSMI_65223B8D : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_VulnDriver_BSMI.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_VulnDriver_BSMI.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "59626cac380d8fe0b80a6d4c4406d62ba0683a2f0f68d50ad506ca1b1cf25347" logic_hash = "c4fa65bbd9d374092137b65209f29744caeb8b04fbd364b1acc67b73c45604e8" score = 75 @@ -91846,8 +92556,8 @@ rule ELASTIC_Windows_Vulndriver_Fileseclab_4A21229A : FILE date = "2024-03-05" modified = "2024-03-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Vulndriver_Fileseclab.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Vulndriver_Fileseclab.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "ae55a0e93e5ef3948adecf20fa55b0f555dcf40589917a5bfbaa732075f0cc12" logic_hash = "bac78186f3d46c6765bacaf6a324ff94e449261cefe2594cb38c4cc25db1f0de" score = 75 @@ -91880,8 +92590,8 @@ rule ELASTIC_Windows_Hacktool_Sharprdp_80895Fcb : FILE MEMORY date = "2022-11-20" modified = "2023-01-11" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Hacktool_SharpRDP.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Hacktool_SharpRDP.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "6e909861781a8812ee01bc59435fd73fd34da23fa9ad6d699eefbf9f84629876" logic_hash = "ef9a92f2ed29f508dca591e9c65a6ce0013ccdfd0c62770e8840be2f3ee5982e" score = 75 @@ -91913,8 +92623,8 @@ rule ELASTIC_Windows_Vulndriver_Lha_F72Bff9A : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_VulnDriver_Lha.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_VulnDriver_Lha.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "e75714f8e0ff45605f6fc7689a1a89c7dcd34aab66c6131c63fefaca584539cf" logic_hash = "cea05432b47cf14982bda74476c8c8582068c22fe7dec6468c9756c20412dca2" score = 75 @@ -91943,8 +92653,8 @@ rule ELASTIC_Linux_Exploit_Vmsplice_Cfa94001 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_Vmsplice.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_Vmsplice.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "0a26e67692605253819c489cd4793a57e86089d50150124394c30a8801bf33e6" logic_hash = "b5a86a79384997f977d353371ccaa8c736f5c24af40b85a24076d4c4fb79a237" score = 75 @@ -91972,8 +92682,8 @@ rule ELASTIC_Linux_Exploit_Vmsplice_A000F267 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_Vmsplice.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_Vmsplice.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "c85cc6768a28fb7de16f1cad8d3c69d8f0b4aa01e00c8e48759d27092747ca6f" logic_hash = "2a8cb11bb21f2ce620a6fa1f0fb932bef60a479fac836058ec4e8c760b5d60f9" score = 75 @@ -92001,8 +92711,8 @@ rule ELASTIC_Linux_Exploit_Vmsplice_8B9E4F9F : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_Vmsplice.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_Vmsplice.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "0230c81ba747e588cd9b6113df6e1867dcabf9d8ada0c1921d1bffa9c1b9c75d" logic_hash = "6979a900a2532a8da36711f3ffe13f71ec4efa7771aa2feec9391bd031aaa023" score = 75 @@ -92030,8 +92740,8 @@ rule ELASTIC_Linux_Exploit_Vmsplice_055F88B8 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_Vmsplice.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_Vmsplice.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "607c8c5edc8cbbd79a40ce4a0eccf46e01447985d9415d1eff6a91bf64074507" logic_hash = "29e59bb372f0b37b507c72e5b5bcb27ba0fa2aaac71ea77f0cab85af31708c8a" score = 75 @@ -92059,8 +92769,8 @@ rule ELASTIC_Linux_Exploit_Vmsplice_431E689D : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "1cbb09223f16af4cd13545d72dbeeb996900535b1e279e4bcf447670728de1e1" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_Vmsplice.yar#L81-L99" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_Vmsplice.yar#L81-L99" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "5b9a7ffcd6fc6893a8224fd2b9ca59f4cff6086669a73190114db510a1ad9ff2" score = 75 quality = 75 @@ -92087,8 +92797,8 @@ rule ELASTIC_Linux_Exploit_CVE_2017_16995_0C81A317 : FILE MEMORY CVE_2017_16995 date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_CVE_2017_16995.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_CVE_2017_16995.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "48d927b4b18a03dfbce54bb5f4518869773737e449301ba2477eb797afbb9972" logic_hash = "cdd6b309a1e802f1251d726b0ea74e3d11fdd10d1d0bfa4c6f3d802f819368ec" score = 75 @@ -92116,8 +92826,8 @@ rule ELASTIC_Linux_Exploit_CVE_2017_16995_82816Caa : FILE MEMORY CVE_2017_16995 date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_CVE_2017_16995.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_CVE_2017_16995.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "14e6b788db0db57067d9885ab5ff3d3a5749639549d82abd98fa4fcf27000f34" logic_hash = "3ae00290073d41ff5dba2f677510bf9a9c0ebaed221901eb8b1a8dda08157a46" score = 75 @@ -92145,8 +92855,8 @@ rule ELASTIC_Linux_Exploit_CVE_2017_16995_5Edb0181 : FILE MEMORY CVE_2017_16995 date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_CVE_2017_16995.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_CVE_2017_16995.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "e4df84e1dffbad217d07222314a7e13fd74771a9111d07adc467a89d8ba81127" logic_hash = "f6eb19329db765938b48021039baaf1b5aeb3240c405ba20ed81863a0fb4b583" score = 75 @@ -92174,8 +92884,8 @@ rule ELASTIC_Linux_Ransomware_Esxiargs_75A8Ec04 : FILE MEMORY date = "2023-02-09" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Ransomware_Esxiargs.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Ransomware_Esxiargs.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "11b1b2375d9d840912cfd1f0d0d04d93ed0cddb0ae4ddb550a5b62cd044d6b66" logic_hash = "7316cab75c1bcf41ae6c96afa41ef96c37ab1bb679f36a0cc1dd08002a357165" score = 75 @@ -92207,8 +92917,8 @@ rule ELASTIC_Linux_Trojan_Sqlexp_1Aa5001E : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Sqlexp.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Sqlexp.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "714a520fc69c54bcd422e75f4c3b71ce636cfae7fcec3c5c413d1294747d2dd6" logic_hash = "48c7331c80aa7d918f46d282c6f38b8e780f9b5222cf9304bf1a8bb39cc129ab" score = 75 @@ -92236,8 +92946,8 @@ rule ELASTIC_Windows_Shellcode_Generic_8C487E57 : FILE MEMORY date = "2022-05-23" modified = "2022-07-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Shellcode_Generic.yar#L1-L18" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Shellcode_Generic.yar#L1-L18" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "a86ea8e15248e83ce7322c10e308a5a24096b1d7c67f5673687563dec8229dfe" score = 75 quality = 75 @@ -92264,8 +92974,8 @@ rule ELASTIC_Windows_Shellcode_Generic_F27D7Beb : FILE MEMORY date = "2022-06-08" modified = "2022-09-29" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Shellcode_Generic.yar#L20-L37" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Shellcode_Generic.yar#L20-L37" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "8530a74a002d0286711cd86545aff0bf853de6b6684473b6211d678797c3639f" score = 75 quality = 75 @@ -92292,8 +93002,8 @@ rule ELASTIC_Windows_Shellcode_Generic_29Dcbf7A : FILE MEMORY date = "2023-05-09" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Shellcode_Generic.yar#L39-L56" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Shellcode_Generic.yar#L39-L56" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "c2a81cc27e696a2e488df7d2f96784bbaed83df5783efab312fc5ccbfd524b43" score = 75 quality = 75 @@ -92320,8 +93030,8 @@ rule ELASTIC_Linux_Trojan_Roopre_B6B9E71D : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Roopre.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Roopre.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "36ae2bf773135fdb0ead7fbbd46f90fd41d6f973569de1941c8723158fc6cfcc" logic_hash = "32294e476a014a919d2d738bdc940a7fc5f91e1b13c005f164a5b6bf84eb2635" score = 75 @@ -92349,8 +93059,8 @@ rule ELASTIC_Linux_Trojan_Roopre_05F7F237 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Roopre.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Roopre.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "36ae2bf773135fdb0ead7fbbd46f90fd41d6f973569de1941c8723158fc6cfcc" logic_hash = "12e14ac31932033f2448b7a3bfd6ce826fff17494547ac4baefb20f6713baf5f" score = 75 @@ -92378,8 +93088,8 @@ rule ELASTIC_Windows_Trojan_Dridex_63Ddf193 : FILE MEMORY date = "2021-08-07" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Dridex.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Dridex.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "b1d66350978808577159acc7dc7faaa273e82c103487a90bf0d040afa000cb0d" logic_hash = "e792f4693be0a7c71d1e638212a8fb3acb1e14dedd48218861fad8c09811da29" score = 75 @@ -92408,8 +93118,8 @@ rule ELASTIC_Windows_Trojan_Dridex_C6F01353 : FILE MEMORY date = "2021-08-07" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Dridex.yar#L22-L40" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Dridex.yar#L22-L40" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "739682ccb54170e435730c54ba9f7e09f32a3473c07d2d18ae669235dcfe84de" logic_hash = "7146204d779610c04badfc7d884ff882ff5f1439b61f889d1edf4419240c5751" score = 75 @@ -92437,8 +93147,8 @@ rule ELASTIC_Linux_Exploit_Foda_F41E9Ef9 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_Foda.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_Foda.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "6059a6dd039b5efa36ce97acbb01406128aaf6062429474e422624ee69783ca8" logic_hash = "7b15fef304b91601a76c6fcf48a892105d6eedf5a3e2395ab7c2937a84709d9f" score = 75 @@ -92466,8 +93176,8 @@ rule ELASTIC_Linux_Trojan_Marut_47Af730D : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Marut.yar#L1-L18" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Marut.yar#L1-L18" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "048ce8059be6697c5f507fb1912ac2adcedab87c75583dd84700984e6d0d81e6" score = 75 quality = 75 @@ -92494,8 +93204,8 @@ rule ELASTIC_Windows_Trojan_Spectralviper_43Abeeeb : FILE MEMORY date = "2023-04-13" modified = "2023-05-26" reference = "https://www.elastic.co/security-labs/elastic-charms-spectralviper" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_SpectralViper.yar#L1-L27" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_SpectralViper.yar#L1-L27" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "7e35ba39c2c77775b0394712f89679308d1a4577b6e5d0387835ac6c06e556cb" logic_hash = "976e5b5b4ba73f1b392c2f6b32a86b09b5fd9e5a3510c60b77a39f1e0d705822" score = 75 @@ -92530,8 +93240,8 @@ rule ELASTIC_Windows_Trojan_Spectralviper_368C36A0 : FILE MEMORY date = "2023-05-10" modified = "2023-05-10" reference = "https://www.elastic.co/security-labs/elastic-charms-spectralviper" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_SpectralViper.yar#L29-L53" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_SpectralViper.yar#L29-L53" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "d1c32176b46ce171dbce46493eb3c5312db134b0a3cfa266071555c704e6cff8" logic_hash = "6182bde93e18dc6a83a94b50b193f5f29ed9abfa89b53c290818e7dab5bbb334" score = 75 @@ -92564,8 +93274,8 @@ rule ELASTIC_Linux_Cryptominer_Ccminer_18Fc60E5 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Ccminer.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Ccminer.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "dbb403a00c75ef2a74b41b8b58d08a6749f37f922de6cc19127a8f244d901c60" logic_hash = "75db45ccbeb558409ee9398065591472d4aee0382be5980adb9d0fb41e557789" score = 75 @@ -92593,8 +93303,8 @@ rule ELASTIC_Linux_Cryptominer_Ccminer_3C593Bc3 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Ccminer.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Ccminer.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "dbb403a00c75ef2a74b41b8b58d08a6749f37f922de6cc19127a8f244d901c60" logic_hash = "94a0d33b474b3c60e926eaf06147eb0fdc56beac525f25326448bf2a5177d9c0" score = 75 @@ -92622,8 +93332,8 @@ rule ELASTIC_Windows_Trojan_Gh0St_Ee6De6Bc : FILE MEMORY date = "2021-06-10" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Gh0st.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Gh0st.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "ea1dc816dfc87c2340a8b8a77a4f97618bccf19ad3b006dce4994be02e13245d" logic_hash = "3619df974c9f4ec76899afbafdfd6839070714862c7361be476cf8f83e766e2f" score = 75 @@ -92655,8 +93365,8 @@ rule ELASTIC_Linux_Exploit_Local_47C64Fb6 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_Local.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_Local.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "0caa9035027ff88788e6b8e43bfc012a367a12148be809555c025942054a6360" logic_hash = "7d977edd5fc90c6f03ed5558c690b3dd2102bbff9d7e5124403276405e15201b" score = 75 @@ -92684,8 +93394,8 @@ rule ELASTIC_Linux_Exploit_Local_76C24B62 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_Local.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_Local.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "330de2ca1add7e06389d94dfc541c367a484394c51663b26d27d89346b08ad1b" logic_hash = "ff55d6a316394812cfa1108578aece91050bfb2f7e0f8c0440dcb64156f3e893" score = 75 @@ -92713,8 +93423,8 @@ rule ELASTIC_Linux_Exploit_Local_30C21B03 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_Local.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_Local.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "a09c81f185a4ceed134406fa7fefdfa7d8dfc10d639dd044c94fbb6d570fa029" logic_hash = "396965c457b2e02d7d524d9d5fb3cc76852895ed9675c7b1205a94f47ba10144" score = 75 @@ -92742,8 +93452,8 @@ rule ELASTIC_Linux_Exploit_Local_9Ace9649 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_Local.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_Local.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "b38869605521531153cfd8077f05e0d6b52dca0fffbc627a4d5eaa84855a491c" logic_hash = "d7a60b0cb7fcbd9e802660bda3e0456f7f4ef9db38b6dab131c160efce48909e" score = 75 @@ -92771,8 +93481,8 @@ rule ELASTIC_Linux_Exploit_Local_705C9589 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_Local.yar#L81-L99" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_Local.yar#L81-L99" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "845727ea46491b46a665d4e1a3a9dbbe6cd0536d070f1c1efd533b91b75cdc88" logic_hash = "9834d564c2acc688750d5e6c53db7c1201ef85c6fb3d1d0ea2425a5ba905ff18" score = 75 @@ -92800,8 +93510,8 @@ rule ELASTIC_Linux_Exploit_Local_A677Fb9C : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_Local.yar#L101-L119" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_Local.yar#L101-L119" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "d20b260c7485173264e3e674adc7563ea3891224a3dc98bdd342ebac4a1349e8" logic_hash = "9b43e651f73d17dbd2143cec4c79929723689ce738924588e38c99a9554e5545" score = 75 @@ -92829,8 +93539,8 @@ rule ELASTIC_Linux_Exploit_Local_78E50162 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_Local.yar#L121-L139" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_Local.yar#L121-L139" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "706c865257d5e1f5f434ae0f31e11dfc7e16423c4c639cb2763ec0f51bc73300" logic_hash = "10a5bef486ec0ececfe0a9edfcad7ce053da2a97028cd1648aa27572fedd8ef6" score = 75 @@ -92858,8 +93568,8 @@ rule ELASTIC_Linux_Exploit_Local_3B767A1F : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_Local.yar#L141-L159" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_Local.yar#L141-L159" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "e05fed9e514cccbdb775f295327d8f8838b73ad12f25e7bb0b9d607ff3d0511c" logic_hash = "0f24a7d4e8ff0899430aa0a702000f35039b07400120b382b675825630f0ea4e" score = 75 @@ -92887,8 +93597,8 @@ rule ELASTIC_Linux_Exploit_Local_2535C9B6 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_Local.yar#L161-L179" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_Local.yar#L161-L179" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "d0f9cc114f6a1f788f36e359e03a9bbf89c075f41aec006229b6ad20ebbfba0b" logic_hash = "222e929d8352ed02714a59b0e1b9777b0f2d80d63cb369fa9bf33460c84efbb2" score = 75 @@ -92916,8 +93626,8 @@ rule ELASTIC_Linux_Exploit_Local_6A9B5D50 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_Local.yar#L181-L199" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_Local.yar#L181-L199" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "80ab71dc9ed2131b08b5b75b5a4a12719d499c6b6ee6819ad5a6626df4a1b862" logic_hash = "99a18bfb62c195bdea89c688fed4456fee33477878ecdee8a78cd4bf18ad539b" score = 75 @@ -92945,8 +93655,8 @@ rule ELASTIC_Linux_Exploit_Local_66557224 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_Local.yar#L201-L219" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_Local.yar#L201-L219" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "f58151a2f653972e744822cdc420ab1c2b8b642877d3dfa2e8b2b6915e8edf40" logic_hash = "5583f086d594ebdf5890a8a5fbee5c04fbddfe42adcae07480532d87e474ef0c" score = 75 @@ -92974,8 +93684,8 @@ rule ELASTIC_Linux_Exploit_Local_6229602F : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_Local.yar#L221-L239" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_Local.yar#L221-L239" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "4fdb15663a405f6fc4379aad9a5021040d7063b8bb82403bedb9578d45d428fa" logic_hash = "c3ab6a36c0c2d430d576f7c0cfdc6d1affcd99d007e2d05596677da9bda5a19e" score = 75 @@ -93003,8 +93713,8 @@ rule ELASTIC_Windows_Trojan_Cryptbot_489A6562 : FILE MEMORY date = "2021-08-18" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Cryptbot.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Cryptbot.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "423563995910af04cb2c4136bf50607fc26977dfa043a84433e8bd64b3315110" logic_hash = "7fee3cc67419e66de790ba2ad8c3102425b3a45bdfe31801758dd38021a8439b" score = 75 @@ -93036,8 +93746,8 @@ rule ELASTIC_Windows_Trojan_Blister_Cb99A1Df : FILE MEMORY date = "2021-12-21" modified = "2022-01-13" reference = "https://www.elastic.co/security-labs/elastic-security-uncovers-blister-malware-campaign" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Blister.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Blister.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "0a7778cf6f9a1bd894e89f282f2e40f9d6c9cd4b72be97328e681fe32a1b1a00" logic_hash = "deb1be5300d8af12dda868dd5f4ccdbb3ec653bd97c33a09e567c13ecafb9e8a" score = 75 @@ -93067,8 +93777,8 @@ rule ELASTIC_Windows_Trojan_Blister_9D757838 : FILE MEMORY date = "2022-04-26" modified = "2022-06-09" reference = "https://www.elastic.co/security-labs/elastic-security-uncovers-blister-malware-campaign" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Blister.yar#L24-L44" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Blister.yar#L24-L44" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "863de84a39c9f741d8103db83b076695d0d10a7384e4e3ba319c05a6018d9737" logic_hash = "4d9ce1622d77b2ac8b20b2dfb60ac672752dabab315221a5449ebd3c73a3edca" score = 75 @@ -93097,8 +93807,8 @@ rule ELASTIC_Windows_Trojan_Blister_68B53E1B : FILE MEMORY date = "2023-08-02" modified = "2023-08-08" reference = "https://www.elastic.co/security-labs/elastic-security-uncovers-blister-malware-campaign" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Blister.yar#L46-L66" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Blister.yar#L46-L66" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "5fc79a4499bafa3a881778ef51ce29ef015ee58a587e3614702e69da304395db" logic_hash = "6d935461406a6b9b39867d52aa5ecb088945ae0f8c56895a67e8565e5a2a3699" score = 75 @@ -93127,8 +93837,8 @@ rule ELASTIC_Windows_Trojan_Blister_487B0966 : FILE MEMORY date = "2023-09-11" modified = "2023-09-20" reference = "https://www.elastic.co/security-labs/elastic-security-uncovers-blister-malware-campaign" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Blister.yar#L68-L89" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Blister.yar#L68-L89" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "5fc79a4499bafa3a881778ef51ce29ef015ee58a587e3614702e69da304395db" logic_hash = "521409d03335205507cc6894e0de3ca627eb966a95a2f8e7b931e552ad78bbb7" score = 75 @@ -93158,8 +93868,8 @@ rule ELASTIC_Windows_Trojan_Cybergate_517Aac7D : FILE MEMORY date = "2022-02-28" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_CyberGate.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_CyberGate.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "07b8f25e7b536f5b6f686c12d04edc37e11347c8acd5c53f98a174723078c365" logic_hash = "50e061d0c358655c03b95ccbe2d05e252501c3e6afd21dd20513019cd67e6147" score = 75 @@ -93191,8 +93901,8 @@ rule ELASTIC_Windows_Trojan_Cybergate_9996D800 : FILE MEMORY date = "2022-02-28" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_CyberGate.yar#L25-L43" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_CyberGate.yar#L25-L43" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "07b8f25e7b536f5b6f686c12d04edc37e11347c8acd5c53f98a174723078c365" logic_hash = "efefc171b6390c9792145973708358f62b18b8d0180feacaf5b9267563c3f7cc" score = 75 @@ -93220,8 +93930,8 @@ rule ELASTIC_Windows_Trojan_Cybergate_C219A2F3 : FILE MEMORY date = "2023-05-04" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_CyberGate.yar#L45-L64" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_CyberGate.yar#L45-L64" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "b7204f8caf6ace6ae1aed267de0ad6b39660d0e636d8ee0ecf88135f8a58dc42" logic_hash = "8075892728c610c1ceacd0df54615d2a3e833d728d631a9bf81311e8c6485f6e" score = 75 @@ -93250,8 +93960,8 @@ rule ELASTIC_Linux_Trojan_Sfloost_69A5343A : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Sfloost.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Sfloost.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "c0cd73db5165671c7bbd9493c34d693d25b845a9a21706081e1bf44bf0312ef9" logic_hash = "bd3cd33d02c7ca1d3a0364e5e3e2f968f32da8f087f744232f3cb786da6c7875" score = 75 @@ -93279,8 +93989,8 @@ rule ELASTIC_Windows_Trojan_Snakekeylogger_Af3Faa65 : FILE MEMORY date = "2021-04-06" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_SnakeKeylogger.yar#L1-L32" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_SnakeKeylogger.yar#L1-L32" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "54180a642d40b5366f1b400c347c25dc31397d662d6bb8af33c7d2319c97d3fb" score = 75 quality = 73 @@ -93321,8 +94031,8 @@ rule ELASTIC_Windows_Vulndriver_Amifldrv_E387D5Ad : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_VulnDriver_Amifldrv.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_VulnDriver_Amifldrv.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "fda506e2aa85dc41a4cbc23d3ecc71ab34e06f1def736e58862dc449acbc2330" logic_hash = "14d75b5aff2c82d69b041c654cdc0840f6b6e37a197f5c0c1c2698c9e8eba3e2" score = 60 @@ -93350,8 +94060,8 @@ rule ELASTIC_Windows_Hacktool_Gmer_8Aabdd5E : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Hacktool_Gmer.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Hacktool_Gmer.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "18c909a2b8c5e16821d6ef908f56881aa0ecceeaccb5fa1e54995935fcfd12f7" logic_hash = "acdab89a7703a743927cec60fbc84af2fd469403bee6f211c865fb96e9c92498" score = 75 @@ -93379,8 +94089,8 @@ rule ELASTIC_Linux_Trojan_Xpmmap_7Dcc3534 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Xpmmap.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Xpmmap.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "765546a981921187a4a2bed9904fbc2ccb2a5876e0d45c72e79f04a517c1bda3" logic_hash = "f88cc0f02797651e8cdf8e25b67a92f7825ec616b79df21daae798b613baf334" score = 75 @@ -93408,8 +94118,8 @@ rule ELASTIC_Windows_Trojan_Revcoderat_8E6D4182 : FILE MEMORY date = "2021-09-02" modified = "2022-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Revcoderat.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Revcoderat.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "77732e74850050bb6f935945e510d32a0499d820fa1197752df8bd01c66e8210" logic_hash = "35626d752b291e343350534aece35f1d875068c2c050d12312a60e67753c71e1" score = 75 @@ -93440,8 +94150,8 @@ rule ELASTIC_Windows_Vulndriver_Gvci_F5A35359 : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_VulnDriver_Gvci.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_VulnDriver_Gvci.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "42f0b036687cbd7717c9efed6991c00d4e3e7b032dc965a2556c02177dfdad0f" logic_hash = "beb0c324358a016e708dae30a222373113a7eab8e3d90dfa1bbde6c2f7874362" score = 75 @@ -93469,8 +94179,8 @@ rule ELASTIC_Windows_Trojan_Clipbanker_7Efaef9F : FILE MEMORY date = "2022-02-28" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Clipbanker.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Clipbanker.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "02b06acb113c31f5a2ac9c99f9614e0fab0f78afc5ae872e46bae139c2c9b1f6" logic_hash = "fa547d7c1623b332ef306672dd2293b44016d9974c1a3ec4b15e5ae0483ff879" score = 75 @@ -93502,8 +94212,8 @@ rule ELASTIC_Windows_Trojan_Clipbanker_B60A50B8 : FILE MEMORY date = "2022-02-28" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Clipbanker.yar#L25-L43" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Clipbanker.yar#L25-L43" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "02b06acb113c31f5a2ac9c99f9614e0fab0f78afc5ae872e46bae139c2c9b1f6" logic_hash = "fe585ab7efbc3b500ea23d1c164bc79ded658001e53fc71721e435ed7579182a" score = 75 @@ -93531,8 +94241,8 @@ rule ELASTIC_Windows_Trojan_Clipbanker_F9F9E79D : FILE MEMORY date = "2022-04-23" modified = "2022-06-09" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Clipbanker.yar#L45-L63" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Clipbanker.yar#L45-L63" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c" logic_hash = "a71d75719133e8b84956ec002cb31f82386ef711fa2af79d204d176492cd354b" score = 75 @@ -93560,8 +94270,8 @@ rule ELASTIC_Windows_Trojan_Clipbanker_787B130B : FILE MEMORY date = "2022-04-24" modified = "2022-06-09" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Clipbanker.yar#L65-L87" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Clipbanker.yar#L65-L87" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c" logic_hash = "88783bde7014853f6556c6e7ee2dfd5cd5fcbfb4523ed158b4287e2bfba409f1" score = 75 @@ -93584,6 +94294,47 @@ rule ELASTIC_Windows_Trojan_Clipbanker_787B130B : FILE MEMORY condition: any of them } +rule ELASTIC_Windows_Hacktool_Sharpsccm_9Bef8Dab : FILE MEMORY +{ + meta: + description = "Detects Windows Hacktool Sharpsccm (Windows.Hacktool.SharpSCCM)" + author = "Elastic Security" + id = "9bef8dab-af2e-46be-811a-0ac78d74a4ef" + date = "2024-03-25" + modified = "2024-05-08" + reference = "https://github.com/elastic/protections-artifacts/" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Hacktool_SharpSCCM.yar#L1-L31" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" + hash = "2e169c4fd16627029445bb0365a2f9ee61ab6b3757b8ad02fd210ce85dc9c97f" + logic_hash = "560c780934a63b3c857a09841c09cbc350205868c696fac958e249e1379cc865" + score = 75 + quality = 75 + tags = "FILE, MEMORY" + fingerprint = "dfbb7f142628eb7dc6c96dd271562d88a0970534af85464c10232ec01f58e35b" + severity = 100 + arch_context = "x86" + scan_context = "file, memory" + license = "Elastic License v2" + os = "windows" + + strings: + $name = "SharpSCCM" wide fullword + $s1 = "--relay-server" wide fullword + $s2 = "--username" wide fullword + $s3 = "--domain" wide fullword + $s4 = "--sms-provider" wide fullword + $s5 = "--wmi-namespace" wide fullword + $s6 = "--management-point" wide fullword + $s7 = "--get-system" wide fullword + $s8 = "--run-as-user" wide fullword + $s9 = "--register-client" wide fullword + $s10 = "MS_Collection" wide fullword + $s11 = "SOFTWARE\\Microsoft\\CCM" wide fullword + $s12 = "CCM_POST" wide fullword + + condition: + ($name and 2 of ($s*)) or 7 of ($s*) +} rule ELASTIC_Windows_Vulndriver_Fidpci_Cb7F69B5 : FILE { meta: @@ -93593,8 +94344,8 @@ rule ELASTIC_Windows_Vulndriver_Fidpci_Cb7F69B5 : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_VulnDriver_Fidpci.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_VulnDriver_Fidpci.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "3ac5e01689a3d745e60925bc7faca8d4306ae693e803b5e19c94906dc30add46" logic_hash = "459429fb4e5156890f19c451e48676c9cd06eaab1c2eaea9236737c795086b5f" score = 75 @@ -93622,8 +94373,8 @@ rule ELASTIC_Windows_Trojan_Quasarrat_E52Df647 : FILE MEMORY date = "2021-06-27" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Quasarrat.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Quasarrat.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "a58efd253a25cc764d63476931da2ddb305a0328253a810515f6735a6690de1d" logic_hash = "41f32e0c9b3b43d10baef10060e064ad860558bcdeb4281a30d30c16615ed21d" score = 75 @@ -93655,8 +94406,8 @@ rule ELASTIC_Linux_Exploit_Openssl_47C6Fad7 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_Openssl.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_Openssl.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "8024af0931dff24b5444f0b06a27366a776014358aa0b7fc073030958f863ef8" logic_hash = "4c60071ecd7b826e692710ae11b09be30e7df5833bcaa8642fea014e12b9abd7" score = 75 @@ -93684,8 +94435,8 @@ rule ELASTIC_Linux_Cryptominer_Uwamson_C42Fd06D : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Uwamson.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Uwamson.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "8cfc38db2b860efcce5da40ce1e3992f467ab0b7491639d68d530b79529cda80" logic_hash = "4ff7aad11adaae8fccb23d36fc96937ba48a5517895a742f2864ba1973f3db3a" score = 75 @@ -93713,8 +94464,8 @@ rule ELASTIC_Linux_Cryptominer_Uwamson_D08B1D2E : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Uwamson.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Uwamson.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "4f7ad24b53b8e255710e4080d55f797564aa8c270bf100129bdbe52a29906b78" logic_hash = "8f489bb020397beae91f7bce82bc1b47912deab1b79224158f79c53f1d7c7fd3" score = 75 @@ -93742,8 +94493,8 @@ rule ELASTIC_Linux_Cryptominer_Uwamson_0797De34 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Uwamson.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Uwamson.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "e4699e35ce8091f97decbeebff63d7fa8c868172a79f9d9d52b6778c3faab8f2" logic_hash = "7ab5dd99d8bbef61ec764900df5bebf39ed90833a8f9481c427cbb46faf2c521" score = 75 @@ -93771,8 +94522,8 @@ rule ELASTIC_Linux_Cryptominer_Uwamson_41E36585 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Uwamson.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Uwamson.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "8cfc38db2b860efcce5da40ce1e3992f467ab0b7491639d68d530b79529cda80" logic_hash = "e176523afe8c3394ddda41a5ef11f825fed1e149476709a7c1ea26b8af72d4fc" score = 75 @@ -93800,8 +94551,8 @@ rule ELASTIC_Windows_Trojan_Havoc_77F3D40E : FILE MEMORY date = "2022-10-20" modified = "2022-11-24" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Havoc.yar#L1-L35" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Havoc.yar#L1-L35" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "3427dac129b760a03f2c40590c01065c9bf2340d2dfa4a4a7cf4830a02e95879" logic_hash = "3d2733ed24d90e9e851ec36a08c497e9c90b47c3dcbb8755e3f6b6a6bd3a8b54" score = 75 @@ -93845,8 +94596,8 @@ rule ELASTIC_Windows_Trojan_Havoc_9C7Bb863 : FILE MEMORY date = "2023-04-28" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Havoc.yar#L37-L56" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Havoc.yar#L37-L56" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "261b92d9e8dcb9d0abf1627b791831ec89779f2b7973b1926c6ec9691288dd57" logic_hash = "c1245c38c54b0a72fb335680d9ea191390e4e2fe7e47a3ed776878c5e01a3e16" score = 75 @@ -93875,8 +94626,8 @@ rule ELASTIC_Windows_Trojan_Havoc_88053562 : FILE MEMORY date = "2024-01-04" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Havoc.yar#L58-L76" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Havoc.yar#L58-L76" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "2f0b59f8220edd0d34fba92905faf0b51aead95d53be8b5f022eed7e21bdb4af" logic_hash = "f79b39cc2ca4bbf6ad4b6585a9914a75797110d6fb68bcb7141c5c3d0429c412" score = 75 @@ -93895,6 +94646,46 @@ rule ELASTIC_Windows_Trojan_Havoc_88053562 : FILE MEMORY condition: all of them } +rule ELASTIC_Windows_Trojan_Havoc_Ffecc8Af : FILE MEMORY +{ + meta: + description = "Detects Windows Trojan Havoc (Windows.Trojan.Havoc)" + author = "Elastic Security" + id = "ffecc8af-4a64-4252-b7ca-3316d27c3942" + date = "2024-04-29" + modified = "2024-05-08" + reference = "https://github.com/elastic/protections-artifacts/" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Havoc.yar#L78-L107" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" + hash = "495d323651c252e38814b77b9c6c913b9489e769252ac8bbaf8432f15e0efe44" + logic_hash = "c9da6215db1de91a6cd52dd6558dc5a60bbd69abc6fa0db8714f001cdae20ddb" + score = 75 + quality = 75 + tags = "FILE, MEMORY" + fingerprint = "d09b0519d518b741cec7f6e42efaa657410edd36d027f54e515be510b33fa821" + severity = 100 + arch_context = "x86" + scan_context = "file, memory" + license = "Elastic License v2" + os = "windows" + + strings: + $commands_table = { 0B 00 00 00 00 00 00 00 [8] 64 00 00 00 00 00 00 00 [8] 15 00 00 00 00 00 00 00 [8] 10 10 00 00 00 00 00 00 [8] 0C 00 00 00 00 00 00 00 [8] 0F 00 00 00 00 00 00 00 [8] 14 00 00 00 00 00 00 00 [8] 01 20 00 00 00 00 00 00 [8] 03 20 00 00 00 00 00 00 [8] C4 09 00 00 00 00 00 00 [8] CE 09 00 00 00 00 00 00 [8] D8 09 00 00 00 00 00 00 [8] 34 08 00 00 00 00 00 00 [8] 16 00 00 00 00 00 00 00 [8] 18 00 00 00 00 00 00 00 [8] 1A 00 00 00 00 00 00 00 [8] 28 00 00 00 00 00 00 00 [8] E2 09 00 00 00 00 00 00 [8] EC 09 00 00 00 00 00 00 [8] F6 09 00 00 00 00 00 00 [8] 00 0A 00 00 00 00 00 00 [8] 5C 00 00 00 00 00 00 00 } + $hash_ldrloaddll = { 43 6A 45 9E } + $hash_ldrgetprocedureaddress = { B6 6B CE FC } + $hash_ntaddbootentry = { 76 C7 FC 8C } + $hash_ntallocatevirtualmemory = { EC B8 83 F7 } + $hash_ntfreevirtualmemory = { 09 C6 02 28 } + $hash_ntunmapviewofsection = { CD 12 A4 6A } + $hash_ntwritevirtualmemory = { 92 01 17 C3 } + $hash_ntsetinformationvirtualmemory = { 39 C2 6A 94 } + $hash_ntqueryvirtualmemory = { 5D E8 C0 10 } + $hash_ntopenprocesstoken = { 99 CA 0D 35 } + $hash_ntopenthreadtoken = { D2 47 33 80 } + + condition: + $commands_table and 4 of ($hash_*) +} rule ELASTIC_Multi_Trojan_Mythic_4Beb7E17 : FILE MEMORY { meta: @@ -93904,8 +94695,8 @@ rule ELASTIC_Multi_Trojan_Mythic_4Beb7E17 : FILE MEMORY date = "2023-08-01" modified = "2023-09-20" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Multi_Trojan_Mythic.yar#L1-L28" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Multi_Trojan_Mythic.yar#L1-L28" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "7b3b7bae1763f3c73df206f97065920fa55b973d22c967acb3d26ac8e89e60c7" score = 75 quality = 75 @@ -93942,8 +94733,8 @@ rule ELASTIC_Windows_Vulndriver_Biostar_D6Cc23Af : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_VulnDriver_Biostar.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_VulnDriver_Biostar.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "1d0397c263d51e9fc95bcc8baf98d1a853e1c0401cd0e27c7bf5da3fba1c93a8" logic_hash = "6a1f5de3a0daf446ceb812a9f5749410a3a7752dce44e935adc288c95816f59d" score = 75 @@ -93973,8 +94764,8 @@ rule ELASTIC_Windows_Vulndriver_Biostar_68682378 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_VulnDriver_Biostar.yar#L23-L43" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_VulnDriver_Biostar.yar#L23-L43" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "55fee54c0d0d873724864dc0b2a10b38b7f40300ee9cae4d9baaf8a202c4049a" logic_hash = "8510de6fc33bde153f3bd4d1bb8b0d98ce69aae479d242c6043ac8c712dbb888" score = 75 @@ -94004,8 +94795,8 @@ rule ELASTIC_Windows_Vulndriver_Biostar_684A5123 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_VulnDriver_Biostar.yar#L45-L65" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_VulnDriver_Biostar.yar#L45-L65" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "d205286bffdf09bc033c09e95c519c1c267b40c2ee8bab703c6a2d86741ccd3e" logic_hash = "7c0c7e14f9b5085a87e5dbe27feb8e49bdb4d2fdcfbcbc643999d7969d118240" score = 75 @@ -94035,8 +94826,8 @@ rule ELASTIC_Windows_Vulndriver_Biostar_E0B6Cf55 : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_VulnDriver_Biostar.yar#L67-L85" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_VulnDriver_Biostar.yar#L67-L85" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "73327429c505d8c5fd690a8ec019ed4fd5a726b607cabe71509111c7bfe9fc7e" logic_hash = "dccbf6fa46de1a8bc6438578b651055e2d02d15bd04461be74059e6fde40fca3" score = 75 @@ -94064,8 +94855,8 @@ rule ELASTIC_Windows_Backdoor_Dragoncastling_4Ecf6F9F : FILE MEMORY date = "2022-11-08" modified = "2022-12-20" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Backdoor_DragonCastling.yar#L1-L27" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Backdoor_DragonCastling.yar#L1-L27" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "9776c7ae6ca73f87d7c838257a5bcd946372fbb77ebed42eebdfb633b13cd387" logic_hash = "26ff86354230f1006bd451eab5c1634b91888330d124a06dd2dfa5ab515d6e1a" score = 75 @@ -94101,8 +94892,8 @@ rule ELASTIC_Windows_Trojan_Masslogger_511B001E : FILE MEMORY date = "2022-03-02" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_MassLogger.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_MassLogger.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "177875c756a494872c516000beb6011cec22bd9a73e58ba6b2371dba2ab8c337" logic_hash = "5abac5e32e55467710842e19c25cab5c7f1cdb0f8a68fb6808d54467c69ebdf6" score = 75 @@ -94135,8 +94926,8 @@ rule ELASTIC_Windows_Trojan_Caesarkbd_32Bb198B : FILE date = "2022-04-04" modified = "2022-06-09" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_CaesarKbd.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_CaesarKbd.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "d4335f4189240a3bcafa05fab01f0707cc8e3dd7a2998af734c24916d9e37ca8" logic_hash = "f708706524515f98ebf612ac98318ee7172347096251d9ccd723f439070521de" score = 75 @@ -94164,8 +94955,8 @@ rule ELASTIC_Linux_Trojan_Merlin_Bbad69B8 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Merlin.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Merlin.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "d9955487f7d08f705e41a5ff848fb6f02d6c88286a52ec837b7b555fb422d1b6" logic_hash = "e18079c9f018dc8d7f2fdf5c950b405f9f84ad2a5b18775dbef829fe1cb770c3" score = 75 @@ -94193,8 +94984,8 @@ rule ELASTIC_Linux_Trojan_Merlin_C6097296 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Merlin.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Merlin.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "d9955487f7d08f705e41a5ff848fb6f02d6c88286a52ec837b7b555fb422d1b6" logic_hash = "f48ed7f19ab29633600fde4bfea274bf36e7f60d700c9806b334d38a51d28b92" score = 75 @@ -94222,8 +95013,8 @@ rule ELASTIC_Windows_Hacktool_Cpulocker_73B41444 : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Hacktool_CpuLocker.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Hacktool_CpuLocker.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "dbfc90fa2c5dc57899cc75ccb9dc7b102cb4556509cdfecde75b36f602d7da66" logic_hash = "8fb33744326781c51bb6bd18d0574602256b813b62ec8344d5338e6442bb2de0" score = 75 @@ -94249,16 +95040,16 @@ rule ELASTIC_Windows_Trojan_Latrodectus_841Ff697 : FILE MEMORY author = "Elastic Security" id = "841ff697-f389-497a-b813-3b9e19cba26e" date = "2024-03-13" - modified = "2024-03-21" + modified = "2024-05-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Latrodectus.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Latrodectus.yar#L1-L26" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "aee22a35cbdac3f16c3ed742c0b1bfe9739a13469cf43b36fb2c63565111028c" - logic_hash = "824f40ef7e9d5f1cae4f85fa2d6697c98ee5e24238f2a2d1bb1b4917f72597b3" + logic_hash = "aa1a4813a18b4eb4f07e805ff9c87523ad74f59c0ed538212918335eaeee29d7" score = 75 quality = 75 tags = "FILE, MEMORY" - fingerprint = "e52d8706aeeedb09d5e4e223af74d8de2f136a20db96c0a823c1e8b3af379e19" + fingerprint = "8f095e7909860471e2702b247f4cefa694b698c236e67844ef0b0b7714518a18" severity = 100 arch_context = "x86" scan_context = "file, memory" @@ -94267,11 +95058,16 @@ rule ELASTIC_Windows_Trojan_Latrodectus_841Ff697 : FILE MEMORY strings: $Str1 = { 48 83 EC 38 C6 44 24 20 73 C6 44 24 21 63 C6 44 24 22 75 C6 44 24 23 62 C6 44 24 24 } - $Str2 = { 48 89 44 24 40 EB 02 EB 90 48 8B 4C 24 20 E8 1B D7 FF FF 48 8B 44 24 40 48 81 C4 E8 02 00 00 C3 CC CC 48 81 EC B8 00 00 00 } - $Str3 = { 44 24 68 BA 03 00 00 00 48 8B 4C 24 48 FF 15 ED D1 00 00 85 C0 75 14 48 8B 4C 24 50 E8 73 3E 00 00 B8 FF FF FF FF E9 A6 00 } + $crc32_loadlibrary = { 48 89 44 24 40 EB 02 EB 90 48 8B 4C 24 20 E8 ?? ?? FF FF 48 8B 44 24 40 48 81 C4 E8 02 00 00 C3 } + $delete_self = { 44 24 68 BA 03 00 00 00 48 8B 4C 24 48 FF 15 ED D1 00 00 85 C0 75 14 48 8B 4C 24 50 E8 ?? ?? 00 00 B8 FF FF FF FF E9 A6 00 } + $Str4 = { 89 44 24 44 EB 1F C7 44 24 20 00 00 00 00 45 33 C9 45 33 C0 33 D2 48 8B 4C 24 48 FF 15 7E BB 00 00 89 44 24 44 83 7C 24 44 00 75 02 EB 11 48 8B 44 24 48 EB 0C 33 C0 85 C0 0F 85 10 FE FF FF 33 } + $handler_check = { 83 BC 24 D8 01 00 00 12 74 36 83 BC 24 D8 01 00 00 0E 74 2C 83 BC 24 D8 01 00 00 0C 74 22 83 BC 24 D8 01 00 00 0D 74 18 83 BC 24 D8 01 00 00 0F 74 0E 83 BC 24 D8 01 00 00 04 0F 85 44 02 00 00 } + $hwid_calc = { 48 89 4C 24 08 48 8B 44 24 08 69 00 0D 66 19 00 48 8B 4C 24 08 89 01 48 8B 44 24 08 8B 00 C3 } + $string_decrypt = { 89 44 24 ?? 48 8B 44 24 ?? 0F B7 40 ?? 8B 4C 24 ?? 33 C8 8B C1 66 89 44 24 ?? 48 8B 44 24 ?? 48 83 C0 ?? 48 89 44 24 ?? 33 C0 66 89 44 24 ?? EB ?? } + $campaign_fnv = { 48 03 C8 48 8B C1 48 39 44 24 08 73 1E 48 8B 44 24 08 0F BE 00 8B 0C 24 33 C8 8B C1 89 04 24 69 04 24 93 01 00 01 89 04 24 EB BE } condition: - any of them + 2 of them } rule ELASTIC_Windows_Hacktool_Sharpmove_05E28928 : FILE MEMORY { @@ -94282,8 +95078,8 @@ rule ELASTIC_Windows_Hacktool_Sharpmove_05E28928 : FILE MEMORY date = "2022-11-20" modified = "2023-01-11" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Hacktool_SharpMove.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Hacktool_SharpMove.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "051f60f9f4665b96f764810defe9525ae7b4f9898249b83a23094cee63fa0c3b" logic_hash = "021a56dd47d9929e71b82b00d24aa8969a31945681dcf414c69b8d175fb0b6eb" score = 75 @@ -94315,8 +95111,8 @@ rule ELASTIC_Windows_Ransomware_Cuba_E64A16B1 : FILE MEMORY date = "2021-08-04" modified = "2021-10-04" reference = "https://www.elastic.co/security-labs/cuba-ransomware-campaign-analysis" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Cuba.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Cuba.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "33352a38454cfc247bc7465bf177f5f97d7fd0bd220103d4422c8ec45b4d3d0e" logic_hash = "915425ad49f1b9ebde114f92155d5969ec707304403f46d891d014b399165a4d" score = 75 @@ -94345,8 +95141,8 @@ rule ELASTIC_Windows_Ransomware_Cuba_95A98E69 : FILE MEMORY date = "2021-08-04" modified = "2021-10-04" reference = "https://www.elastic.co/security-labs/cuba-ransomware-campaign-analysis" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Cuba.yar#L23-L44" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Cuba.yar#L23-L44" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "00f18713f860dc8394fb23a1a2b6280d1eb2f20a487c175433a7b495a1ba408d" logic_hash = "d17ef93943e826613be4c21ad1e41d1daa33db9da0fa6106bb8ba6334ebe1d08" score = 75 @@ -94376,8 +95172,8 @@ rule ELASTIC_Linux_Rootkit_Dakkatoni_010D3Ac2 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Rootkit_Dakkatoni.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Rootkit_Dakkatoni.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "38b2d033eb5ce87faa4faa7fcac943d9373e432e0d45e741a0c01d714ee9d4d3" logic_hash = "51119321f29aed695e09da22d3234eae96db93e8029d4525d018e56c7131f7b8" score = 75 @@ -94405,8 +95201,8 @@ rule ELASTIC_Linux_Ransomware_Itssoeasy_30Bd68E0 : FILE MEMORY date = "2023-07-28" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Ransomware_ItsSoEasy.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Ransomware_ItsSoEasy.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "efb1024654e86c0c30d2ac5f97d27f5f27b4dd3f7f6ada65d58691f0d703461c" logic_hash = "a8838af442d1106bc9a7df93d6d8335ff0275bf5928acbb605e9bad58ce6bbd4" score = 75 @@ -94435,8 +95231,8 @@ rule ELASTIC_Windows_Trojan_Qbot_D91C1384 : FILE MEMORY date = "2021-07-08" modified = "2021-08-23" reference = "https://www.elastic.co/security-labs/exploring-the-qbot-attack-pattern" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Qbot.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Qbot.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "18ac3870aaa9aaaf6f4a5c0118daa4b43ad93d71c38bf42cb600db3d786c6dda" logic_hash = "8fd8249a2af236c92ccbc20b2a8380f69ca75976bd64bad167828e9ab4c6ed90" score = 75 @@ -94464,8 +95260,8 @@ rule ELASTIC_Windows_Trojan_Qbot_7D5Dc64A : FILE MEMORY date = "2021-10-04" modified = "2022-01-13" reference = "https://www.elastic.co/security-labs/exploring-the-qbot-attack-pattern" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Qbot.yar#L22-L42" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Qbot.yar#L22-L42" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "a2bacde7210d88675564106406d9c2f3b738e2b1993737cb8bf621b78a9ebf56" logic_hash = "5c8858502050494ab20a230f04c2c1cb4bfcd80f4a248dad82787d7ce67c741d" score = 75 @@ -94494,8 +95290,8 @@ rule ELASTIC_Windows_Trojan_Qbot_6Fd34691 : FILE MEMORY date = "2022-03-07" modified = "2022-04-12" reference = "https://www.elastic.co/security-labs/exploring-the-qbot-attack-pattern" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Qbot.yar#L44-L64" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Qbot.yar#L44-L64" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "0838cd11d6f504203ea98f78cac8f066eb2096a2af16d27fb9903484e7e6a689" logic_hash = "9422d9f276f0c8c2990ece3282d918abc6fcce7eeb6809d46ae6b768a501a877" score = 75 @@ -94524,8 +95320,8 @@ rule ELASTIC_Windows_Trojan_Qbot_3074A8D4 : FILE MEMORY date = "2022-06-07" modified = "2022-07-18" reference = "https://www.elastic.co/security-labs/exploring-the-qbot-attack-pattern" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Qbot.yar#L66-L97" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Qbot.yar#L66-L97" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "c2ba065654f13612ae63bca7f972ea91c6fe97291caeaaa3a28a180fb1912b3a" logic_hash = "90c06bd09fe640bb5a6be8e4f2384fb15c7501674d57db005e790ed336740c99" score = 75 @@ -94565,8 +95361,8 @@ rule ELASTIC_Windows_Trojan_Qbot_1Ac22A26 : FILE MEMORY date = "2022-12-29" modified = "2023-02-01" reference = "https://www.elastic.co/security-labs/exploring-the-qbot-attack-pattern" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Qbot.yar#L99-L136" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Qbot.yar#L99-L136" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "c2ba065654f13612ae63bca7f972ea91c6fe97291caeaaa3a28a180fb1912b3a" logic_hash = "d9beaf4a8c28a0b3c38dda6bf22a96b8c96ef715bd36de880504a9f970338fe2" score = 75 @@ -94612,8 +95408,8 @@ rule ELASTIC_Linux_Backdoor_Tinyshell_67Ee6Fae : FILE MEMORY date = "2021-10-12" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Backdoor_Tinyshell.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Backdoor_Tinyshell.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "9d2e25ec0208a55fba97ac70b23d3d3753e9b906b4546d1b14d8c92f8d8eb03d" logic_hash = "200d4267e21b8934deecc48273294f2e34464fcb412e39f3f5a006278631b9f1" score = 75 @@ -94644,8 +95440,8 @@ rule ELASTIC_Linux_Trojan_Masan_5369C678 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Masan.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Masan.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "f2de9f39ca3910d5b383c245d8ca3c1bdf98e2309553599e0283062e0aeff17f" logic_hash = "e57b105004216a6054b0561b69cce00c35255c5bd33aa8e403d0a3967cd0697e" score = 75 @@ -94673,8 +95469,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_364F3B7B : FILE MEMORY CVE_2016_5195 date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "0d4c43bf0cdd6486a4bcab988517e58b8c15d276f41600e596ecc28b0b728e69" logic_hash = "5950195453232e4752b58c9e466c4df1b5ca2b22d5325730de69cd4178438aa7" score = 75 @@ -94702,8 +95498,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_3A2Ed31B : FILE MEMORY CVE_2016_5195 date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "ebbf3bc39ec661e2029d88960a5608e348de92089099019348bc0e891841690f" logic_hash = "30cd10e38cbda719d9c344efd813e9a19e738a5251e3622957c8349e94366a29" score = 75 @@ -94731,8 +95527,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_7448814C : FILE MEMORY CVE_2016_5195 date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "e95d0783b635e34743109d090af17aef2e507e8c90060d171e71d9ac79e083ba" logic_hash = "0024b2cc22bf6c2dfc3b73ba91080cea8d502659db38d94b19338382e2fc0c84" score = 75 @@ -94760,8 +95556,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_2Fa988E3 : FILE MEMORY CVE_2016_5195 date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "679392e78d4abefc05b885e43aaccc2da235bd7f2a267c6ecfbe2cf824776993" logic_hash = "55c3992ca62ebaf8d45aff818d3261838d239f2004125689ea81edca2cfa59c2" score = 75 @@ -94789,8 +95585,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_Ea8801Ac : FILE MEMORY CVE_2016_5195 date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L81-L99" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L81-L99" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "7acccfd8c2e5555a3e3bf979ad2314c12a939c1ef32b66e61e30a712f07164fd" logic_hash = "00a7f71a0559f937ace15465059147839598897467db6176040882d86111bcd2" score = 75 @@ -94818,8 +95614,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_B2Ebdebd : FILE MEMORY CVE_2016_5195 date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L101-L119" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L101-L119" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "dee49d4b7f406fd1728dad4dc217484ced2586e014e2cd265ea64eff70a2633d" logic_hash = "a9d6ffa65b503f9aa13a0054fa92e346c86585418b6b72131efc00340f8ec224" score = 75 @@ -94847,8 +95643,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_9190D516 : FILE MEMORY CVE_2016_5195 date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L121-L139" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L121-L139" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "837ffed1f23293dc9c7cb994601488fc121751a249ffde51326947c33c5fca7f" logic_hash = "370248d2b6bb625d65f160b62f1b4a7d2809f3fedfb98a009b19dab61f0ba57e" score = 75 @@ -94876,8 +95672,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_3B460716 : FILE MEMORY CVE_2016_5195 date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L141-L159" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L141-L159" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "8c4d49d4881ebdab1bd0e083d4e644cfc8eb7af3b96664598526ab3d175fc420" logic_hash = "759e08c9e3405d841aa467c3343cfac01fed9e9d86aca90139d0eae8855942e5" score = 75 @@ -94905,8 +95701,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_Ccfd7518 : FILE MEMORY CVE_2016_5195 date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L161-L179" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L161-L179" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "b1017db71cf195aa565c57fed91ff1cdfcce344dc76526256d5817018f1351bf" logic_hash = "02720152af167f1a7e5707f97aa920c6d955458df58d8ef0d9eba868da6a16af" score = 75 @@ -94934,8 +95730,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_D41C2C63 : FILE MEMORY CVE_2016_5195 date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L181-L199" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L181-L199" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "a4e5751b4e8fa2e9b70e1e234f435a03290c414f9547dc7709ce2ee4263a35f1" logic_hash = "c9460cfc2b6d686145be9afd3ed670619f04c7155b03caa193222cba8405160d" score = 75 @@ -94963,8 +95759,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_Ffa7F059 : FILE MEMORY CVE_2016_5195 date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L201-L219" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L201-L219" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "a073c6be047ea7b4500b1ffdc8bdadd9a06f9efccd38c88e0fc976b97b2b2df5" logic_hash = "b558066b80232ceb32c625f49a0ddeccd4b3bc52e664e5a72f2aa7361bcec352" score = 75 @@ -94992,8 +95788,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_Fb24C7E4 : FILE MEMORY CVE_2016_5195 date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L221-L239" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L221-L239" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "a073c6be047ea7b4500b1ffdc8bdadd9a06f9efccd38c88e0fc976b97b2b2df5" logic_hash = "17a2a628f2d1fa088a1e0c5b2ad3f08e24b8504033b328c944b9ae83a5d12fcc" score = 75 @@ -95021,8 +95817,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_B45098Df : FILE MEMORY CVE_2016_5195 date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L241-L259" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L241-L259" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "e053aca86570b3781b3e08daab51382712270d2a375257c8b5789d3d87149314" logic_hash = "4622551b73a12c5399df1f4e052ce32b4cee04486a870bc92942c8597dcad1f7" score = 75 @@ -95050,8 +95846,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_9C67A994 : FILE MEMORY CVE_2016_5195 date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L261-L279" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L261-L279" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "70429d67402a43ed801e295b1ae1757e4fccd5d786c09ee054591ae51dfc1b25" logic_hash = "742ce59fadefe242ca97d8ce603976fa8b5e1ba55ede38434c04dcd6f4891712" score = 75 @@ -95079,8 +95875,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_Ab87C1Ed : FILE MEMORY CVE_2016_5195 date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L281-L299" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L281-L299" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "c13c32d3a14cbc9c2580b1c76625cce8d48c5ae683230149a3f41640655e7f28" logic_hash = "737f5ff982d2b656918ad3258ca20bce2ec416f2af743335b9a87a86f78be810" score = 75 @@ -95108,8 +95904,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_F1C0482A : FILE MEMORY CVE_2016_5195 date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L301-L319" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L301-L319" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "a12a1e8253ee1244b018fd3bdcb6b7729dfe16e06aed470f6b08344a110a4061" logic_hash = "084ba60d8464ef5bf3a3aa942bb88caf447c6cee3ebf023157bd261226057663" score = 75 @@ -95137,8 +95933,8 @@ rule ELASTIC_Macos_Trojan_Metasploit_6Cab0Ec0 : FILE MEMORY date = "2021-09-30" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/MacOS_Trojan_Metasploit.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/MacOS_Trojan_Metasploit.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "7ab5490dca314b442181f9a603252ad7985b719c8aa35ddb4c3aa4b26dcc8a42" logic_hash = "c19fe812b74b034bfb42c0e2ee552d879ed038e054c5870b85e7e610d3184198" score = 75 @@ -95166,8 +95962,8 @@ rule ELASTIC_Macos_Trojan_Metasploit_293Bfea9 : FILE MEMORY date = "2021-09-30" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/MacOS_Trojan_Metasploit.yar#L21-L42" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/MacOS_Trojan_Metasploit.yar#L21-L42" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "7ab5490dca314b442181f9a603252ad7985b719c8aa35ddb4c3aa4b26dcc8a42" logic_hash = "b8bd0d034a6306f99333723d77724ae53c1a189dad3fad7417f2d2fde214c24a" score = 75 @@ -95198,8 +95994,8 @@ rule ELASTIC_Macos_Trojan_Metasploit_448Fa81D : FILE MEMORY date = "2021-09-30" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/MacOS_Trojan_Metasploit.yar#L44-L64" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/MacOS_Trojan_Metasploit.yar#L44-L64" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "7ab5490dca314b442181f9a603252ad7985b719c8aa35ddb4c3aa4b26dcc8a42" logic_hash = "ab0608920b9f632bad99e1358f21a88bc6048f46fca21a488a1a10b7ef1e42ae" score = 75 @@ -95229,8 +96025,8 @@ rule ELASTIC_Macos_Trojan_Metasploit_768Df39D : FILE MEMORY date = "2021-09-30" modified = "2021-10-25" reference = "https://github.com/rapid7/metasploit-framework/blob/master/modules/payloads/singles/osx/x86/shell_reverse_tcp.rb" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/MacOS_Trojan_Metasploit.yar#L66-L85" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/MacOS_Trojan_Metasploit.yar#L66-L85" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "140ba93d57b27325f66b36132ecaab205663e3e582818baf377e050802c8d152" score = 75 quality = 75 @@ -95258,8 +96054,8 @@ rule ELASTIC_Macos_Trojan_Metasploit_7Ce0B709 : FILE MEMORY date = "2021-09-30" modified = "2021-10-25" reference = "https://github.com/rapid7/metasploit-framework/blob/master/modules/payloads/singles/osx/x86/shell_bind_tcp.rb" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/MacOS_Trojan_Metasploit.yar#L87-L106" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/MacOS_Trojan_Metasploit.yar#L87-L106" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "56fc05ece464d562ff6e56247756454c940c07b03c4a4c783b2bae4d5807247a" score = 75 quality = 75 @@ -95287,8 +96083,8 @@ rule ELASTIC_Macos_Trojan_Metasploit_F11Ccdac : FILE MEMORY date = "2021-09-30" modified = "2021-10-25" reference = "https://github.com/rapid7/metasploit-framework/blob/master/modules/payloads/singles/osx/x86/shell_find_port.rb" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/MacOS_Trojan_Metasploit.yar#L108-L127" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/MacOS_Trojan_Metasploit.yar#L108-L127" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "fcf578d3e98b591b33cb6f4bec1b9e92a7e1a88f0b56f3c501f9089d2094289c" score = 75 quality = 75 @@ -95316,8 +96112,8 @@ rule ELASTIC_Macos_Trojan_Metasploit_D9B16F4C : FILE MEMORY date = "2021-09-30" modified = "2021-10-25" reference = "https://github.com/rapid7/metasploit-framework/blob/master/modules/payloads/singles/osx/x86/vforkshell_bind_tcp.rb" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/MacOS_Trojan_Metasploit.yar#L129-L148" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/MacOS_Trojan_Metasploit.yar#L129-L148" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "8e082878fb52f6314ec8c725dd279447ee8a0fc403c47ffd997712adb496e7c3" score = 75 quality = 75 @@ -95345,8 +96141,8 @@ rule ELASTIC_Macos_Trojan_Metasploit_2992B917 : FILE MEMORY date = "2021-09-30" modified = "2021-10-25" reference = "https://github.com/rapid7/metasploit-framework/blob/master/modules/payloads/singles/osx/x86/vforkshell_reverse_tcp.rb" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/MacOS_Trojan_Metasploit.yar#L150-L169" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/MacOS_Trojan_Metasploit.yar#L150-L169" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "10056ffb719092f83ad236a63ef6fa1f40568e500c042bd737575997bb67a8ec" score = 75 quality = 75 @@ -95374,8 +96170,8 @@ rule ELASTIC_Macos_Trojan_Metasploit_27D409F1 : FILE MEMORY date = "2021-09-30" modified = "2021-10-25" reference = "https://github.com/rapid7/metasploit-framework/blob/master/modules/payloads/singles/osx/x64/shell_bind_tcp.rb" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/MacOS_Trojan_Metasploit.yar#L171-L190" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/MacOS_Trojan_Metasploit.yar#L171-L190" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "b757e0ab6665a3e4846c6bbe4386e9d9a730ece00a2453933ce771aec2dd716e" score = 75 quality = 75 @@ -95403,8 +96199,8 @@ rule ELASTIC_Macos_Trojan_Metasploit_65A2394B : FILE MEMORY date = "2021-09-30" modified = "2021-10-25" reference = "https://github.com/rapid7/metasploit-framework/blob/master/modules/payloads/stages/osx/x86/vforkshell.rb" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/MacOS_Trojan_Metasploit.yar#L192-L211" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/MacOS_Trojan_Metasploit.yar#L192-L211" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "f01f671b0bf9fa53aa3383c88ba871742f0e55dbdae4278f440ed29f35eb1ca1" score = 75 quality = 75 @@ -95432,8 +96228,8 @@ rule ELASTIC_Macos_Trojan_Metasploit_C7B7A90B : FILE MEMORY date = "2021-09-30" modified = "2021-10-25" reference = "https://github.com/rapid7/metasploit-framework/blob/master/modules/payloads/stagers/osx/x86/reverse_tcp.rb" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/MacOS_Trojan_Metasploit.yar#L213-L232" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/MacOS_Trojan_Metasploit.yar#L213-L232" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "d4b1f01bf8434dd69188d2ad0b376fad3a4d9c94ebe74d40f05019baf95b5496" score = 75 quality = 75 @@ -95461,8 +96257,8 @@ rule ELASTIC_Macos_Trojan_Metasploit_4Bd6Aaca : FILE MEMORY date = "2021-09-30" modified = "2021-10-25" reference = "https://github.com/rapid7/metasploit-framework/blob/master/modules/payloads/stagers/osx/x86/bind_tcp.rb" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/MacOS_Trojan_Metasploit.yar#L234-L253" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/MacOS_Trojan_Metasploit.yar#L234-L253" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "a3de610ced90679f6fa0dcdf7890a64369c774839ea30018a7ef6fe9289d3d17" score = 75 quality = 75 @@ -95490,8 +96286,8 @@ rule ELASTIC_Macos_Trojan_Metasploit_5E5B685F : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/MacOS_Trojan_Metasploit.yar#L255-L273" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/MacOS_Trojan_Metasploit.yar#L255-L273" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "cdf0a3c07ef1479b53d49b8f22a9f93adcedeea3b869ef954cc043e54f65c3d0" logic_hash = "003fb4f079b125f37899a2b3cb62d80edd5b3e5ccbed5bc1ea514a4a173d329d" score = 75 @@ -95519,8 +96315,8 @@ rule ELASTIC_Windows_Vulndriver_Winflash_881758Da : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_VulnDriver_WinFlash.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_VulnDriver_WinFlash.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "8596ea3952d84eeef8f5dc5b0b83014feb101ec295b2d80910f21508a95aa026" logic_hash = "a46ac1f19ba5d9543c88434575870b61fbb935cd4c4e28cb80a077502af7d2db" score = 75 @@ -95548,8 +96344,8 @@ rule ELASTIC_Windows_Ransomware_Lockbit_89E64044 : FILE MEMORY date = "2021-08-06" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Lockbit.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Lockbit.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "0d6524b9a1d709ecd9f19f75fa78d94096e039b3d4592d13e8dbddf99867182d" logic_hash = "bd504b078704b9f307a50c8556c143eee061015a9727670137aadc47ae93e2a6" score = 75 @@ -95579,8 +96375,8 @@ rule ELASTIC_Windows_Ransomware_Lockbit_A1C60939 : FILE MEMORY date = "2021-08-06" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Lockbit.yar#L23-L41" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Lockbit.yar#L23-L41" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "0d6524b9a1d709ecd9f19f75fa78d94096e039b3d4592d13e8dbddf99867182d" logic_hash = "6e6d88251e93f69788ad22fc915133f3ba0267984d6a5004d5ca44dcd9f5f052" score = 75 @@ -95608,8 +96404,8 @@ rule ELASTIC_Windows_Ransomware_Lockbit_369E1E94 : FILE MEMORY date = "2022-07-05" modified = "2022-07-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Lockbit.yar#L43-L67" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Lockbit.yar#L43-L67" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee" logic_hash = "c34dafc024d85902b85fc3424573abb8781d6fab58edd86c255266db3635ce98" score = 75 @@ -95643,8 +96439,8 @@ rule ELASTIC_Windows_Trojan_Systembc_5E883723 : FILE MEMORY date = "2022-03-22" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_SystemBC.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_SystemBC.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "b432805eb6b2b58dd957481aa8a973be58915c26c04630ce395753c6a5196b14" logic_hash = "fde2e0b5debd4d26838fb245fdf8e5103ab5aab9feff900cbba00c1950adc61a" score = 75 @@ -95668,6 +96464,40 @@ rule ELASTIC_Windows_Trojan_Systembc_5E883723 : FILE MEMORY condition: all of them } +rule ELASTIC_Windows_Trojan_Systembc_C1B58C2F : FILE MEMORY +{ + meta: + description = "Detects Windows Trojan Systembc (Windows.Trojan.SystemBC)" + author = "Elastic Security" + id = "c1b58c2f-8bbf-4c03-9f53-13ab2fb081cc" + date = "2024-05-02" + modified = "2024-05-08" + reference = "https://github.com/elastic/protections-artifacts/" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_SystemBC.yar#L26-L49" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" + hash = "016fc1db90d9d18fe25ed380606346ef12b886e1db0d80fe58c22da23f6d677d" + logic_hash = "16ed14dac0c30500c5e91759b0a1b321f3bd53ae6aab1389a685582eba72c222" + score = 75 + quality = 75 + tags = "FILE, MEMORY" + fingerprint = "dfbf98554e7fb8660e4eebd6ad2fadc394fc2a4168050390370ec358f6af1c1d" + severity = 100 + arch_context = "x86" + scan_context = "file, memory" + license = "Elastic License v2" + os = "windows" + + strings: + $a1 = "GET %s HTTP/1.0" ascii fullword + $a2 = "HOST1:" + $a3 = "PORT1:" + $a4 = "-WindowStyle Hidden -ep bypass -file \"" ascii fullword + $a5 = "BEGINDATA" ascii fullword + $a6 = "socks32.dll" ascii fullword + + condition: + 5 of them +} rule ELASTIC_Linux_Trojan_Kinsing_196523Fa : FILE MEMORY { meta: @@ -95677,8 +96507,8 @@ rule ELASTIC_Linux_Trojan_Kinsing_196523Fa : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Kinsing.yar#L1-L18" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Kinsing.yar#L1-L18" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "baa5808fcf22700ae96844dbf8cb3bec52425eec365d2ba4c71b73ece11a69a2" score = 75 quality = 75 @@ -95705,8 +96535,8 @@ rule ELASTIC_Linux_Trojan_Kinsing_7Cdbe9Fa : FILE MEMORY date = "2021-12-13" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Kinsing.yar#L20-L38" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Kinsing.yar#L20-L38" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "b3527e3d03a30fcf1fdaa73a1b3743866da6db088fbfa5f51964f519e22d05e6" logic_hash = "c6f5d2cf0430301ec0eae57808100203b69428f258e0e6882fecbc762d73f4bf" score = 75 @@ -95734,8 +96564,8 @@ rule ELASTIC_Linux_Trojan_Kinsing_2C1Ffe78 : FILE MEMORY date = "2021-12-13" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Kinsing.yar#L40-L58" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Kinsing.yar#L40-L58" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "b3527e3d03a30fcf1fdaa73a1b3743866da6db088fbfa5f51964f519e22d05e6" logic_hash = "9561511710eef5877c5afa49890b77fbad31a6e312b5cd33fc01f91ff2a73583" score = 75 @@ -95763,8 +96593,8 @@ rule ELASTIC_Linux_Trojan_Kinsing_85276Fb4 : FILE MEMORY date = "2021-12-13" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Kinsing.yar#L60-L78" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Kinsing.yar#L60-L78" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "b3527e3d03a30fcf1fdaa73a1b3743866da6db088fbfa5f51964f519e22d05e6" logic_hash = "6919afd133e7e369eece10ea79d9d17a1a3fbb6210593395e0be157f8c262811" score = 75 @@ -95792,8 +96622,8 @@ rule ELASTIC_Linux_Backdoor_Bash_E427876D : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Backdoor_Bash.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Backdoor_Bash.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "07db41a4ddaac802b04df5e5bbae0881fead30cb8f6fa53a8a2e1edf14f2d36b" logic_hash = "fdd066b746416730419787d21eb53fa2ba997679a237d9db3a2e1365d43df892" score = 75 @@ -95821,8 +96651,8 @@ rule ELASTIC_Windows_Ransomware_Nightsky_A7F19411 : FILE MEMORY date = "2022-01-11" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Nightsky.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Nightsky.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "1fca1cd04992e0fcaa714d9dfa97323d81d7e3d43a024ec37d1c7a2767a17577" logic_hash = "defc7ab43035c663302edfda60a4b57cb301b3d61662afe3ce1de2ac93cfc3e2" score = 75 @@ -95853,8 +96683,8 @@ rule ELASTIC_Windows_Ransomware_Nightsky_253C4D0D : FILE MEMORY date = "2022-03-14" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Nightsky.yar#L24-L42" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Nightsky.yar#L24-L42" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "2c940a35025dd3847f7c954a282f65e9c2312d2ada28686f9d1dc73d1c500224" logic_hash = "ba9e6dab664e464e0fdc65bd8bdccc661846d85e7fd8fbf089e72e9e5b71fb17" score = 75 @@ -95882,8 +96712,8 @@ rule ELASTIC_Windows_Trojan_Nimplant_44Ff3211 : FILE MEMORY date = "2023-06-23" modified = "2023-07-10" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Nimplant.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Nimplant.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "b56e20384f98e1d2417bb7dcdbfb375987dd075911b74ea7ead082494836b8f4" logic_hash = "ee519d8d722404ed440b385d283a41921bc34ee11f0e7273cdc074b377494c39" score = 75 @@ -95913,8 +96743,8 @@ rule ELASTIC_Windows_Trojan_Nanocore_D8C4E3C5 : FILE MEMORY date = "2021-06-13" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Nanocore.yar#L1-L29" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Nanocore.yar#L1-L29" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd" logic_hash = "fcc13e834cd8a1f86b453fe3c0333cd358e129d6838a339a824f1a095d85552d" score = 75 @@ -95952,8 +96782,8 @@ rule ELASTIC_Windows_Trojan_Bazar_711D59F6 : FILE MEMORY date = "2021-06-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Bazar.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Bazar.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "f29253139dab900b763ef436931213387dc92e860b9d3abb7dcd46040ac28a0e" logic_hash = "3bde62b468c44bdc18878fd369a7f0cf06f7be64149587a11524f725fa875f69" score = 75 @@ -95981,8 +96811,8 @@ rule ELASTIC_Windows_Trojan_Bazar_9Dddea36 : FILE MEMORY date = "2021-06-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Bazar.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Bazar.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "63df43daa61f9a0fbea2e5409b8f0063f7af3363b6bc8d6984ce7e90c264727d" logic_hash = "cf88e2e896fce742ad3325d53523167d6eb42188309ed4e66f73601bbb85574e" score = 75 @@ -96010,8 +96840,8 @@ rule ELASTIC_Windows_Trojan_Bazar_3A2Cc53B : FILE MEMORY date = "2021-06-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Bazar.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Bazar.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "b057eb94e711995fd5fd6c57aa38a243575521b11b98734359658a7a9829b417" logic_hash = "8cde37be646dbcf7e7f5e3f28f0fe8c95480861c62fa2ee8cdd990859313756c" score = 75 @@ -96039,8 +96869,8 @@ rule ELASTIC_Windows_Trojan_Bazar_De8D625A : FILE MEMORY date = "2022-01-14" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Bazar.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Bazar.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "1ad9ac4785b82c8bfa355c7343b9afc7b1f163471c41671ea2f9152a1b550f0c" logic_hash = "5fd7bb4ac818ec1b4bfcb7d236868a31b2f726182407c07c7f06c1d7e9c15d02" score = 75 @@ -96068,8 +96898,8 @@ rule ELASTIC_Linux_Trojan_Ipstorm_3C43D4A7 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Ipstorm.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Ipstorm.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "5103133574615fb49f6a94607540644689be017740d17005bc08b26be9485aa7" logic_hash = "c7e9191312197f8925d7231d0b8badf8b5ca35685df909c0d1feb301b4385d7b" score = 75 @@ -96097,8 +96927,8 @@ rule ELASTIC_Linux_Trojan_Ipstorm_F9269F00 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Ipstorm.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Ipstorm.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "5103133574615fb49f6a94607540644689be017740d17005bc08b26be9485aa7" logic_hash = "5914d222b49aaf6c1040e48ffd93c04bd5df25f1d97bde79b034862fca6555f6" score = 75 @@ -96126,8 +96956,8 @@ rule ELASTIC_Linux_Trojan_Ipstorm_08Bcf61C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Ipstorm.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Ipstorm.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "503f293d84de4f2c826f81a68180ad869e0d1448ea6c0dbf09a7b23801e1a9b9" logic_hash = "fb2755c04b61d19788a92b8c9c1c9eb2552b62b27011e302840fdcf689b3d9b4" score = 75 @@ -96155,8 +96985,8 @@ rule ELASTIC_Windows_Ransomware_Egregor_F24023F3 : BETA FILE MEMORY date = "2020-10-15" modified = "2021-08-23" reference = "https://www.bankinfosecurity.com/egregor-ransomware-adds-to-data-leak-trend-a-15110" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Egregor.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Egregor.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "5695b44f6ce018a91a99b6c94feae740ff4ac187e232bc9044e51d62d1f42bfa" score = 75 quality = 75 @@ -96189,8 +97019,8 @@ rule ELASTIC_Windows_Ransomware_Egregor_4Ec2B90C : BETA FILE MEMORY date = "2020-10-15" modified = "2021-08-23" reference = "https://www.bankinfosecurity.com/egregor-ransomware-adds-to-data-leak-trend-a-15110" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Egregor.yar#L27-L48" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Egregor.yar#L27-L48" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "8342d92e1486b1289645828e5ee5f1f6f21a0e645dd7cc4eca908ed59c2f1c4c" score = 75 quality = 73 @@ -96220,8 +97050,8 @@ rule ELASTIC_Linux_Trojan_Backconnect_C6803B39 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Backconnect.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Backconnect.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "a5e6b084cdabe9a4557b5ff8b2313db6c3bb4ba424d107474024030115eeaa0f" logic_hash = "02750b2788c2912bba0fc8594f6a12c75ce1f41d1075acf7c920f6e616ab65c7" score = 75 @@ -96249,8 +97079,8 @@ rule ELASTIC_Windows_Vulndriver_Eneio_6E01882F : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_VulnDriver_EneIo.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_VulnDriver_EneIo.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "175eed7a4c6de9c3156c7ae16ae85c554959ec350f1c8aaa6dfe8c7e99de3347" logic_hash = "144ac5375cb637b6301a2275f2412fbd0d0c5fb23105c7cce5aa7912cf68fa2c" score = 75 @@ -96278,8 +97108,8 @@ rule ELASTIC_Windows_Vulndriver_Asrock_986D2D3C : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_VulnDriver_Asrock.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_VulnDriver_Asrock.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "3943a796cc7c5352aa57ccf544295bfd6fb69aae147bc8235a00202dc6ed6838" logic_hash = "d767a1ecdff557753f80ac9d73f02364dd035f7a287d0f260316f807364af2d5" score = 75 @@ -96307,8 +97137,8 @@ rule ELASTIC_Windows_Vulndriver_Asrock_Cdf192F9 : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_VulnDriver_Asrock.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_VulnDriver_Asrock.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "2003b478b9fd1b3d76ec5bf4172c2e8915babbbee7ad1783794acbf8d4c2519d" logic_hash = "2f844b6d3fa19fd39097395175162578ad71d78c61dad104efd320cd8285fa6b" score = 75 @@ -96336,8 +97166,8 @@ rule ELASTIC_Windows_Vulndriver_Asrock_0Eca57Dc : FILE date = "2023-07-20" modified = "2023-07-20" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_VulnDriver_Asrock.yar#L41-L62" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_VulnDriver_Asrock.yar#L41-L62" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "9d9346e6f46f831e263385a9bd32428e01919cca26a035bbb8e9cb00bf410bc3" hash = "a0728184caead84f2e88777d833765f2d8af6a20aad77b426e07e76ef91f5c3f" logic_hash = "82a0cba571dc58ed8d3fd87d3650ec0c1016e6c8e972547f6120ba91c8febce1" @@ -96368,8 +97198,8 @@ rule ELASTIC_Linux_Trojan_Lala_51Deb1F9 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Lala.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Lala.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "f3af65d3307fbdc2e8ce6e1358d1413ebff5eeb5dbedc051394377a4dabffa82" logic_hash = "73a7ec230be9aabcc301095c9c075f839852155419bdd8d5542287f34699ab33" score = 75 @@ -96397,8 +97227,8 @@ rule ELASTIC_Windows_Ransomware_Hive_55619Cd0 : FILE MEMORY date = "2021-08-26" modified = "2022-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Hive.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Hive.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "50ad0e6e9dc72d10579c20bb436f09eeaa7bfdbcb5747a2590af667823e85609" logic_hash = "51e2b03a9f9b92819bbf05ecbb33a23662a40e7d51f9812aa8243c4506057f1f" score = 75 @@ -96428,8 +97258,8 @@ rule ELASTIC_Windows_Ransomware_Hive_3Ed67Fe6 : FILE MEMORY date = "2021-08-26" modified = "2022-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Hive.yar#L23-L45" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Hive.yar#L23-L45" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "50ad0e6e9dc72d10579c20bb436f09eeaa7bfdbcb5747a2590af667823e85609" logic_hash = "a599f0d528bdbec00afa7e9a5cddec5e799ee755a7f30af70dde7d2459b70155" score = 75 @@ -96461,8 +97291,8 @@ rule ELASTIC_Windows_Ransomware_Hive_B97Ec33B : FILE MEMORY date = "2021-08-26" modified = "2022-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Hive.yar#L47-L65" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Hive.yar#L47-L65" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "50ad0e6e9dc72d10579c20bb436f09eeaa7bfdbcb5747a2590af667823e85609" logic_hash = "10034d9f53fd5099a423269e0c42c01eac18318f5d11599e1390912c8fd7af25" score = 75 @@ -96490,8 +97320,8 @@ rule ELASTIC_Windows_Trojan_A310Logger_520Cd7Ec : FILE MEMORY date = "2022-01-11" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_A310logger.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_A310logger.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "60fb9597e5843c72d761525f73ca728409579d81901860981ebd84f7d153cfa3" logic_hash = "6095ce913e3fb1cfc2f1b091598fc06b2dfec30c2353be7df08dcbb1a06b07c3" score = 75 @@ -96523,8 +97353,8 @@ rule ELASTIC_Linux_Trojan_Badbee_231Cb054 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Badbee.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Badbee.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "832ba859c3030e58b94398ff663ddfe27078946a83dcfc81a5ef88351d41f4e2" logic_hash = "a1ed8f2da9b4f891a5c65d943424bb7c465f0d07e7756e292c617ce5ef14d182" score = 75 @@ -96552,8 +97382,8 @@ rule ELASTIC_Linux_Exploit_Alie_E69De1Ee : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_Alie.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_Alie.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "882839549f062ab4cbe6df91336ed320eaf6c2300fc2ed64d1877426a0da567d" logic_hash = "bb4625751c924b9ff5d32cc044fcff68892e82d9e94d679c4e4c8286f680a854" score = 75 @@ -96581,8 +97411,8 @@ rule ELASTIC_Windows_Trojan_Asyncrat_11A11Ba1 : FILE MEMORY date = "2021-08-05" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Asyncrat.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Asyncrat.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "fe09cd1d13b87c5e970d3cbc1ebc02b1523c0a939f961fc02c1395707af1c6d1" logic_hash = "c6c4ce9ccf01c280be6c25c0c82c34b601626bc200b84d3e77b08be473335d3d" score = 75 @@ -96615,8 +97445,8 @@ rule ELASTIC_Linux_Ransomware_Clop_728Cf32A : FILE MEMORY date = "2023-07-27" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Ransomware_Clop.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Ransomware_Clop.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "09d6dab9b70a74f61c41eaa485b37de9a40c86b6d2eae7413db11b4e6a8256ef" logic_hash = "31c2fdfcfc46ad1dd69489536172937b9771d8505f36c7bd8dc796f40a2fe4d2" score = 75 @@ -96647,8 +97477,8 @@ rule ELASTIC_Windows_Trojan_Downtown_901C4Fdd : FILE MEMORY date = "2023-05-10" modified = "2023-06-13" reference = "https://www.elastic.co/security-labs/introducing-the-ref5961-intrusion-set" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_DownTown.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_DownTown.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "6368d37fa9ba4e32131e16bceaee322f2fa8507873d01ebd687536e593354725" score = 75 quality = 75 @@ -96677,8 +97507,8 @@ rule ELASTIC_Windows_Trojan_Downtown_145Ecd2F : FILE MEMORY date = "2023-08-23" modified = "2023-09-20" reference = "https://www.elastic.co/security-labs/introducing-the-ref5961-intrusion-set" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_DownTown.yar#L23-L44" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_DownTown.yar#L23-L44" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "744a51c5317e265177185d9d0b8838a8fc939b4c56cc5e5bc51d5432d046d9f1" score = 75 quality = 75 @@ -96708,8 +97538,8 @@ rule ELASTIC_Windows_Trojan_Emotet_18379A8D : FILE MEMORY date = "2021-11-17" modified = "2022-01-13" reference = "https://www.elastic.co/security-labs/emotet-dynamic-configuration-extraction" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Emotet.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Emotet.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "eeb13cd51faa7c23d9a40241d03beb239626fbf3efe1dbbfa3994fc10dea0827" logic_hash = "2ad72ce2a352b91a4fa597ee9e796035298cfcee6fdc13dd3f64579d8da96b97" score = 75 @@ -96737,8 +97567,8 @@ rule ELASTIC_Windows_Trojan_Emotet_5528B3B0 : FILE MEMORY date = "2021-11-17" modified = "2022-01-13" reference = "https://www.elastic.co/security-labs/emotet-dynamic-configuration-extraction" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Emotet.yar#L22-L41" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Emotet.yar#L22-L41" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "eeb13cd51faa7c23d9a40241d03beb239626fbf3efe1dbbfa3994fc10dea0827" logic_hash = "bb784ab0e064bafa8450b6bb15ef534af38254ea3c096807571c2c27f7cdfd76" score = 75 @@ -96766,8 +97596,8 @@ rule ELASTIC_Windows_Trojan_Emotet_1943Bbf2 : FILE MEMORY date = "2021-11-18" modified = "2022-01-13" reference = "https://www.elastic.co/security-labs/emotet-dynamic-configuration-extraction" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Emotet.yar#L43-L62" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Emotet.yar#L43-L62" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "5abec3cd6aa066b1ddc0149a911645049ea1da66b656c563f9a384e821c5db38" logic_hash = "41838e335b9314b8759922f23ec8709f46e6a26633f3685ac98ada5828191d35" score = 75 @@ -96795,8 +97625,8 @@ rule ELASTIC_Windows_Trojan_Emotet_Db7D33Fa : FILE MEMORY date = "2022-05-09" modified = "2022-06-09" reference = "https://www.elastic.co/security-labs/emotet-dynamic-configuration-extraction" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Emotet.yar#L64-L90" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Emotet.yar#L64-L90" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "08c23400ff546db41f9ddbbb19fa75519826744dde3b3afb38f3985266577afc" logic_hash = "e220c112c15f384fde6fc2286b01c7eb9bedcf4817d02645d0fa7afb05e7b593" score = 75 @@ -96831,8 +97661,8 @@ rule ELASTIC_Windows_Trojan_Emotet_D6Ac1Ea4 : FILE MEMORY date = "2022-05-24" modified = "2022-06-09" reference = "https://www.elastic.co/security-labs/emotet-dynamic-configuration-extraction" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Emotet.yar#L92-L114" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Emotet.yar#L92-L114" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "2c6709d5d2e891d1ce26fdb4021599ac10fea93c7773f5c00bea8e5e90404b71" logic_hash = "9b37940ea8752c6db52d4f09225de0389438c41468a11a7cda8f28b191192ef9" score = 75 @@ -96863,8 +97693,8 @@ rule ELASTIC_Windows_Trojan_Emotet_77C667B9 : FILE MEMORY date = "2022-11-07" modified = "2022-12-20" reference = "https://www.elastic.co/security-labs/emotet-dynamic-configuration-extraction" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Emotet.yar#L116-L144" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Emotet.yar#L116-L144" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "ffac0120c3ae022b807559e8ed7902fde0fa5f7cb9c5c8d612754fa498288572" logic_hash = "f11769fe5e9789b451e8826c5fd22bde5b3eb9f7af1d5fec7eec71700fc1f482" score = 75 @@ -96901,8 +97731,8 @@ rule ELASTIC_Windows_Trojan_Emotet_8B9449C1 : FILE MEMORY date = "2022-11-09" modified = "2022-12-20" reference = "https://www.elastic.co/security-labs/emotet-dynamic-configuration-extraction" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Emotet.yar#L146-L166" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Emotet.yar#L146-L166" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "ffac0120c3ae022b807559e8ed7902fde0fa5f7cb9c5c8d612754fa498288572" logic_hash = "5501354ebc1d97fe5ce894d5907adb29440f557f2dd235e1e983ae2d109199a2" score = 75 @@ -96931,8 +97761,8 @@ rule ELASTIC_Windows_Trojan_Pikabot_8C6750B5 : FILE MEMORY date = "2023-06-05" modified = "2023-06-19" reference = "https://www.elastic.co/security-labs/pikabot-i-choose-you" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_PikaBot.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_PikaBot.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "59f42ecde152f78731e54ea27e761bba748c9309a6ad1c2fd17f0e8b90f8aed1" logic_hash = "03e36f927513625d1dd997c79843b1b14e344e8411155740213d7aff9794c5c6" score = 75 @@ -96965,8 +97795,8 @@ rule ELASTIC_Windows_Trojan_Pikabot_5B220E9C : FILE MEMORY date = "2024-02-06" modified = "2024-02-08" reference = "https://www.elastic.co/security-labs/pikabot-i-choose-you" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_PikaBot.yar#L27-L52" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_PikaBot.yar#L27-L52" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "d836b06b0118e6d258e318b1cfdc509cacc0859c6a6b3d7c5f4d2525e00d97b2" logic_hash = "1d2158716b7c32734f12f8528352a3872e21fea2f9b21a36d6ac44fcd50a9f3c" score = 75 @@ -97000,8 +97830,8 @@ rule ELASTIC_Windows_Trojan_Pikabot_5441F511 : FILE MEMORY date = "2024-02-15" modified = "2024-02-21" reference = "https://www.elastic.co/security-labs/pikabot-i-choose-you" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_PikaBot.yar#L54-L78" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_PikaBot.yar#L54-L78" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "fa44408874c6a007212dfc206cbecbac7a3e50df94da4ce02de2e04e9119c79f" score = 75 quality = 75 @@ -97034,8 +97864,8 @@ rule ELASTIC_Windows_Trojan_Pikabot_95Db8B5A : FILE MEMORY date = "2024-02-15" modified = "2024-02-21" reference = "https://www.elastic.co/security-labs/pikabot-i-choose-you" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_PikaBot.yar#L80-L103" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_PikaBot.yar#L80-L103" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "74073ceae1b26b953b7644d56a2ec92993b83802a30ce82c6921df5448ebab06" score = 75 quality = 75 @@ -97067,8 +97897,8 @@ rule ELASTIC_Windows_Hacktool_Sharpview_2C7603Ad : FILE MEMORY date = "2022-10-20" modified = "2022-11-24" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Hacktool_SharpView.yar#L1-L34" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Hacktool_SharpView.yar#L1-L34" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "c0621954bd329b5cabe45e92b31053627c27fa40853beb2cce2734fa677ffd93" logic_hash = "1f80b2fd6121c2b36742c819a56626af2e1450dac0f62c67d93f09e4e140b75f" score = 75 @@ -97111,8 +97941,8 @@ rule ELASTIC_Linux_Cryptominer_Minertr_9901E275 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Minertr.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Minertr.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "f77246a93782fd8ee40f12659f41fccc5012a429a8600f332c67a7c2669e4e8f" logic_hash = "a18e0763fe9aec6d89b39cefb872b1751727e2d88ec4733b9c8b443b83219763" score = 75 @@ -97140,8 +97970,8 @@ rule ELASTIC_Linux_Trojan_Azeela_Aad9D6Cc : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Azeela.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Azeela.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "6c476a7457ae07eca3d3d19eda6bb6b6b3fa61fa72722958b5a77caff899aaa6" logic_hash = "efc8b5de42a2ee2104dc8e8c25b313f6ced2fb291ba27dc8276822960dd7eb74" score = 75 @@ -97169,8 +97999,8 @@ rule ELASTIC_Windows_Vulndriver_Cpuz_A53D1446 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_VulnDriver_Cpuz.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_VulnDriver_Cpuz.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "8c95d28270a4a314299cf50f05dcbe63033b2a555195d2ad2f678e09e00393e6" logic_hash = "37da20f5fe1377fe85594055dc811424f52e53a9d77060c6784c2e4d1279e26f" score = 75 @@ -97200,8 +98030,8 @@ rule ELASTIC_Windows_Hacktool_Safetykatz_072B7370 : FILE MEMORY date = "2022-11-20" modified = "2023-01-11" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Hacktool_SafetyKatz.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Hacktool_SafetyKatz.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "89a456943cf6d2b3cd9cdc44f13a23640575435ed49fa754f7ed358c1a3b6ba9" logic_hash = "cedd3ede487371a8e0d29804f2b81ae808c7ad01bd803fa39dc2c50e472cff43" score = 75 @@ -97233,8 +98063,8 @@ rule ELASTIC_Macos_Trojan_Amcleaner_445Bb666 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/MacOS_Trojan_Amcleaner.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/MacOS_Trojan_Amcleaner.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "c85bf71310882bc0c0cf9b74c9931fd19edad97600bc86ca51cf94ed85a78052" logic_hash = "664829ff761186ec8f3055531b5490b7516756b0aa9d0183d4c17240a5ca44c4" score = 75 @@ -97262,8 +98092,8 @@ rule ELASTIC_Macos_Trojan_Amcleaner_A91D3907 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/MacOS_Trojan_Amcleaner.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/MacOS_Trojan_Amcleaner.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "dc9c700f3f6a03ecb6e3f2801d4269599c32abce7bc5e6a1b7e6a64b0e025f58" logic_hash = "e61ceea117acf444a6b137b93d7c335c6eb8a7e13a567177ec4ea44bf64fd5c6" score = 75 @@ -97291,8 +98121,8 @@ rule ELASTIC_Macos_Trojan_Amcleaner_8Ce3Fea8 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/MacOS_Trojan_Amcleaner.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/MacOS_Trojan_Amcleaner.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "c85bf71310882bc0c0cf9b74c9931fd19edad97600bc86ca51cf94ed85a78052" logic_hash = "08c4b5b4afefbf1ee207525f9b28bc7eed7b55cb07f8576fddfa0bbe95002769" score = 75 @@ -97320,8 +98150,8 @@ rule ELASTIC_Windows_Hacktool_Rubeus_43F18623 : FILE MEMORY date = "2022-10-20" modified = "2022-11-24" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Hacktool_Rubeus.yar#L1-L27" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Hacktool_Rubeus.yar#L1-L27" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "b7b4691ad1cdad7663c32d07e911a03d9cc8b104f724c2825fd4957007649235" logic_hash = "8714f30e12c0dc61c83491a71dbf9f1e9b6bc66663a8f2c069e7a7841d52cf68" score = 75 @@ -97357,8 +98187,8 @@ rule ELASTIC_Linux_Trojan_Rekoobe_E75472Fa : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Rekoobe.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Rekoobe.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "8d2a9e363752839a09001a9e3044ab7919daffd9d9aee42d936bc97394164a88" logic_hash = "e3e9934ee8ce6933f676949c5b5c82ad044ac32f08fe86697b0a0cf7fb63fc5e" score = 75 @@ -97386,8 +98216,8 @@ rule ELASTIC_Linux_Trojan_Rekoobe_52462Fe8 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Rekoobe.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Rekoobe.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "c1d8c64105caecbd90c6e19cf89301a4dc091c44ab108e780bdc8791a94caaad" logic_hash = "1ab6979392eeaa7bd6bd84f8d3531bd9071c54b58306a42dcfdd27bf7ec8f8cd" score = 75 @@ -97415,8 +98245,8 @@ rule ELASTIC_Linux_Trojan_Rekoobe_De9E7Bdf : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Rekoobe.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Rekoobe.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "447da7bee72c98c2202f1919561543e54ec1b9b67bd67e639b9fb6e42172d951" logic_hash = "bdc4a3e4eeffc0d32e6a86dda54beceab8301d0065731d9ade390392ab4c6126" score = 75 @@ -97444,8 +98274,8 @@ rule ELASTIC_Linux_Trojan_Rekoobe_B41F70C2 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Rekoobe.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Rekoobe.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "19c1a54279be1710724fc75a112741575936fe70379d166effc557420da714cd" logic_hash = "02de55c537da1cc03af26a171c768ad87984e45983c3739f90ad9983c70e7ccf" score = 75 @@ -97473,8 +98303,8 @@ rule ELASTIC_Linux_Trojan_Rekoobe_1D307D7C : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Rekoobe.yar#L81-L99" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Rekoobe.yar#L81-L99" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "00bc669f79b2903c5d9e6412050655486111647c646698f9a789e481a7c98662" logic_hash = "de4807353d2ba977459a1bf7f51fd815e311c0bdc5fccd5e99fd44a766f6866f" score = 75 @@ -97502,8 +98332,8 @@ rule ELASTIC_Linux_Trojan_Rekoobe_7F7Aba78 : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Rekoobe.yar#L101-L119" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Rekoobe.yar#L101-L119" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "50b73742726b0b7e00856e288e758412c74371ea2f0eaf75b957d73dfb396fd7" logic_hash = "a3b46d29fa51dd6a911cb9cb0e67e9d57d3f3b6697dc8edcc4d82f09d9819a92" score = 75 @@ -97531,8 +98361,8 @@ rule ELASTIC_Linux_Trojan_Rekoobe_Ab8Ba790 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Rekoobe.yar#L121-L139" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Rekoobe.yar#L121-L139" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "2aee0c74d9642ffab1f313179c26400acf60d7cbd2188bade28534d403f468d4" logic_hash = "2a7a71712ad3f756a2dc53ec80bd9fb625f7c679fd9566945ebfeb392b9874a9" score = 75 @@ -97560,8 +98390,8 @@ rule ELASTIC_Windows_Virus_Expiro_84E99Ff0 : FILE MEMORY date = "2023-09-26" modified = "2023-11-02" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Virus_Expiro.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Virus_Expiro.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "47107836ead700bddbe9e8a0c016b5b1443c785442b2addbb50a70445779bad7" logic_hash = "ce4847bf5850c1f30dca9603bfbbfbb69339285f096ac469c6d2d4b04f5562b4" score = 75 @@ -97590,8 +98420,8 @@ rule ELASTIC_Windows_Hacktool_Sharpstay_Eac706C5 : FILE MEMORY date = "2022-11-20" modified = "2023-01-11" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Hacktool_SharpStay.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Hacktool_SharpStay.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "498d201f65b57a007a79259ce7015eb7eb1bba660d44deafea716e36316a9caa" logic_hash = "b85679018658e33e81cd2589e9f99cf9ed16ac25b27d93bece26cb5ccc2e379a" score = 75 @@ -97623,8 +98453,8 @@ rule ELASTIC_Windows_Hacktool_Netfilter_E8243Dae : FILE date = "2022-04-04" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Hacktool_NetFilter.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Hacktool_NetFilter.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "760be95d4c04b10df89a78414facf91c0961020e80561eee6e2cb94b43b76510" logic_hash = "c551bd87e73f980d8836b13449490de5e639d768b72d9006d90969f3140b28e2" score = 75 @@ -97652,8 +98482,8 @@ rule ELASTIC_Windows_Hacktool_Netfilter_Dd576D28 : FILE date = "2022-04-04" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Hacktool_NetFilter.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Hacktool_NetFilter.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "88cfe6d7c81d0064045c4198d6ec7d3c50dc3ec8e36e053456ed1b50fc8c23bf" logic_hash = "7635ed94ca77c7705df4d2a9c5546ece86bf831b5bf5355943419174e0387b86" score = 75 @@ -97681,8 +98511,8 @@ rule ELASTIC_Windows_Hacktool_Netfilter_B4F2A520 : FILE date = "2022-04-04" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Hacktool_NetFilter.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Hacktool_NetFilter.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "5d0d5373c5e52c4405f4bd963413e6ef3490b7c4c919ec2d4e3fb92e91f397a0" logic_hash = "520d2194593f1622a3b905fe182a0773447a4eee3472e7701cce977f5bf4fbae" score = 75 @@ -97710,8 +98540,8 @@ rule ELASTIC_Windows_Hacktool_Netfilter_1Cae6E26 : FILE date = "2022-04-04" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Hacktool_NetFilter.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Hacktool_NetFilter.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "e2ec3b2a93c473d88bfdf2deb1969d15ab61737acc1ee8e08234bc5513ee87ea" logic_hash = "29c0edc03934e6e7275c3870a8808e03ec85dacb1f54e10efca3123d2257db98" score = 75 @@ -97739,8 +98569,8 @@ rule ELASTIC_Macos_Hacktool_Swiftbelt_Bc62Ede6 : FILE MEMORY date = "2021-10-12" modified = "2021-10-25" reference = "https://www.elastic.co/security-labs/inital-research-of-jokerspy" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/MacOS_Hacktool_Swiftbelt.yar#L1-L44" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/MacOS_Hacktool_Swiftbelt.yar#L1-L44" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "452c832a17436f61ad5f32ee1c97db05575160105ed1dcd0d3c6db9fb5a9aea1" logic_hash = "51481baa6ddb09cf8463d989637319cb26b23fef625cc1a44c96d438c77362ca" score = 75 @@ -97792,8 +98622,8 @@ rule ELASTIC_Linux_Virus_Staffcounter_D2D608A8 : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "06e562b54b7ee2ffee229c2410c9e2c42090e77f6211ce4b9fa26459ff310315" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Virus_Staffcounter.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Virus_Staffcounter.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "e30f1312eb1cbbc4faba3f67527a4e0e955b5684a1ba58cdd82a7a0f1ce3d2b9" score = 75 quality = 75 @@ -97820,8 +98650,8 @@ rule ELASTIC_Linux_Trojan_Skidmap_Aa7B661D : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Skidmap.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Skidmap.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "4282ba9b7bee69d42bfff129fff45494fb8f7db0e1897fc5aa1e4265cb6831d9" logic_hash = "aa976158d004d582234a92ff648d4581440f9c933a0abef212d9d837d9607ba4" score = 75 @@ -97849,8 +98679,8 @@ rule ELASTIC_Windows_Trojan_Hijackloader_A8444812 : FILE MEMORY date = "2023-11-15" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_HijackLoader.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_HijackLoader.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "065c379a33ef1539e8a68fd4b7638fe8a30ec19fc128642ed0c68539656374b9" logic_hash = "6cd88adc7a0d35013a26d1135efb294ee6f9ddab99b4549e82d3d6f5f65509b6" score = 75 @@ -97883,8 +98713,8 @@ rule ELASTIC_Windows_Vulndriver_Vbox_3315863F : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_VulnDriver_VBox.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_VulnDriver_VBox.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "42d926cfb3794f9b1e3cb397498696cb687f505e15feb9df11b419c49c9af498" logic_hash = "ba4e6a94516e36dcd6140b6732d959703e2c58a79add705b9260001ea26db738" score = 75 @@ -97913,8 +98743,8 @@ rule ELASTIC_Windows_Vulndriver_Vbox_1B1C5Cd5 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_VulnDriver_VBox.yar#L22-L42" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_VulnDriver_VBox.yar#L22-L42" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "1684e24dae20ab83ab5462aa1ff6473110ec53f52a32cfb8c1fe95a2642c6d22" logic_hash = "5fcfffea021aee8d18172383df0e65f8c618fab545c800f1a7b659e8112c6c0f" score = 75 @@ -97944,8 +98774,8 @@ rule ELASTIC_Windows_Hacktool_Sleepobfloader_460A1A75 : FILE MEMORY date = "2024-01-24" modified = "2024-01-29" reference = "https://www.elastic.co/security-labs/unmasking-financial-services-intrusion-ref0657" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Hacktool_SleepObfLoader.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Hacktool_SleepObfLoader.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "84b3bc58ec04ab272544d31f5e573c0dd7812b56df4fa445194e7466f280e16d" logic_hash = "c0bc1b7ef71c1a91fc487f904315c6f187530ab39825f90f55ac36625d5b93cf" score = 75 @@ -97975,8 +98805,8 @@ rule ELASTIC_Linux_Trojan_Mirai_268Aac0B : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "49c94d184d7e387c3efe34ae6f021e011c3046ae631c9733ab0a230d5fe28ead" logic_hash = "6eae3aba35d3379fa194b66a1b4e0d78d0d0b88386cd4ea5dfeb3c072642c7ba" score = 75 @@ -98004,8 +98834,8 @@ rule ELASTIC_Linux_Trojan_Mirai_D5F2Abe2 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "c490586fbf90d360cf3b2f9e2dc943809441df3dfd64dadad27fc9f5ee96ec74" logic_hash = "169e7e5d1a7ea8c219464e22df9be8bc8caa2e78e1bc725674c8e0b14f6b9fc5" score = 75 @@ -98033,8 +98863,8 @@ rule ELASTIC_Linux_Trojan_Mirai_1Cb033F3 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L41-L58" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L41-L58" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "ebaf45ce58124aa91b07ebb48779e6da73baa0b80b13e663c13d8fb2bb47ad0d" score = 75 quality = 75 @@ -98061,8 +98891,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Fa3Ad9D0 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L60-L78" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L60-L78" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6" logic_hash = "5890c85872ea4508e673235b20b481972f613f6e5f9564c0237c458995532347" score = 75 @@ -98090,8 +98920,8 @@ rule ELASTIC_Linux_Trojan_Mirai_0Cb1699C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L80-L98" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L80-L98" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "fc8741f67f39e7409ab2c6c62d4f9acdd168d3e53cf6976dd87501833771cacb" logic_hash = "97307f583240290de2bfc663b99f8dcdedace92885bd3e0c0340709b94c0bc2a" score = 75 @@ -98119,8 +98949,8 @@ rule ELASTIC_Linux_Trojan_Mirai_6F021787 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L100-L118" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L100-L118" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "88183d71359c16d91a3252085ad5a270ad3e196fe431e3019b0810ecfd85ae10" logic_hash = "7e8062682a0babbaa3c00975807ba9fc34c465afde55e4144944e7598f0ea1fd" score = 75 @@ -98148,8 +98978,8 @@ rule ELASTIC_Linux_Trojan_Mirai_1E0C5Ce0 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L120-L138" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L120-L138" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "5b1f95840caebf9721bf318126be27085ec08cf7881ec64a884211a934351c2d" logic_hash = "591cc3ef6932bf990f56c932866b34778e8eccd0e343f9bd6126eb8205a12ecc" score = 75 @@ -98177,8 +99007,8 @@ rule ELASTIC_Linux_Trojan_Mirai_22965A6D : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L140-L158" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L140-L158" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "09c821aa8977f67878f8769f717c792d69436a951bb5ac06ce5052f46da80a48" logic_hash = "6b2a46694edf709d28267268252cfe95d88049b7dca854059cfe44479ada7423" score = 75 @@ -98206,8 +99036,8 @@ rule ELASTIC_Linux_Trojan_Mirai_4032Ade1 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L160-L178" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L160-L178" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "6150fbbefb916583a0e888dee8ed3df8ec197ba7c04f89fb24f31de50226e688" logic_hash = "9c5e24c4efd4035408897f638d3579c3798139fd18178cee4a944b49c13e1532" score = 75 @@ -98235,8 +99065,8 @@ rule ELASTIC_Linux_Trojan_Mirai_B14F4C5D : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L180-L197" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L180-L197" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "1a2114a7b397c850d732940a0e154bc04fbee1fdc12d343947b343b9b27a8af1" score = 75 quality = 75 @@ -98263,8 +99093,8 @@ rule ELASTIC_Linux_Trojan_Mirai_C8385B81 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L199-L217" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L199-L217" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "3d27736caccdd3199a14ce29d91b1812d1d597a4fa8472698e6df6ef716f5ce9" logic_hash = "4ff1f0912fb92e7ac5af49e1738dac897ff1f0a118d8ff905da45b0a91b3f4a7" score = 75 @@ -98292,8 +99122,8 @@ rule ELASTIC_Linux_Trojan_Mirai_122Ff2E6 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L219-L237" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L219-L237" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "c7dd999a033fa3edc1936785b87cd69ce2f5cac5a084ddfaf527a1094e718bc4" logic_hash = "62884309b9095cdd6219c9ef6cd77a0f712640d8a1db4afe5b1d01f4bbe5acc2" score = 75 @@ -98321,8 +99151,8 @@ rule ELASTIC_Linux_Trojan_Mirai_26Cba88C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L239-L257" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L239-L257" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "4b4758bff3dcaa5640e340d27abba5c2e2b02c3c4a582374e183986375e49be8" logic_hash = "bb5a0f9e68655556ab9fccc27d11bf7828c299720bb67948455579d6a7eb2a9f" score = 75 @@ -98350,8 +99180,8 @@ rule ELASTIC_Linux_Trojan_Mirai_93Fc3657 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L259-L277" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L259-L277" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6" logic_hash = "0b5278feddd00b0b24ca735bf7cd1440379c6ce5aca6d2a6f38c9fdcedcb3c0d" score = 75 @@ -98379,8 +99209,8 @@ rule ELASTIC_Linux_Trojan_Mirai_7C88Acbc : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L279-L296" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L279-L296" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "76373f8e09b7467ac5d36e8baad3025a57568e891434297e53f2629a72cf8929" score = 75 quality = 75 @@ -98407,8 +99237,8 @@ rule ELASTIC_Linux_Trojan_Mirai_804F8E7C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L298-L316" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L298-L316" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6" logic_hash = "711d74406d9b0d658b3b29f647bd659699ac0af9cd482403122124ec6054f1ec" score = 75 @@ -98436,8 +99266,8 @@ rule ELASTIC_Linux_Trojan_Mirai_A2D2E15A : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L318-L336" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L318-L336" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "567c3ce9bbbda760be81c286bfb2252418f551a64ba1189f6c0ec8ec059cee49" logic_hash = "c76fe953c4a70110346a020f2b27c7e79f4ad8a24fd92ac26e5ddd1fed068f65" score = 75 @@ -98465,8 +99295,8 @@ rule ELASTIC_Linux_Trojan_Mirai_5946F41B : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L338-L356" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L338-L356" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "f0b6bf8a683f8692973ea8291129c9764269a6739650ec3f9ee50d222df0a38a" logic_hash = "43691675db419426413ccc24aa9dfe94456fa1007630652b08a625eafd1f17b8" score = 75 @@ -98494,8 +99324,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Da4Aa3B3 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L358-L376" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L358-L376" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "dbc246032d432318f23a4c1e5b6fcd787df29da3bf418613f588f758dcd80617" logic_hash = "84ddc505d2e2be955b88a0fe3b78d435f73c0a315b513e105933e84be78ba2ad" score = 75 @@ -98523,8 +99353,8 @@ rule ELASTIC_Linux_Trojan_Mirai_70Ef58F1 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L378-L396" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L378-L396" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "fc8741f67f39e7409ab2c6c62d4f9acdd168d3e53cf6976dd87501833771cacb" logic_hash = "3ad201d643e8f93a6f9075c03a76020d78186702a19bf9174b08688a2e94ef5c" score = 75 @@ -98552,8 +99382,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Ea584243 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L398-L416" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L398-L416" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "f363d9bd2132d969cd41e79f29c53ef403da64ca8afc4643084cc50076ddfb47" logic_hash = "34c6f800c849c295797cdd971fb4f3d16d680530f9a98c291388345569708208" score = 75 @@ -98581,8 +99411,8 @@ rule ELASTIC_Linux_Trojan_Mirai_564B8Eda : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L418-L436" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L418-L436" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "ff04921d7bf9ca01ae33a9fc0743dce9ca250e42a33547c5665b1c9a0b5260ee" logic_hash = "4bf11492f480911629623250146554f2456f3a527f5f80402ef74b22c1460462" score = 75 @@ -98610,8 +99440,8 @@ rule ELASTIC_Linux_Trojan_Mirai_7E9F85Fb : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L438-L456" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L438-L456" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "4333e80fd311b28c948bab7fb3f5efb40adda766f1ea4bed96a8db5fe0d80ea1" logic_hash = "f4ce912e190bc5dcb56541f54ba8e47b6103c482bdc7e83b44693d2c066c0170" score = 75 @@ -98639,8 +99469,8 @@ rule ELASTIC_Linux_Trojan_Mirai_3A85A418 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L458-L476" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L458-L476" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "86a43b39b157f47ab12e9dc1013b4eec0e1792092d4cef2772a21a9bf4fc518a" logic_hash = "bd7fe497fb2557c9e9c26ec90e783f03cbbc9bdaa8d20b364ce65edf6c1e5fa3" score = 75 @@ -98668,8 +99498,8 @@ rule ELASTIC_Linux_Trojan_Mirai_24C5B7D6 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L478-L496" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L478-L496" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "7c2f8ba2d6f1e67d1b4a3a737a449429c322d945d49dafb9e8c66608ab2154c4" logic_hash = "f790f6b8fcf932773054525ed74a3f15998d91a2626ae9c56486de8dabc2035c" score = 75 @@ -98697,8 +99527,8 @@ rule ELASTIC_Linux_Trojan_Mirai_99D78950 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L498-L516" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L498-L516" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6" logic_hash = "bfd628a9973f85ed0a8be2723c7ff4bd028af00ea98c9cbcde9df6aabcf394b2" score = 75 @@ -98726,8 +99556,8 @@ rule ELASTIC_Linux_Trojan_Mirai_3Fe3C668 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L518-L535" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L518-L535" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "e75b2dca7de7d9f31a0ae5940dc45d0e6d0f1ca110b5458fc99912400da97bde" score = 75 quality = 75 @@ -98754,8 +99584,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Eedfbfc6 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L537-L555" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L537-L555" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "b7342f7437a3a16805a7a8d4a667e0e018584f9a99591413650e05d21d3e6da6" logic_hash = "949b32db1a00570fc84fbbe510f57f6e898d089efd3fedbd7719f8059021b6bc" score = 75 @@ -98783,8 +99613,8 @@ rule ELASTIC_Linux_Trojan_Mirai_6D96Ae91 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L557-L575" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L557-L575" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "e3a1d92df6fb566e09c389cfb085126d2ea0f51a776ec099afb8913ef5e96f9b" logic_hash = "43b0ac7090620eb6c892f1105778c395bf18f5ac309ce1b2d9015b5abccbfc2a" score = 75 @@ -98812,8 +99642,8 @@ rule ELASTIC_Linux_Trojan_Mirai_D8779A57 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L577-L595" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L577-L595" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "c490586fbf90d360cf3b2f9e2dc943809441df3dfd64dadad27fc9f5ee96ec74" logic_hash = "2154786bbb6dbcc280aaa9e2b75106b585d04c7c85f6162f441c81dc54663cb3" score = 75 @@ -98841,8 +99671,8 @@ rule ELASTIC_Linux_Trojan_Mirai_3E72E107 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L597-L615" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L597-L615" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "57d04035b68950246dd152054e949008dafb810f3705710d09911876cd44aec7" logic_hash = "ba0ba56ded8977502ad9f8a1ceebd30efbff964d576bbfeedff5761f0538d8f0" score = 75 @@ -98870,8 +99700,8 @@ rule ELASTIC_Linux_Trojan_Mirai_5C62E6B2 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L617-L635" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L617-L635" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "91642663793bdda93928597ff1ac6087e4c1e5d020a8f40f2140e9471ab730f9" logic_hash = "6505c4272f0f7c8c5f2d3f7cefdc3947c4015b0dfd94efde4357a506af93a99d" score = 75 @@ -98899,8 +99729,8 @@ rule ELASTIC_Linux_Trojan_Mirai_C5430Ff9 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L637-L655" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L637-L655" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "5676773882a84d0efc220dd7595c4594bc824cbe3eeddfadc00ac3c8e899aa77" logic_hash = "8c385980560cd4b24e703744b57a9d5ea1bca8fbeea066e98dd4b40009e56104" score = 75 @@ -98928,8 +99758,8 @@ rule ELASTIC_Linux_Trojan_Mirai_402Adc45 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L657-L675" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L657-L675" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "1ae0cd7e5bac967e31771873b4b41a1887abddfcdfcc76fa9149bb2054b03ca4" logic_hash = "dab879d57507d5e119ddf4ce6ed33570c74f185a2260e97a7ec1d6c844943e5d" score = 75 @@ -98957,8 +99787,8 @@ rule ELASTIC_Linux_Trojan_Mirai_A39Dfaa7 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L677-L694" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L677-L694" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "98fde36fc412b6aa50c80c12118975a6bf754a9fba94f1cc3cdeed22565d6b0d" score = 75 quality = 75 @@ -98985,8 +99815,8 @@ rule ELASTIC_Linux_Trojan_Mirai_E3E6D768 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L696-L714" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L696-L714" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "b505cb26d3ead5a0ef82d2c87a9b352cc0268ef0571f5e28defca7131065545e" logic_hash = "b848c7200f405d77553d661a6c49fb958df225875957ead35b35091995f307d1" score = 75 @@ -99014,8 +99844,8 @@ rule ELASTIC_Linux_Trojan_Mirai_520Deeb8 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L716-L733" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L716-L733" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "671c17835f30cce1e5d68dbf3a73d340069b1b55a2ac42fc132c008cb2da622e" score = 75 quality = 75 @@ -99042,8 +99872,8 @@ rule ELASTIC_Linux_Trojan_Mirai_77137320 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L735-L753" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L735-L753" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "91642663793bdda93928597ff1ac6087e4c1e5d020a8f40f2140e9471ab730f9" logic_hash = "ee48e0478845a61dbbdb5cc3ee5194eb272fcf6dcf139381f068c9af1557d0d4" score = 75 @@ -99071,8 +99901,8 @@ rule ELASTIC_Linux_Trojan_Mirai_A6A81F9C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L755-L772" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L755-L772" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "0d31cc1f4a673c13e6c81c492acbe16e1e0dfb0b15913fb276ea4abff18b32af" score = 75 quality = 75 @@ -99099,8 +99929,8 @@ rule ELASTIC_Linux_Trojan_Mirai_485C4B13 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L774-L792" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L774-L792" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "49c94d184d7e387c3efe34ae6f021e011c3046ae631c9733ab0a230d5fe28ead" logic_hash = "9625e4190559cc77f41ebef24f9bfa5e3d2e2259c12b301148c614b0f98b5835" score = 75 @@ -99128,8 +99958,8 @@ rule ELASTIC_Linux_Trojan_Mirai_7146E518 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L794-L811" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L794-L811" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "374602254be1f5c1dbb00ad25d870722e03d674033dfcf953a2895e1f50c637d" score = 75 quality = 75 @@ -99156,8 +99986,8 @@ rule ELASTIC_Linux_Trojan_Mirai_6A77Af0F : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L813-L830" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L813-L830" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "7d7623dfc1e16c7c02294607ddf46edd12cdc7d39a2b920d8711dc47c383731b" score = 75 quality = 75 @@ -99184,8 +100014,8 @@ rule ELASTIC_Linux_Trojan_Mirai_5F7B67B8 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L832-L849" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L832-L849" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "b2aedc0361c1093d7a996f26d907da3e4654c32a6dbcdbab441c19d4207f2e2a" score = 75 quality = 75 @@ -99212,8 +100042,8 @@ rule ELASTIC_Linux_Trojan_Mirai_A3Cedc45 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L851-L869" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L851-L869" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "1ae0cd7e5bac967e31771873b4b41a1887abddfcdfcc76fa9149bb2054b03ca4" logic_hash = "9233e6faa43d8ea43ff3c71ecb5248d5d311b2a593825c299cac4466278cd020" score = 75 @@ -99241,8 +100071,8 @@ rule ELASTIC_Linux_Trojan_Mirai_7D05725E : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L871-L889" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L871-L889" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "fc8741f67f39e7409ab2c6c62d4f9acdd168d3e53cf6976dd87501833771cacb" logic_hash = "ac2d0b81325ce7984bc09f93e61b42c8e312a31c75f09d37313d70cd40d3cf8b" score = 75 @@ -99270,8 +100100,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Fa48B592 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L891-L909" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L891-L909" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "c9e33befeec133720b3ba40bb3cd7f636aad80f72f324c5fe65ac7af271c49ee" logic_hash = "5648bcc96b1fdd1529b4b8765b1738594d0d61f7880b763e803cd89bd117e96b" score = 75 @@ -99299,8 +100129,8 @@ rule ELASTIC_Linux_Trojan_Mirai_B9A9D04B : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L911-L928" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L911-L928" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "61575576be4c1991bc381965a40e5d9d751bba2680a42907b0148651716419fc" score = 75 quality = 75 @@ -99327,8 +100157,8 @@ rule ELASTIC_Linux_Trojan_Mirai_D2205527 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L930-L948" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L930-L948" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "e4f584d1f75f0d7c98b325adc55025304d55907e8eb77b328c007600180d6f06" logic_hash = "172ba256873cce61047a5198733cacaff4ef343c9cbd76f2fbbf0e1ed8003236" score = 75 @@ -99356,8 +100186,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Ab073861 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L950-L968" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L950-L968" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "175444a9c9ca78565de4b2eabe341f51b55e59dec00090574ee0f1875422cbac" logic_hash = "251b92c4fec9d113025c6869c279247a3dd16ee094c8861fe43a33f87132bf75" score = 75 @@ -99385,8 +100215,8 @@ rule ELASTIC_Linux_Trojan_Mirai_637F2C04 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L970-L987" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L970-L987" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "cff4aa6c613ccc64f64441f7e40f79d3a22b5c12856c32814545bd41d5f112bd" score = 75 quality = 75 @@ -99413,8 +100243,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Aa39Fb02 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L989-L1006" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L989-L1006" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "ffa95d92a2b619008bd5918cd34a17cd034b2830dc09d495db4b0c397b1cb53a" score = 75 quality = 75 @@ -99441,8 +100271,8 @@ rule ELASTIC_Linux_Trojan_Mirai_0Bce98A2 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L1008-L1026" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L1008-L1026" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "1b20df8df7f84ad29d81ccbe276f49a6488c2214077b13da858656c027531c80" logic_hash = "04d10ef03c178fb101d3c6b6d3b36f0aa04149b9b35a33c3d10d17af1fc07625" score = 75 @@ -99470,8 +100300,8 @@ rule ELASTIC_Linux_Trojan_Mirai_3A56423B : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L1028-L1045" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L1028-L1045" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "0c2765a5c1b331eb9ff5e542bc72eff7be3506e6caef94128413d500086715c6" score = 75 quality = 75 @@ -99498,8 +100328,8 @@ rule ELASTIC_Linux_Trojan_Mirai_D18B3463 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L1047-L1065" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L1047-L1065" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "cd86534d709877ec737ceb016b2a5889d2e3562ffa45a278bc615838c2e9ebc3" logic_hash = "f906c6f9baae6d6fa3f42e84607549bae44ed9ca847fd916d04f2671eef1caa1" score = 75 @@ -99527,8 +100357,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Fe721Dc5 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L1067-L1084" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L1067-L1084" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "e9312eefb5f14a27d96e973139e45098c2f62a24d5254ca24dea64b9888a4448" score = 75 quality = 75 @@ -99555,8 +100385,8 @@ rule ELASTIC_Linux_Trojan_Mirai_575F5Bc8 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L1086-L1103" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L1086-L1103" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "dec143d096f5774f297ce90ef664ae50c40ae4f87843bbb34e496565c0faf3b2" score = 75 quality = 75 @@ -99583,8 +100413,8 @@ rule ELASTIC_Linux_Trojan_Mirai_449937Aa : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L1105-L1123" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L1105-L1123" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "6f27766534445cffb097c7c52db1fca53b2210c1b10b75594f77c34dc8b994fe" logic_hash = "d459e46893115dbdef46bcaceb6a66255ef3a389f1bf7173b0e0bd0d8ce024fb" score = 75 @@ -99612,8 +100442,8 @@ rule ELASTIC_Linux_Trojan_Mirai_2E3F67A9 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L1125-L1143" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L1125-L1143" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "fc8741f67f39e7409ab2c6c62d4f9acdd168d3e53cf6976dd87501833771cacb" logic_hash = "8c83c5d32c58041444f33264f692a7580c76324d2cbad736fdd737bdfcd63595" score = 75 @@ -99641,8 +100471,8 @@ rule ELASTIC_Linux_Trojan_Mirai_01E4A728 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L1145-L1162" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L1145-L1162" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "753936b97a36c774975a1d0988f6f908d4b5e5906498aa34c606d4cd971f1ba5" score = 75 quality = 75 @@ -99669,8 +100499,8 @@ rule ELASTIC_Linux_Trojan_Mirai_64D5Cde2 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L1164-L1182" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L1164-L1182" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "caf2a8c199156db2f39dbb0a303db56040f615c4410e074ef56be2662752ca9d" logic_hash = "08f3635e5517185cae936b39f503bbeba5aed2e36abdd805170a259bc5e3644f" score = 75 @@ -99698,8 +100528,8 @@ rule ELASTIC_Linux_Trojan_Mirai_0D73971C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L1184-L1202" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L1184-L1202" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "49c94d184d7e387c3efe34ae6f021e011c3046ae631c9733ab0a230d5fe28ead" logic_hash = "56f3bac05fce0a0458e5b80197335e7bef6dcd50b9feb6f1008b8679f29cf37a" score = 75 @@ -99727,8 +100557,8 @@ rule ELASTIC_Linux_Trojan_Mirai_82C361D4 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L1204-L1222" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L1204-L1222" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "f8dbcf0fc52f0c717c8680cb5171a8c6c395f14fd40a2af75efc9ba5684a5b49" logic_hash = "766a964d7d35525fbc88adcf86fb69d11f9c63c0d28ceefb3ae79797a7161193" score = 75 @@ -99756,8 +100586,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Ec591E81 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L1224-L1242" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L1224-L1242" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "7d45a4a128c25f317020b5d042ab893e9875b6ff0ef17482b984f5b3fe87e451" logic_hash = "f2a147fe7f98d2b3141a1fda118ee803c81d9bc6f498bfaf3557665397eb44da" score = 75 @@ -99785,8 +100615,8 @@ rule ELASTIC_Linux_Trojan_Mirai_0Eba3F5A : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L1244-L1262" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L1244-L1262" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "2e4f89c76dfefd4b2bfd1cf0467ac0324026355723950d12d7ed51195fd998cf" logic_hash = "bcb2f1e1659102f39977fac43b119c58d6c72f828c3065e2318f671146e911da" score = 75 @@ -99814,8 +100644,8 @@ rule ELASTIC_Linux_Trojan_Mirai_E43A8744 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L1264-L1282" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L1264-L1282" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "f363d9bd2132d969cd41e79f29c53ef403da64ca8afc4643084cc50076ddfb47" logic_hash = "17c52d2b720fa2e98c3e9bb077525a695a6e547a66e8c44fcc1e26e48df81adf" score = 75 @@ -99843,8 +100673,8 @@ rule ELASTIC_Linux_Trojan_Mirai_6E8E9257 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L1284-L1301" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L1284-L1301" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "67973257e578783838f18dc8ae994f221ad1c1b3f4a04a2b6b523da5ebd8c95b" score = 75 quality = 75 @@ -99871,8 +100701,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Ac253E4F : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L1303-L1321" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L1303-L1321" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "91642663793bdda93928597ff1ac6087e4c1e5d020a8f40f2140e9471ab730f9" logic_hash = "1ab463fce01148c2cc95659fdf8b05e597d9b4eeabe81a9cdfa1da3632d72291" score = 75 @@ -99900,8 +100730,8 @@ rule ELASTIC_Linux_Trojan_Mirai_994535C4 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L1323-L1341" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L1323-L1341" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "376a2771a2a973628e22379b3dbb9a8015c828505bbe18a0c027b5d513c9e90d" logic_hash = "c83c8c9cdfea1bf322115e5b23d751b226a5dbf42fc41faac172d36192ccf31f" score = 75 @@ -99929,8 +100759,8 @@ rule ELASTIC_Linux_Trojan_Mirai_A68E498C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L1343-L1361" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L1343-L1361" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6" logic_hash = "e4552813dc92b397c5ba78f32ee6507520f337b55779a3fc705de7e961f8eb8f" score = 75 @@ -99958,8 +100788,8 @@ rule ELASTIC_Linux_Trojan_Mirai_88De437F : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L1363-L1381" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L1363-L1381" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6" logic_hash = "233dbf3d13c35f4c9c7078d67ea60086355c801ce6515f9d3c518e95afd39d85" score = 75 @@ -99987,8 +100817,8 @@ rule ELASTIC_Linux_Trojan_Mirai_95E0056C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L1383-L1401" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L1383-L1401" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "45f67d4c18abc1bad9a9cc6305983abf3234cd955d2177f1a72c146ced50a380" logic_hash = "9e34891d28034d1f4fc3da5cb99df8fc74f0b876903088f5eab5fe36e0e0e603" score = 75 @@ -100016,8 +100846,8 @@ rule ELASTIC_Linux_Trojan_Mirai_B548632D : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L1403-L1421" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L1403-L1421" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "639d9d6da22e84fb6b6fc676a1c4cfd74a8ed546ce8661500ab2ef971242df07" logic_hash = "bfb46457f8b79548726e3988d649f94e04f26f9e546aae70ece94defae6bab8a" score = 75 @@ -100045,8 +100875,8 @@ rule ELASTIC_Linux_Trojan_Mirai_E0Cf29E2 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L1423-L1440" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L1423-L1440" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "693e27da8cbab32954cc2c9ba648151ad9fc21fe53251628145d7b436ec5e976" score = 75 quality = 75 @@ -100073,8 +100903,8 @@ rule ELASTIC_Linux_Trojan_Mirai_1754B331 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L1442-L1460" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L1442-L1460" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "0d89fc59d0de2584af0e4614a1561d1d343faa766edfef27d1ea96790ac7014b" logic_hash = "fde04b0e31a00326f9d011198995999ff9b15628f5ff4139ec7dec19ac0c59c9" score = 75 @@ -100102,8 +100932,8 @@ rule ELASTIC_Linux_Trojan_Mirai_3278F1B8 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L1462-L1480" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L1462-L1480" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "fc8741f67f39e7409ab2c6c62d4f9acdd168d3e53cf6976dd87501833771cacb" logic_hash = "4d709e8e2062099ac06b241408e52bcb86bbf8163faaffbcff68a05f864e1b3f" score = 75 @@ -100131,8 +100961,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Ab804Bb7 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L1482-L1500" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L1482-L1500" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "8f0cc764729498b4cb9c5446f1a84cde54e828e913dc78faf537004a7df21b20" logic_hash = "cef2ffafe152332502fb0d72d014c81b90dc9ad4f4491f1b2f2f9c1f73cc7958" score = 75 @@ -100160,8 +100990,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Dca3B9B4 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L1502-L1520" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L1502-L1520" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "a839437deba6d30e7a22104561e38f60776729199a96a71da3a88a7c7990246a" logic_hash = "f85dfc1c00706d7ac11ef35c41c471383ef8b019a5c2566b27072a5ef5ad5c93" score = 75 @@ -100189,8 +101019,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Ae9D0Fa6 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L1522-L1539" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L1522-L1539" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "8da5b14b95d96de5ced8bcab98e23973e449c1b5ca101f39a2114bb8e74fd9a5" score = 75 quality = 75 @@ -100217,8 +101047,8 @@ rule ELASTIC_Linux_Trojan_Mirai_612B407C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L1541-L1559" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L1541-L1559" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "7833bc89778461a9f46cc47a78c67dda48b498ee40b09a80a21e67cb70c6add1" logic_hash = "6514725a32f7c28be7de5ff6fe1363df7c50e2cd6c8c79824ec4cbeadda2ca31" score = 75 @@ -100246,8 +101076,8 @@ rule ELASTIC_Linux_Trojan_Mirai_D5Da717F : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L1561-L1579" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L1561-L1579" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "1f6bcdfc7d1c56228897cd7548266bb0b9a41b913be354036816643ac21b6f66" logic_hash = "034dae5bea7536e8c8aa22b8b891b9c991b94f04be12c9fe6d78ddf07a2365d9" score = 75 @@ -100275,8 +101105,8 @@ rule ELASTIC_Linux_Trojan_Mirai_D33095D4 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L1581-L1599" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L1581-L1599" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "72326a3a9160e9481dd6fc87159f7ebf8a358f52bf0c17fbc3df80217d032635" logic_hash = "b7feaec65d72907d08c98b09fb4ac494ceee7d7bd51c09063363c617e3f057a4" score = 75 @@ -100304,8 +101134,8 @@ rule ELASTIC_Linux_Trojan_Mirai_4E2246Fb : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L1601-L1619" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L1601-L1619" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "1f6bcdfc7d1c56228897cd7548266bb0b9a41b913be354036816643ac21b6f66" logic_hash = "6d2e1300286751a5e1ae683e9aab2f59bfbb20d1cc18dcce89c06ecadf25a3e6" score = 75 @@ -100333,8 +101163,8 @@ rule ELASTIC_Linux_Trojan_Mirai_D5981806 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L1621-L1639" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L1621-L1639" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "784f2005853b5375efaf3995208e4611b81b8c52f67b6dc139fd9fec7b49d9dc" logic_hash = "e625323543aa5c8374a179dfa51c3f5be1446459c45fa7c7a27ae383cf0f551b" score = 75 @@ -100362,8 +101192,8 @@ rule ELASTIC_Linux_Trojan_Mirai_C6055Dc9 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L1641-L1659" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L1641-L1659" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "c1718d7fdeef886caa33951e75cbd9139467fa1724605fdf76c8cdb1ec20e024" logic_hash = "4d9d7c44f0d3ae60275720ae5faf3c25c368aa6e7d9ab5ed706a30f9a7ffd3b8" score = 75 @@ -100391,8 +101221,8 @@ rule ELASTIC_Linux_Trojan_Mirai_3B9675Fd : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L1661-L1679" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L1661-L1679" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "4ec4bc88156bd51451fdaf0550c21c799c6adacbfc654c8ec634ebca3383bd66" logic_hash = "61ff7cb8d664291de5cf0c82b80cf0f4001c41d3f02b7f4762f67eb8128df15d" score = 75 @@ -100420,8 +101250,8 @@ rule ELASTIC_Linux_Trojan_Mirai_1C0D246D : FILE MEMORY date = "2021-04-13" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L1681-L1700" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L1681-L1700" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "211cfe9d158c8a6840a53f2d1db2bf94ae689946fffb791eed3acceef7f0e3dd" logic_hash = "7a101e6d2265e09eb6c8d0f1a2fe54c9aa353dfd8bd156926937f4aec86c3ef1" score = 75 @@ -100450,8 +101280,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Ad337D2F : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "012b717909a8b251ec1e0c284b3c795865a32a1f4b79706d2254a4eb289c30a7" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L1702-L1720" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L1702-L1720" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "dba630c1deb00b0dbd9f895a9b93393bc634150c8f32527b02d8dd71dc806e7d" score = 75 quality = 75 @@ -100478,8 +101308,8 @@ rule ELASTIC_Linux_Trojan_Mirai_88A1B067 : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "1a62db02343edda916cbbf463d8e07ec2ad4509fd0f15a5f6946d0ec6c332dd9" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L1722-L1740" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L1722-L1740" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "0755f1f974734ccd4ecc444217bf52ed306d1dc32c05841ba9ca6d259e1a147e" score = 75 quality = 75 @@ -100506,8 +101336,8 @@ rule ELASTIC_Linux_Trojan_Mirai_76Bbc4Ca : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "1a9ff86a66d417678c387102932a71fd879972173901c04f3462de0e519c3b51" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L1742-L1760" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L1742-L1760" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "855b7938b92b5645fcefd2ec1e2ccb71269654816f362282ccbf9aef1c01c8a0" score = 75 quality = 75 @@ -100534,8 +101364,8 @@ rule ELASTIC_Linux_Trojan_Mirai_0Bfc17Bd : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L1762-L1780" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L1762-L1780" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "1cdd94f2a1cb2b93134646c171d947e325a498f7a13db021e88c05a4cbb68903" logic_hash = "ef83bc9ae3c881d09b691db42a1712b500a5bb8df34060a6786cfdc6caaf5530" score = 75 @@ -100563,8 +101393,8 @@ rule ELASTIC_Linux_Trojan_Mirai_389Ee3E9 : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L1782-L1800" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L1782-L1800" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f" logic_hash = "fedeae98d468a11c3eaa561b9d5433ec206bdd4caed5aed7926434730f7f866b" score = 75 @@ -100592,8 +101422,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Cc93863B : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L1802-L1820" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L1802-L1820" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f" logic_hash = "881998dee010270d7cefae5b59a888e541d4a2b93e3e52ae0abe0df41371c50d" score = 75 @@ -100621,8 +101451,8 @@ rule ELASTIC_Linux_Trojan_Mirai_8Aa7B5D3 : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L1822-L1840" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L1822-L1840" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f" logic_hash = "3c99b7b126184b75802c7198c81f4783af776920edc6e964dbe726d28d88f64d" score = 75 @@ -100650,8 +101480,8 @@ rule ELASTIC_Linux_Trojan_Mirai_76908C99 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L1842-L1860" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L1842-L1860" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "533a90959bfb337fd7532fb844501fd568f5f4a49998d5d479daf5dfbd01abb2" logic_hash = "bd8254e888b1ea93ca9aad92ea2c8ece1f2d03ae2949ca4c3743b6e339ee21e0" score = 75 @@ -100679,8 +101509,8 @@ rule ELASTIC_Linux_Trojan_Mirai_1538Ce1A : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L1862-L1880" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L1862-L1880" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "2382996a8fd44111376253da227120649a1a94b5c61739e87a4e8acc1130e662" logic_hash = "cf2dd11da520640c6a64e05c4679072a714d8cf93d5f5aa3a1eca8eb3e9c8b3b" score = 75 @@ -100708,8 +101538,8 @@ rule ELASTIC_Linux_Trojan_Mirai_07B1F4F6 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L1882-L1900" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L1882-L1900" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "2382996a8fd44111376253da227120649a1a94b5c61739e87a4e8acc1130e662" logic_hash = "4af1a20e29e0c9b62e1530031e49a3d7b37d4e9a547d89a270a2e59e0c7852cc" score = 75 @@ -100737,8 +101567,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Feaa98Ff : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L1902-L1920" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L1902-L1920" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "2382996a8fd44111376253da227120649a1a94b5c61739e87a4e8acc1130e662" logic_hash = "06be9d8bcfcb7e6b600103cf29fa8a94a457ff56e8c7018336c270978a57ccbf" score = 75 @@ -100766,8 +101596,8 @@ rule ELASTIC_Linux_Trojan_Mirai_3Acd6Ed4 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L1922-L1940" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L1922-L1940" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "2644447de8befa1b4fe39b2117d49754718a2f230d6d5f977166386aa88e7b84" logic_hash = "ab284d41af8e1920fa54ac8bfab84bac493adf816aebce60490ab22c0e502201" score = 75 @@ -100795,8 +101625,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Eb940856 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mirai.yar#L1942-L1960" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mirai.yar#L1942-L1960" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "fbf814c04234fc95b6a288b62fb9513d6bbad2e601b96db14bb65ab153e65fef" logic_hash = "d7bb2373a35ea97a11513e80e9a561f53a8f0b9345f392e8e7f042d4cb2d7d20" score = 75 @@ -100824,8 +101654,8 @@ rule ELASTIC_Windows_Trojan_Donutloader_F40E3759 : FILE MEMORY date = "2021-09-15" modified = "2022-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Donutloader.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Donutloader.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "541a4ca1da41f7cf54dff3fee917b219fadb60fd93a89b93b5efa3c1a57af81d" score = 75 quality = 75 @@ -100853,8 +101683,8 @@ rule ELASTIC_Windows_Trojan_Donutloader_5C38878D : FILE MEMORY date = "2021-09-15" modified = "2021-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Donutloader.yar#L21-L38" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Donutloader.yar#L21-L38" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "897880d13318027ac5008fe8d008f09780d6fa807d6cc828b57975443358750c" score = 75 quality = 75 @@ -100881,8 +101711,8 @@ rule ELASTIC_Windows_Trojan_Donutloader_21E801E0 : FILE MEMORY date = "2024-01-21" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Donutloader.yar#L40-L58" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Donutloader.yar#L40-L58" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "c3bda62725bb1047d203575bbe033f0f95d4dd6402c05f9d0c69d24bd3224ca6" logic_hash = "19ef7bc8c7117024ca72956376954254c36eeb673f9379aa00475f763084a169" score = 75 @@ -100910,8 +101740,8 @@ rule ELASTIC_Windows_Ransomware_Blackmatter_B548D151 : FILE MEMORY date = "2021-08-03" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Blackmatter.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Blackmatter.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "072158f5588440e6c94cb419ae06a27cf584afe3b0cb09c28eff0b4662c15486" logic_hash = "cf76a311de9d292a2ea09b3937b8eb7fd761b7c33a464a31acf6b9a5bf121959" score = 75 @@ -100939,8 +101769,8 @@ rule ELASTIC_Windows_Ransomware_Blackmatter_8394F6D5 : FILE MEMORY date = "2021-08-03" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Blackmatter.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Blackmatter.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "072158f5588440e6c94cb419ae06a27cf584afe3b0cb09c28eff0b4662c15486" logic_hash = "50a9b65ca6dde4fc32d2d57e72042f4380dd6c263ec5c33ce7c158151b91a5ae" score = 75 @@ -100968,8 +101798,8 @@ rule ELASTIC_Macos_Trojan_Thiefquest_9130C0F3 : FILE MEMORY date = "2021-09-30" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/MacOS_Trojan_Thiefquest.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/MacOS_Trojan_Thiefquest.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "bed3561210e44c290cd410adadcdc58462816a03c15d20b5be45d227cd7dca6b" logic_hash = "20e9ea15a437a17c4ef68f2472186f6d1ab3118d5b392f84fcb2bd376ec3863a" score = 75 @@ -101000,8 +101830,8 @@ rule ELASTIC_Macos_Trojan_Thiefquest_Fc2E1271 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/MacOS_Trojan_Thiefquest.yar#L24-L42" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/MacOS_Trojan_Thiefquest.yar#L24-L42" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "12fb0eca3903a3b39ecc3c2aa6c04fe5faa1f43a3d271154d14731d1eb196923" logic_hash = "a20c76e53874fc0fec5fd2660c63c6f1e7c1b2055cbd2a9efdfd114cd6bdda5c" score = 75 @@ -101029,8 +101859,8 @@ rule ELASTIC_Macos_Trojan_Thiefquest_86F9Ef0C : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/MacOS_Trojan_Thiefquest.yar#L44-L62" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/MacOS_Trojan_Thiefquest.yar#L44-L62" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "59fb018e338908eb69be72ab11837baebf8d96cdb289757f1f4977228e7640a0" logic_hash = "426d533d39e594123f742b15d0a93ded986b9b308685f7b2cfaf5de0b32cdbff" score = 75 @@ -101058,8 +101888,8 @@ rule ELASTIC_Macos_Trojan_Thiefquest_40F9C1C3 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/MacOS_Trojan_Thiefquest.yar#L64-L82" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/MacOS_Trojan_Thiefquest.yar#L64-L82" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "e402063ca317867de71e8e3189de67988e2be28d5d773bbaf75618202e80f9f6" logic_hash = "546edc2d6d715eac47e7a8d3ceb91cf314fa6dbee04f0475a5c4a84ba53fd722" score = 75 @@ -101087,8 +101917,8 @@ rule ELASTIC_Macos_Trojan_Thiefquest_0F9Fe37C : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/MacOS_Trojan_Thiefquest.yar#L84-L102" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/MacOS_Trojan_Thiefquest.yar#L84-L102" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "12fb0eca3903a3b39ecc3c2aa6c04fe5faa1f43a3d271154d14731d1eb196923" logic_hash = "84f9e8938d7e2b0210003fc8334b8fa781a40afffeda8d2341970b84ed5d3b5a" score = 75 @@ -101116,8 +101946,8 @@ rule ELASTIC_Macos_Trojan_Thiefquest_1F4Bac78 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/MacOS_Trojan_Thiefquest.yar#L104-L122" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/MacOS_Trojan_Thiefquest.yar#L104-L122" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "12fb0eca3903a3b39ecc3c2aa6c04fe5faa1f43a3d271154d14731d1eb196923" logic_hash = "96db33e135138846f978026867bb2536226539997d060f41e7081f7f29b66c85" score = 75 @@ -101145,8 +101975,8 @@ rule ELASTIC_Windows_PUP_Veriato_Fae5978C : FILE MEMORY date = "2022-06-08" modified = "2022-09-29" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_PUP_Veriato.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_PUP_Veriato.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "53f09e60b188e67cdbf28bda669728a1f83d47b0279debf3d0a8d5176479d17f" logic_hash = "8ae6f8b2b6e3849b33e6a477af52982efe137d7ebeff0c92cee5667d75f05145" score = 75 @@ -101176,8 +102006,8 @@ rule ELASTIC_Linux_Trojan_Sysrv_85097F24 : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "17fbc8e10dea69b29093fcf2aa018be4d58fe5462c5a0363a0adde60f448fb26" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Sysrv.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Sysrv.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "96bee8b9b0e9c2afd684582301f9e110fd08fcabaea798bfb6259a4216f69be1" score = 75 quality = 75 @@ -101204,8 +102034,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_D7Bd0E5D : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Generic.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Generic.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "afcfd67af99e437f553029ccf97b91ed0ca891f9bcc01c148c2b38c75482d671" logic_hash = "1f87721fdfe58d029c0696bc99385a0052c771bc48b2c9ce01b72c3e42359654" score = 75 @@ -101233,8 +102063,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_69E1A763 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Generic.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Generic.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "b04d9fabd1e8fc42d1fa8e90a3299a3c36e6f05d858dfbed9f5e90a84b68bcbb" logic_hash = "d0dac8e2c9571d9e622c8c1250a54a7671ad1b9b00dba584c3741b714c22d8e0" score = 75 @@ -101262,8 +102092,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_397A86Bd : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Generic.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Generic.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "79c47a80ecc6e0f5f87749319f6d5d6a3f0fbff7c34082d747155b9b20510cde" logic_hash = "6b46a82d1aea0357f5a48c9ae1d93e3d4d31bd98b9c9b4e0b0d0629e7f159499" score = 75 @@ -101291,8 +102121,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_37C3F8D3 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Generic.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Generic.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "efbddf1020d0845b7a524da357893730981b9ee65a90e54976d7289d46d0ffd4" logic_hash = "e7bdd185ea4227b0960c3e677e7d8ac7488d53eaa77efd631be828b2ca079bb8" score = 75 @@ -101320,8 +102150,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_28A80546 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Generic.yar#L81-L99" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Generic.yar#L81-L99" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "96cc225cf20240592e1dcc8a13a69f2f97637ed8bc89e30a78b8b2423991d850" logic_hash = "120e9f7cad0fc8aebd843374c0edca8cbb701882ab55a7f24aced1d80d8cd697" score = 75 @@ -101349,8 +102179,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_9D531F70 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Generic.yar#L101-L119" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Generic.yar#L101-L119" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "36f2ce4e34faf42741f0a15f62e8b3477d69193bf289818e22d0e3ee3e906eb0" logic_hash = "87d3cb7049975d52f2a6d6aa10e6b6d0d008d166ca5f9889ad1413a573d8b58e" score = 75 @@ -101378,8 +102208,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_23A5C29A : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Generic.yar#L121-L139" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Generic.yar#L121-L139" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "1320d7a2b5e3b65fe974a95374b4ea7ed1a5aa27d76cd3d9517d3a271121103f" logic_hash = "c2608e7ee73102e0737a859a18c5482877c6dc0e597d8a14d8d41f5e01a0b1f4" score = 75 @@ -101407,8 +102237,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_Ea5703Ce : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Generic.yar#L141-L159" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Generic.yar#L141-L159" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "bec6eea63025e2afa5940d27ead403bfda3a7b95caac979079cabef88af5ee0b" logic_hash = "bbf0191ecff24fd24376fd3dec2e96644188ca4d26b4ca4f087e212bae2eab85" score = 75 @@ -101436,8 +102266,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_6A4F4255 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Generic.yar#L161-L179" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Generic.yar#L161-L179" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "8cfc38db2b860efcce5da40ce1e3992f467ab0b7491639d68d530b79529cda80" logic_hash = "133290dc7423174bb3b41b152bab038d118b47baaca52705b66fd9be01692a03" score = 75 @@ -101465,8 +102295,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_9088D00B : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Generic.yar#L181-L199" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Generic.yar#L181-L199" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "8abb2b058ec475b0b6fd0c994685db72e98d87ee3eec58e29cf5c324672df04a" logic_hash = "3ebc8cb6d647138e72194528dafc644c90222440855d657ec50109f11ff936da" score = 75 @@ -101494,8 +102324,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_71024C4A : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Generic.yar#L201-L219" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Generic.yar#L201-L219" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "afe81c84dcb693326ee207ccd8aeed6ed62603ad3c8d361e8d75035f6ce7c80f" logic_hash = "0c66a3388fe8546ae180e52d50ef05a28755d24e47b3b56f390d5c6fcb0b89eb" score = 75 @@ -101523,8 +102353,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_D81368A3 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Generic.yar#L221-L239" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Generic.yar#L221-L239" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "71225e4702f2e0a0ecf79f7ec6c6a1efc95caf665fda93a646519f6f5744990b" logic_hash = "0e30c9ebd8f2d3a489180f114daf91a3655ce9075ae25ea3d6ef5be472d7721a" score = 75 @@ -101552,8 +102382,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_97E9Cebe : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Generic.yar#L241-L259" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Generic.yar#L241-L259" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "b4ff62d92bd4d423379f26b37530776b3f4d927cc8a22bd9504ef6f457de4b7a" logic_hash = "8aad31db2646fb9971b9af886e30f6c5a62a9c7de86cb9dc9e1341ac3b7762eb" score = 75 @@ -101581,8 +102411,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_98Ff0F36 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Generic.yar#L261-L279" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Generic.yar#L261-L279" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "4c14aaf05149bb38bbff041432bf9574dd38e851038638aeb121b464a1e60dcc" logic_hash = "60f17855b08cfc51e497003cbb5ed25d9168fb29c57d8bfd7105b9b5e714e3a1" score = 75 @@ -101610,8 +102440,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_1512Cf40 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Generic.yar#L281-L299" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Generic.yar#L281-L299" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "fc063a0e763894e86cdfcd2b1c73d588ae6ecb411c97df2a7a802cd85ee3f46d" logic_hash = "0d43e6a4bd5036c2b6adb61f2d7b11e625c20e9a3d29242c7c34cfc7708561be" score = 75 @@ -101639,8 +102469,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_0D6005A1 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Generic.yar#L301-L319" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Generic.yar#L301-L319" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "230d46b39b036552e8ca6525a0d2f7faadbf4246cdb5e0ac9a8569584ef295d4" logic_hash = "c3fd32e7582f0900b94fe3ba6b6bcdf238f78e2e343d70d5b0196a968a41cf26" score = 75 @@ -101668,8 +102498,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_E1Ff020A : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Generic.yar#L321-L339" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Generic.yar#L321-L339" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "5b611898f1605751a3d518173b5b3d4864b4bb4d1f8d9064cc90ad836dd61812" logic_hash = "be801989b9770f3b70217bd5f13795b5dd0b516209f631d900b6647e0afe8d98" score = 75 @@ -101697,8 +102527,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_102D6F7C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Generic.yar#L341-L359" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Generic.yar#L341-L359" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "bd40c2fbf775e3c8cb4de4a1c7c02bc4bcfa5b459855b2e5f1a8ab40f2fb1f9e" logic_hash = "52966eaaef5522e711dc89bd796b1e12019a8485ee789e8d5112d86f7e630170" score = 75 @@ -101726,8 +102556,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_9C8F3B1A : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Generic.yar#L361-L379" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Generic.yar#L361-L379" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "74d8344139c5deea854d8f82970e06fc6a51a6bf845e763de603bde7b8aa80ac" logic_hash = "f7ab9990b417c1c81903dcb7adaae910d20ea7fce6689d4846dd6002bea3e721" score = 75 @@ -101755,8 +102585,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_76Cb94A9 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Generic.yar#L381-L399" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Generic.yar#L381-L399" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "1320d7a2b5e3b65fe974a95374b4ea7ed1a5aa27d76cd3d9517d3a271121103f" logic_hash = "758ee41048c94576e7a872bfdacc6b6f2be3d460169905c876585037e11fdaa8" score = 75 @@ -101784,8 +102614,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_616Afaa1 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Generic.yar#L401-L419" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Generic.yar#L401-L419" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "0901672d2688660baa26fdaac05082c9e199c06337871d2ae40f369f5d575f71" logic_hash = "53a309a6a274558e4ae8cfa8f3e258f23dc9ceafab3be46351c00d24f5d790ec" score = 75 @@ -101813,8 +102643,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_18Af74B2 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Generic.yar#L421-L439" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Generic.yar#L421-L439" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "52707aa413c488693da32bf2705d4ac702af34faee3f605b207db55cdcc66318" logic_hash = "d8ec9bd01fcabdd4a80e07287ecc85026007672bbc3cd2d4cbb2aef98da88ed5" score = 75 @@ -101842,8 +102672,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_1B76C066 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Generic.yar#L441-L459" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Generic.yar#L441-L459" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "f60302de1a0e756e3af9da2547a28da5f57864191f448e341af1911d64e5bc8b" logic_hash = "be239bc14d1adf05a5c6bf2b2557551566330644a049b256a7a5c0ab9549bd06" score = 75 @@ -101871,8 +102701,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_B6Ea5Ee1 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Generic.yar#L461-L479" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Generic.yar#L461-L479" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "19b442c9aa229cd724ed9cbaa73f9dfaf0ed61aa3fd1bee7bf8ba964fc23a2b8" logic_hash = "529119e07aa0243afddc3141dc441c314c3f75bdf3aee473b8bb7749c95fa78a" score = 75 @@ -101900,8 +102730,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_050Ac14C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Generic.yar#L481-L499" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Generic.yar#L481-L499" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "36f2ce4e34faf42741f0a15f62e8b3477d69193bf289818e22d0e3ee3e906eb0" logic_hash = "c34b0ff3ce867a76ef57fad7642de7916fa7baebf1a2a8d514f7b74be7231fd4" score = 75 @@ -101929,8 +102759,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_Df937Caa : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Generic.yar#L501-L519" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Generic.yar#L501-L519" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "19b442c9aa229cd724ed9cbaa73f9dfaf0ed61aa3fd1bee7bf8ba964fc23a2b8" logic_hash = "d76a6008576687088f28674fb752e1a79ad2046e0208a65c21d0fcd284812ad8" score = 75 @@ -101958,8 +102788,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_E9Ff82A8 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Generic.yar#L521-L539" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Generic.yar#L521-L539" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "62ea137e42ce32680066693f02f57a0fb03483f78c365dffcebc1f992bb49c7a" logic_hash = "9309aaad6643fa212bb04ce8dc7d24978839fe475f17d36e3b692320563b6fad" score = 75 @@ -101987,8 +102817,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_A5267Ea3 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Generic.yar#L541-L559" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Generic.yar#L541-L559" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "b342ceeef58b3eeb7a312038622bcce4d76fc112b9925379566b24f45390be7d" logic_hash = "081633b5aa0490dbffcc0b8ab9850b59dbbd67d947c0fe68d28338a352e94676" score = 75 @@ -102016,8 +102846,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_4E9075E6 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Generic.yar#L561-L579" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Generic.yar#L561-L579" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "098bf2f1ce9d7f125e1c9618f349ae798a987316e95345c037a744964277f0fe" logic_hash = "fe117f65666b9eac19fa588ee631f9be7551a3a9e3695b7ecbb77806658678aa" score = 75 @@ -102045,8 +102875,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_3A8D0974 : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "193fe9ea690759f8e155458ef8f8e9efe9efc8c22ec8073bbb760e4f96b5aef7" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Generic.yar#L581-L599" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Generic.yar#L581-L599" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "7039d461d8339d635a543fae2c6dbea284ce1b727d6585b69d8d621c603f37ac" score = 75 quality = 75 @@ -102073,8 +102903,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_B9E6Ffdf : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Generic.yar#L601-L619" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Generic.yar#L601-L619" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "c0f3200a93f1be4589eec562c4f688e379e687d09c03d1d8850cc4b5f90f192a" logic_hash = "57d5b3eb5812a849d04695bdb1fb728a5ebd3bf5201ac3e7f36d37af0622eec2" score = 75 @@ -102102,8 +102932,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_7Ef74003 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Generic.yar#L621-L639" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Generic.yar#L621-L639" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "a172cfecdec8ebd365603ae094a16e247846fdbb47ba7fd79564091b7e8942a0" logic_hash = "1bde07dbb88357fcc02171512725be94d9fc0427c03afb2d59fbd0658c5d8e2e" score = 75 @@ -102131,8 +102961,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_1D0700B8 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Generic.yar#L641-L659" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Generic.yar#L641-L659" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "de59bee1793b88e7b48b6278a52e579770f5204e92042142cc3a9b2d683798dd" logic_hash = "a24264cb071d269c82718aed5bc5c6c955e1cb2c7a63fe74d4033bfa6adf8385" score = 75 @@ -102160,8 +102990,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_55Beb2Ee : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Generic.yar#L661-L679" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Generic.yar#L661-L679" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "edda1c6b3395e7f14dd201095c1e9303968d02c127ff9bf6c76af6b3d02e80ad" logic_hash = "8a31b4866100b35d559d50f5db6f80d51bced93f9aac3f0d2d1de71ba692a3c5" score = 75 @@ -102189,8 +103019,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_Fdd7340F : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Generic.yar#L681-L699" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Generic.yar#L681-L699" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "de59bee1793b88e7b48b6278a52e579770f5204e92042142cc3a9b2d683798dd" logic_hash = "fd39ba5cf050d23de0889feefa9cd74dfb6385a09aa9dba90dc1d5d6cb020867" score = 75 @@ -102218,8 +103048,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_2627921E : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Generic.yar#L701-L719" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Generic.yar#L701-L719" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "350a8ceabd8495e66cc58885f1ab38f602c66c162c05e4b6ae0e2a7977ec2cdf" logic_hash = "edb2864719d62ab212bde1adf02dd17c8edc8ce4ae273b959e58a3eaf751fd7c" score = 75 @@ -102247,8 +103077,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_E36A35B0 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Generic.yar#L721-L739" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Generic.yar#L721-L739" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "ab6d8f09df67a86fed4faabe4127cc65570dbb9ec56a1bdc484e72b72476f5a4" logic_hash = "0572f584746a2af6f545798b25445fd4e764a9eecc01b7476e5c1af631eb314a" score = 75 @@ -102276,8 +103106,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_6Dad0380 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Generic.yar#L741-L759" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Generic.yar#L741-L759" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "628b1cc8ccdbe2ae0d4ef621da047e07e2532d00fe3d4da65f0a0bcab20fb546" logic_hash = "b305448d5517212adb7586e7af12842095e1a263520511329e40f0865fe4f81b" score = 75 @@ -102305,8 +103135,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_E73F501E : FILE MEMORY date = "2021-12-13" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Generic.yar#L761-L779" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Generic.yar#L761-L779" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "2f646ced4d05ba1807f8e08a46ae92ae3eea7199e4a58daf27f9bd0f63108266" logic_hash = "2f6187f3447f9409485e9e8aa047114aa3c38bcc338106c3ed8680152dff121a" score = 75 @@ -102334,8 +103164,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_5E56D076 : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Generic.yar#L781-L799" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Generic.yar#L781-L799" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "32e1cb0369803f817a0c61f25ca410774b4f37882cab966133b4f3e9c74fac09" logic_hash = "c8e2ebcffe8a169c2cc311c95538b674937fa87e06d2946a6ed3b0c1f039f7fc" score = 75 @@ -102363,8 +103193,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_54357231 : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Generic.yar#L801-L819" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Generic.yar#L801-L819" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "388b927b850b388e0a46a6c9a22b733d469e0f93dc053ebd78996e903b25e38a" logic_hash = "a895c9fd124d6bd55748093c3ef54606e5692285260aa21bd70dca02126239d2" score = 75 @@ -102392,8 +103222,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_467C4D46 : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Generic.yar#L821-L839" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Generic.yar#L821-L839" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "388b927b850b388e0a46a6c9a22b733d469e0f93dc053ebd78996e903b25e38a" logic_hash = "b28f871365c1fa6315b1c2fc6698bdd224961972cd578db05c311406c239ac22" score = 75 @@ -102421,8 +103251,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_E0Cca9Dc : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Generic.yar#L841-L859" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Generic.yar#L841-L859" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "59a1d8aa677739f2edbb8bd34f566b31f19d729b0a115fef2eac8ab1d1acc383" logic_hash = "fa4089f74fc78e99427b4e8eda9f8348e042dc876c7281a4a2173c83076bfbd2" score = 75 @@ -102450,8 +103280,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_36E404E2 : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Cryptominer_Generic.yar#L861-L879" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Cryptominer_Generic.yar#L861-L879" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "59a1d8aa677739f2edbb8bd34f566b31f19d729b0a115fef2eac8ab1d1acc383" logic_hash = "d38cc5714721c0b00cfa47cb9828fd76ff57ec8180e5cfe1fec67a092dd87904" score = 75 @@ -102479,8 +103309,8 @@ rule ELASTIC_Windows_Trojan_Grandoreiro_51236Ba2 : FILE MEMORY date = "2022-08-23" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Grandoreiro.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Grandoreiro.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "1bdf381e7080d9bed3f52f4b3db1991a80d3e58120a5790c3d1609617d1f439e" logic_hash = "9a8549a1dd82f56458ea8aee5c30243ac073d15c820de28d78a58d2c067b10d6" score = 75 @@ -102512,8 +103342,8 @@ rule ELASTIC_Linux_Trojan_Mech_D30Ec0A0 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Mech.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Mech.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "710d1a0a8c7eecc6d793933c8a97cec66d284b3687efee7655a2dc31d15c0593" logic_hash = "268aeb25d6468412d8123bab5eb2c8bd7704828d0ef3c3d771aa036e374127d7" score = 75 @@ -102532,6 +103362,40 @@ rule ELASTIC_Linux_Trojan_Mech_D30Ec0A0 : FILE MEMORY condition: all of them } +rule ELASTIC_Windows_Ransomware_Akira_C8C298Ba : FILE MEMORY +{ + meta: + description = "Detects Windows Ransomware Akira (Windows.Ransomware.Akira)" + author = "Elastic Security" + id = "c8c298ba-2760-4880-a54a-3d916049d0ab" + date = "2024-05-02" + modified = "2024-05-08" + reference = "https://github.com/elastic/protections-artifacts/" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Akira.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" + hash = "a2df5477cf924bd41241a3326060cc2f913aff2379858b148ddec455e4da67bc" + logic_hash = "9058c83693e93f6daee8894453e56e0d9a4867d551ec3a6b66d7a517f65d8b07" + score = 75 + quality = 75 + tags = "FILE, MEMORY" + fingerprint = "81c6dfa172ce7f4254e3cc74fcb71786336d39438d6e9379f7611495f54227c9" + severity = 100 + arch_context = "x86" + scan_context = "file, memory" + license = "Elastic License v2" + os = "windows" + + strings: + $a1 = "akira_readme.txt" ascii fullword + $a2 = "Number of threads to encrypt = " ascii fullword + $a3 = "write_encrypt_info error:" ascii fullword + $a4 = "Log-%d-%m-%Y-%H-%M-%S" ascii fullword + $a5 = "--encryption_path" wide fullword + $a6 = "--encryption_percent" wide fullword + + condition: + 3 of them +} rule ELASTIC_Windows_Wiper_Caddywiper_484Bd98A : FILE MEMORY { meta: @@ -102541,8 +103405,8 @@ rule ELASTIC_Windows_Wiper_Caddywiper_484Bd98A : FILE MEMORY date = "2022-03-14" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Wiper_CaddyWiper.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Wiper_CaddyWiper.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "a294620543334a721a2ae8eaaf9680a0786f4b9a216d75b55cfd28f39e9430ea" logic_hash = "f473673afc211b02328f4e9d88e709acd95bf4b1fa565f5aca972b92324bf589" score = 75 @@ -102573,8 +103437,8 @@ rule ELASTIC_Windows_Trojan_Dcrat_1Aeea1Ac : FILE MEMORY date = "2022-01-15" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_DCRat.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_DCRat.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "6163e04a40ed52d5e94662131511c3ae08d473719c364e0f7de60dff7fa92cf7" score = 75 quality = 75 @@ -102607,8 +103471,8 @@ rule ELASTIC_Multi_EICAR_Ac8F42D6 : FILE MEMORY date = "2021-01-21" modified = "2022-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Multi_EICAR.yar#L1-L18" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Multi_EICAR.yar#L1-L18" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "05c92058aab1229dfa31e006276c2c83fa484e813bdfe66edf387763797d9d57" score = 75 quality = 25 @@ -102635,8 +103499,8 @@ rule ELASTIC_Linux_Proxy_Frp_4213778F : FILE MEMORY date = "2021-10-20" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Proxy_Frp.yar#L1-L28" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Proxy_Frp.yar#L1-L28" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "16294086be1cc853f75e864a405f31e2da621cb9d6a59f2a71a2fca4e268b6c2" logic_hash = "83eeb632026c38ac08357c27d971da31fbc9a0500ecf489e8332ac5862a77b85" score = 75 @@ -102673,8 +103537,8 @@ rule ELASTIC_Windows_Trojan_Bitrat_34Bd6C83 : FILE MEMORY date = "2021-06-13" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Bitrat.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Bitrat.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "37f70ae0e4e671c739d402c00f708761e98b155a1eefbedff1236637c4b7690a" logic_hash = "d386fc2a4b6a98638328d1aa05a8d8dbb7a1bbcd72943457b1a5a27b056744ef" score = 75 @@ -102706,8 +103570,8 @@ rule ELASTIC_Windows_Trojan_Bitrat_54916275 : FILE MEMORY date = "2022-08-29" modified = "2022-09-29" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Bitrat.yar#L25-L43" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Bitrat.yar#L25-L43" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "d3b2c410b431c006c59f14b33e95c0e44e6221b1118340c745911712296f659f" logic_hash = "4c66f79f4bf6bde49bfb9208e6dc1d3b5d041927565e7302381838b0f32da6f4" score = 75 @@ -102726,6 +103590,43 @@ rule ELASTIC_Windows_Trojan_Bitrat_54916275 : FILE MEMORY condition: all of them } +rule ELASTIC_Windows_Hacktool_Certify_Ffe1Cca2 : FILE MEMORY +{ + meta: + description = "Detects Windows Hacktool Certify (Windows.Hacktool.Certify)" + author = "Elastic Security" + id = "ffe1cca2-106c-4197-9d26-eb90331435d9" + date = "2024-03-27" + modified = "2024-05-08" + reference = "https://github.com/elastic/protections-artifacts/" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Hacktool_Certify.yar#L1-L27" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" + hash = "3c7f759a6c38d0c0780fba2d43be6dcf9e4869d54b66f16c0703ec8e58124953" + logic_hash = "e1d37ad683bfbe34433dc5e13ae2cf7c873fed640e1c58a3b0274b4b34900e53" + score = 75 + quality = 71 + tags = "FILE, MEMORY" + fingerprint = "69f5648f1a9621fe33e63c150d184cb89ceef472885a928aa501a08d8069234d" + severity = 100 + arch_context = "x86" + scan_context = "file, memory" + license = "Elastic License v2" + os = "windows" + + strings: + $a1 = "b_" + $a2 = "b_" + $a3 = "b_" + $a4 = "b_" + $a5 = "b_" + $b1 = "64524ca5-e4d0-41b3-acc3-3bdbefd40c97" ascii wide nocase + $b2 = "64524CA5-E4D0-41B3-ACC3-3BDBEFD40C97" ascii wide nocase + $b3 = "Certify.exe find /vulnerable" wide + $b4 = "Certify.exe request /ca" wide + + condition: + all of ($a*) or any of ($b*) +} rule ELASTIC_Linux_Trojan_Bedevil_A1A72C39 : FILE MEMORY { meta: @@ -102735,8 +103636,8 @@ rule ELASTIC_Linux_Trojan_Bedevil_A1A72C39 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Bedevil.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Bedevil.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "017a9d7290cf327444d23227518ab612111ca148da7225e64a9f6ebd253449ab" logic_hash = "227adcc340c38cebf56ea2f39b483c965dd46827d83afe5f866ca844c932da76" score = 75 @@ -102764,8 +103665,8 @@ rule ELASTIC_Windows_Ransomware_Darkside_D7Fc4594 : FILE MEMORY date = "2021-05-20" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Darkside.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Darkside.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "bfb31c96f9e6285f5bb60433f2e45898b8a7183a2591157dc1d766be16c29893" logic_hash = "0083fb64955973e7dbbb35d08cb780fa0b4ff4d064c102dc8f86e29af8358bad" score = 75 @@ -102793,8 +103694,8 @@ rule ELASTIC_Windows_Ransomware_Darkside_Aceac5D9 : FILE MEMORY date = "2021-05-20" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Ransomware_Darkside.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Ransomware_Darkside.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "bfb31c96f9e6285f5bb60433f2e45898b8a7183a2591157dc1d766be16c29893" logic_hash = "888ab06b55b07879ee6b9a45c04f1a09c570aeb4be55c698300566d57fd47252" score = 75 @@ -102822,8 +103723,8 @@ rule ELASTIC_Linux_Exploit_Cornelgen_584A227A : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_Cornelgen.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_Cornelgen.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "c823cb669f1d6cb9258d6f0b187609c226af23396f9c5be26eb479e5722a9d97" logic_hash = "db3b6bbab48074449ae8b404f8fa77d93cde1ab8e57bd4ad981ac2afb8226494" score = 75 @@ -102851,8 +103752,8 @@ rule ELASTIC_Linux_Exploit_Cornelgen_Be0Bc02D : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_Cornelgen.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_Cornelgen.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "24c0ba8ad4f543f9b0aff0d0b66537137bc78606b47ced9b6d08039bbae78d80" logic_hash = "67c4f2d875f233b52fcbc24d9225c51af4dc09c27ce3915f0d756202bd4e5867" score = 75 @@ -102880,8 +103781,8 @@ rule ELASTIC_Linux_Exploit_Cornelgen_03Ee53D3 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_Cornelgen.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_Cornelgen.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "711eafd09d4e5433be142d54db153993ee55b6c53779d8ec7e76ca534b4f81a5" logic_hash = "e7d9c66621ad3c56f3bb8150c17b10495053d9485b2143750aeefd3c55ab7943" score = 75 @@ -102909,8 +103810,8 @@ rule ELASTIC_Windows_Hacktool_Sharpchromium_41Ce5080 : FILE MEMORY date = "2022-11-20" modified = "2023-01-11" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Hacktool_SharpChromium.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Hacktool_SharpChromium.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "9dd65aa53728d51f0f3b9aaf51a24f8a2c3f84b4a4024245575975cf9ad7f2e5" logic_hash = "50972a6e6af1d7076243320fb6559193e0c46ac1300aa62d12390fdeb2fffdcd" score = 75 @@ -102942,8 +103843,8 @@ rule ELASTIC_Multi_Hacktool_Nps_C6Eb4A27 : FILE MEMORY date = "2024-01-24" modified = "2024-01-29" reference = "https://www.elastic.co/security-labs/unmasking-financial-services-intrusion-ref0657" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Multi_Hacktool_Nps.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Multi_Hacktool_Nps.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "4714e8ad9c625070ca0a151ffc98d87d8e5da7c8ef42037ca5f43baede6cfac1" logic_hash = "53baf04f4ab8967761c6badb24f6632cc1bf4a448abf0049318b96855f30feea" score = 75 @@ -102976,8 +103877,8 @@ rule ELASTIC_Multi_Hacktool_Nps_F76F257D : FILE MEMORY date = "2024-01-24" modified = "2024-01-29" reference = "https://www.elastic.co/security-labs/unmasking-financial-services-intrusion-ref0657" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Multi_Hacktool_Nps.yar#L27-L50" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Multi_Hacktool_Nps.yar#L27-L50" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "80721b20a8667536a33fca50236f5c8e0c0d07aa7805b980e40818ab92cd9f4a" logic_hash = "0bbd7f86bfd2967dc390510c2e403d05e1b56551b965ea716b9e5330f75c9bd5" score = 75 @@ -103009,8 +103910,8 @@ rule ELASTIC_Macos_Trojan_Electrorat_B4Dbfd1D : FILE MEMORY date = "2021-09-30" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/MacOS_Trojan_Electrorat.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/MacOS_Trojan_Electrorat.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "b1028b38fcce0d54f2013c89a9c0605ccb316c36c27faf3a35adf435837025a4" logic_hash = "a36143a8c93cb187dba0a88a15550219c19f1483502f782dfefc1e53829cfbf1" score = 75 @@ -103041,8 +103942,8 @@ rule ELASTIC_Linux_Ransomware_Sfile_9E347B52 : FILE MEMORY date = "2023-07-29" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Ransomware_SFile.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Ransomware_SFile.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "49473adedc4ee9b1252f120ad8a69e165dc62eabfa794370408ae055ec65db9d" logic_hash = "394571fd5746132d15da97428c3afc149435d91d5432eadf1c838d4a6433c7c1" score = 75 @@ -103071,8 +103972,8 @@ rule ELASTIC_Windows_Trojan_Phoreal_66E91De3 : FILE MEMORY date = "2022-02-16" modified = "2022-04-12" reference = "https://www.elastic.co/security-labs/phoreal-malware-targets-the-southeast-asian-financial-sector" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Phoreal.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Phoreal.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "88f073552b30462a00d1d612b1638b0508e4ef02c15cf46203998091f0aef4de" logic_hash = "c68131fd5e0272d3d473db387a186056a38e6611925ae448d5b668022e6e163a" score = 75 @@ -103103,8 +104004,8 @@ rule ELASTIC_Linux_Trojan_Rbot_C69475E3 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Rbot.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Rbot.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "9d97c69b65d2900c39ca012fe0486e6a6abceebb890cbb6d2e091bb90f6b9690" logic_hash = "2a8629ebf6e2082ce90f1b2130ae596e4e515f3289a25899f2fc57b99c01a654" score = 75 @@ -103132,8 +104033,8 @@ rule ELASTIC_Linux_Trojan_Rbot_96625C8C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Rbot.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Rbot.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "a052cfad3034d851c6fad62cc8f9c65bceedc73f3e6a37c9befe52720fd0890e" logic_hash = "5a9671e10e7b9b58ecf9fab231de18b4b6039c9d351b145fae1705297acda95e" score = 75 @@ -103161,8 +104062,8 @@ rule ELASTIC_Linux_Trojan_Rbot_366F1599 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Rbot.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Rbot.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "5553d154a0e02e7f97415299eeae78e5bb0ecfbf5454e3933d6fd9675d78b3eb" logic_hash = "3efe0f35efd855b415149513e8abb2210a26ef6f3b6c31275c8147fabb634fab" score = 75 @@ -103190,8 +104091,8 @@ rule ELASTIC_Windows_Trojan_Squirrelwaffle_88033Ff1 : FILE MEMORY date = "2021-09-20" modified = "2022-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Squirrelwaffle.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Squirrelwaffle.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "00d045c89934c776a70318a36655dcdd77e1fedae0d33c98e301723f323f234c" logic_hash = "695d7d411a4de23ba1517a06bda3ce73add37dca1e6fe9046e7c2dcae237389e" score = 75 @@ -103222,8 +104123,8 @@ rule ELASTIC_Windows_Trojan_Squirrelwaffle_D3B685A1 : FILE MEMORY date = "2021-09-21" modified = "2022-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Squirrelwaffle.yar#L24-L42" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Squirrelwaffle.yar#L24-L42" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "00d045c89934c776a70318a36655dcdd77e1fedae0d33c98e301723f323f234c" logic_hash = "7d187aa75fc767f5009f3090852de4894776f4b3f99f189478e7e9fd9c3acbe7" score = 75 @@ -103251,8 +104152,8 @@ rule ELASTIC_Linux_Trojan_Ngioweb_8Bd3002C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Ngioweb.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Ngioweb.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "5480bc02aeebd3062e6d19e50a5540536ce140d950327cce937ff7e71ebd15e2" logic_hash = "578fd1c3e6091df9550b3c2caf999d7a0432f037b0cc4b15642531e7fdffd7b7" score = 75 @@ -103280,8 +104181,8 @@ rule ELASTIC_Linux_Trojan_Ngioweb_A592A280 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Ngioweb.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Ngioweb.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "5480bc02aeebd3062e6d19e50a5540536ce140d950327cce937ff7e71ebd15e2" logic_hash = "b16cf5b527782680cc1da6f61dd537596792fed615993b19965ef2dbde701e64" score = 75 @@ -103309,8 +104210,8 @@ rule ELASTIC_Linux_Trojan_Ngioweb_D57Aa841 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Ngioweb.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Ngioweb.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "555d60bd863caff231700c5f606d0034d5aa8362862d1fd0c816615d59f582f7" logic_hash = "b0db72ad81d27f5b2ac2d2bb903ff10849c304d40619fd95a39e7d48c64c45ba" score = 75 @@ -103338,8 +104239,8 @@ rule ELASTIC_Linux_Trojan_Ngioweb_B97E0253 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Ngioweb.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Ngioweb.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "5480bc02aeebd3062e6d19e50a5540536ce140d950327cce937ff7e71ebd15e2" logic_hash = "dc11d50166a4d1b400c0df81295054192d42822dd3e065e374a92a31727d4dbd" score = 75 @@ -103367,8 +104268,8 @@ rule ELASTIC_Linux_Trojan_Ngioweb_66C465A0 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Ngioweb.yar#L81-L99" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Ngioweb.yar#L81-L99" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "7454ee074812d7fa49044de8190e17b5034b3f08625f547d1b04aae4054fd81a" logic_hash = "71f224e3ee1ff29787258a61f29a37a9ddc51e9cb5df0693ea52fd4b6f0b5ad8" score = 75 @@ -103396,8 +104297,8 @@ rule ELASTIC_Linux_Trojan_Ngioweb_D8573802 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Ngioweb.yar#L101-L119" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Ngioweb.yar#L101-L119" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "7454ee074812d7fa49044de8190e17b5034b3f08625f547d1b04aae4054fd81a" logic_hash = "b51ab7a7c26e889a4e8efc2b9883f709c17d82032b0c28ab3e30229d6f296367" score = 75 @@ -103425,8 +104326,8 @@ rule ELASTIC_Linux_Trojan_Ngioweb_7926Bc8E : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Ngioweb.yar#L121-L139" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Ngioweb.yar#L121-L139" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "555d60bd863caff231700c5f606d0034d5aa8362862d1fd0c816615d59f582f7" logic_hash = "ac42dd714696825d64402861e96122cce7cd09ae8d9c43a19dd9cf95d7b09610" score = 75 @@ -103454,8 +104355,8 @@ rule ELASTIC_Linux_Trojan_Ngioweb_E2377400 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Ngioweb.yar#L141-L159" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Ngioweb.yar#L141-L159" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "b88daf00a0e890b6750e691856b0fe7428d90d417d9503f62a917053e340228b" logic_hash = "71276698d1bdb9bc494fe6f1aa9755940583331836abc490e0b5ac3454d35de6" score = 75 @@ -103483,8 +104384,8 @@ rule ELASTIC_Linux_Trojan_Ngioweb_994F1E97 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Ngioweb.yar#L161-L178" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Ngioweb.yar#L161-L178" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "2384e787877b622445d7d14053a8340d2e97d3ab103a3fabfa08a40068726ad0" score = 75 quality = 75 @@ -103511,8 +104412,8 @@ rule ELASTIC_Linux_Rootkit_Arkd_Bbd56917 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Rootkit_Arkd.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Rootkit_Arkd.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "e0765f0e90839b551778214c2f9ae567dd44838516a3df2c73396a488227a600" logic_hash = "5e1ce9c37d92222e21b43f9e5f3275a70c6e8eb541c3762f9382c5d5c72fb50d" score = 75 @@ -103540,8 +104441,8 @@ rule ELASTIC_Windows_Trojan_Blackshades_9D095C44 : FILE MEMORY date = "2022-02-28" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_BlackShades.yar#L1-L26" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_BlackShades.yar#L1-L26" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "e58e352edaa8ae7f95ab840c53fcaf7f14eb640df9223475304788533713c722" logic_hash = "2a2e6325d3de9289cc8bc26e1fe89a8fa81d9aae50b92ba2cf21c4cc6556ac9e" score = 75 @@ -103576,8 +104477,8 @@ rule ELASTIC_Windows_Trojan_Blackshades_Be382Dac : FILE MEMORY date = "2022-02-28" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_BlackShades.yar#L28-L46" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_BlackShades.yar#L28-L46" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "e58e352edaa8ae7f95ab840c53fcaf7f14eb640df9223475304788533713c722" logic_hash = "a13e37e7930d2d1ed1aa4fdeb282f11bfeb7fe008625589e2bfeab0beea43580" score = 75 @@ -103605,8 +104506,8 @@ rule ELASTIC_Linux_Trojan_Winnti_61215D98 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Winnti.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Winnti.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "cc1455e3a479602581c1c7dc86a0e02605a3c14916b86817960397d5a2f41c31" logic_hash = "051cc157f189094d25d45e66e410bdfd61ed7649a4c935d076cec1597c5debf5" score = 75 @@ -103634,8 +104535,8 @@ rule ELASTIC_Linux_Trojan_Winnti_4C5A1865 : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "0d963a713093fc8e5928141f5747640c9b43f3aadc8a5478c949f7ec364b28ad" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Winnti.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Winnti.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "69f6dcba59ec8cd7f4dfe853495a35601e35d74476fad9e18bef7685a68ece51" score = 75 quality = 75 @@ -103662,8 +104563,8 @@ rule ELASTIC_Linux_Trojan_Winnti_6F4Ca425 : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "161af780209aa24845863f7a8120aa982aa811f16ec04bcd797ed165955a09c1" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Winnti.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Winnti.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "a1ffc0e3d27c4bb9fd10f14d45b649b4f059c654b31449013ac06d0981ed25ed" score = 75 quality = 75 @@ -103690,8 +104591,8 @@ rule ELASTIC_Linux_Trojan_Winnti_De4B0F6E : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "a6b9b3ea19eaddd4d90e58c372c10bbe37dbfced638d167182be2c940e615710" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Winnti.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Winnti.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "fb7b0ff4757dfc1ba2ca8585d5ddf14aae03063e10bdc2565443362c6ba37c30" score = 75 quality = 75 @@ -103718,8 +104619,8 @@ rule ELASTIC_Linux_Trojan_Truncpx_894D60F8 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Truncpx.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Truncpx.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "2f09f2884fd5d3f5193bfc392656005bce6b935c12b3049ac8eb96862e4645ba" logic_hash = "9bc0a7fbddac532b53c72681f349bca0370b1fe6fb2d16f539560085b3ec4be3" score = 75 @@ -103747,8 +104648,8 @@ rule ELASTIC_Linux_Ransomware_Hellokitty_35731270 : FILE MEMORY date = "2023-07-27" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Ransomware_Hellokitty.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Ransomware_Hellokitty.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "556e5cb5e4e77678110961c8d9260a726a363e00bf8d278e5302cb4bfccc3eed" logic_hash = "40cb632d6b8561de56f2010a082a24b0c50d4cabed21e073168b5302ddff7044" score = 75 @@ -103778,8 +104679,8 @@ rule ELASTIC_Windows_Vulndriver_Procid_86605Fa9 : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_VulnDriver_ProcId.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_VulnDriver_ProcId.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "b03f26009de2e8eabfcf6152f49b02a55c5e5d0f73e01d48f5a745f93ce93a29" logic_hash = "882cdbd267d812e77e68e7080f1fca0ca3d7e75ab84c583c3ec148894b1cf644" score = 75 @@ -103807,8 +104708,8 @@ rule ELASTIC_Linux_Exploit_Courier_190258Dd : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Exploit_Courier.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Exploit_Courier.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "349866d0fb81d07a35b53eac6f11176721629bbd692526851e483eaa83d690c3" logic_hash = "c318d78a11a021334c84a21db2be6d7df57440a1f3ad6feaaff9cc95ebf6f716" score = 75 @@ -103827,6 +104728,39 @@ rule ELASTIC_Linux_Exploit_Courier_190258Dd : FILE MEMORY condition: all of them } +rule ELASTIC_Windows_Infostealer_Strela_0Dc3E4A1 : MEMORY +{ + meta: + description = "Detects Windows Infostealer Strela (Windows.Infostealer.Strela)" + author = "Elastic Security" + id = "0dc3e4a1-13ac-4461-aac9-896f9e30d84b" + date = "2024-03-25" + modified = "2024-05-08" + reference = "https://github.com/elastic/protections-artifacts/" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Infostealer_Strela.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" + hash = "e6991b12e86629b38e178fef129dfda1d454391ffbb236703f8c026d6d55b9a1" + logic_hash = "3e4756f817970a5373183b4d0f893edf0b08fe146c79ed83f86d191199c25095" + score = 75 + quality = 75 + tags = "MEMORY" + fingerprint = "517b11ee532ecc6beba5a705618e4a25869abb33fd4ba58e1f956fad95e20ac3" + severity = 100 + arch_context = "x86" + scan_context = "memory" + license = "Elastic License v2" + os = "windows" + + strings: + $s1 = "strela" fullword + $s2 = "/server.php" fullword + $s3 = "%s%s\\key4.db" fullword + $s4 = "%s%s\\logins.json" fullword + $old_pdb = "Projects\\StrelaDLLCompile\\Release\\StrelaDLLCompile.pdb" fullword + + condition: + all of ($s*) or $old_pdb +} rule ELASTIC_Windows_Trojan_Darkcomet_1Df27Bcc : FILE MEMORY { meta: @@ -103836,8 +104770,8 @@ rule ELASTIC_Windows_Trojan_Darkcomet_1Df27Bcc : FILE MEMORY date = "2021-08-16" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Darkcomet.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Darkcomet.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "7fbe87545eef49da0df850719536bb30b196f7ad2d5a34ee795c01381ffda569" logic_hash = "5886e3316839e64f934a0e84d85074e076f3e1e44f86fee35a87eb560bfa2aa7" score = 75 @@ -103869,8 +104803,8 @@ rule ELASTIC_Linux_Trojan_Rooter_C8D08D3A : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Rooter.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Rooter.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "f55e3aa4d875d8322cdd7caa17aa56e620473fe73c9b5ae0e18da5fbc602a6ba" logic_hash = "c91f3112cc61acec08ab3cd59bab2ae833ba0d8ac565ffb26a46982f38af0e71" score = 75 @@ -103898,8 +104832,8 @@ rule ELASTIC_Linux_Trojan_Ladvix_Db41F9D2 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Ladvix.yar#L1-L18" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Ladvix.yar#L1-L18" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "81642b4ff1b6488098f019c5e992fc942916bc6eb593006cf91e878ac41509d6" score = 75 quality = 75 @@ -103926,8 +104860,8 @@ rule ELASTIC_Linux_Trojan_Ladvix_77D184Fd : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Ladvix.yar#L20-L38" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Ladvix.yar#L20-L38" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "1bb44b567b3c82f7ee0e08b16f7326d1af57efe77d608a96b2df43aab5faa9f7" logic_hash = "0ae9c41d3eb7964344f71b9708278a0e83776228e4455cf0ad7c08e288305203" score = 75 @@ -103955,8 +104889,8 @@ rule ELASTIC_Linux_Trojan_Ladvix_C9888Edb : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Ladvix.yar#L40-L58" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Ladvix.yar#L40-L58" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "1d798e9f15645de89d73e2c9d142189d2eaf81f94ecf247876b0b865be081dca" logic_hash = "608f2340b0ee4b843933d8137aa0908583a6de477e6c472fb4bd2e5bb62dfb80" score = 75 @@ -103984,8 +104918,8 @@ rule ELASTIC_Linux_Trojan_Ladvix_81Fccd74 : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "2a183f613fca5ec30dfd82c9abf72ab88a2c57d2dd6f6483375913f81aa1c5af" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Linux_Trojan_Ladvix.yar#L60-L78" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Linux_Trojan_Ladvix.yar#L60-L78" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" logic_hash = "18f7ca953d22f02c1dbf03595a19b66ea582d2c1623f0042dcf15f86556ca41e" score = 75 quality = 75 @@ -104012,8 +104946,8 @@ rule ELASTIC_Windows_Trojan_Rhadamanthys_21B60705 : FILE MEMORY date = "2023-03-19" modified = "2023-04-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Rhadamanthys.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Rhadamanthys.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "3ba97c51ba503fa4bdcfd5580c75436bc88794b4ae883afa1d92bb0b2a0f5efe" logic_hash = "ef3f60689d72553111b42b27e0a1a0316288ae07fbfaf159eea8c76380d528fa" score = 75 @@ -104047,8 +104981,8 @@ rule ELASTIC_Windows_Trojan_Rhadamanthys_1Da1C2C2 : FILE MEMORY date = "2023-03-28" modified = "2023-04-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Rhadamanthys.yar#L27-L52" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Rhadamanthys.yar#L27-L52" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "9bfc4fed7afc79a167cac173bf3602f9d1f90595d4e41dab68ff54973f2cedc1" logic_hash = "bf5d45fe79dacfc6aee5cfd788ec6ce77e99e55d5a6d294da57c126bedf75ee9" score = 75 @@ -104083,8 +105017,8 @@ rule ELASTIC_Windows_Trojan_Rhadamanthys_Ae00F48C : FILE MEMORY date = "2023-05-05" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/yara/rules/Windows_Trojan_Rhadamanthys.yar#L54-L74" - license_url = "https://github.com/elastic/protections-artifacts//blob/f98777756fcfbe5ab05a296388044a2dbb962557/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Rhadamanthys.yar#L54-L74" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" hash = "56b5ff5132ec1c5836223ced287d51a9ecee8d2b081f449245e136b1262a8714" logic_hash = "423b68717a7aead3c871e7fc744e35dad1cfd7727bfba2bdaec69fb782540380" score = 75 @@ -104105,11 +105039,43 @@ rule ELASTIC_Windows_Trojan_Rhadamanthys_Ae00F48C : FILE MEMORY condition: all of them } +rule ELASTIC_Windows_Trojan_Rhadamanthys_Cf5Dd2E2 : FILE MEMORY +{ + meta: + description = "Detects Windows Trojan Rhadamanthys (Windows.Trojan.Rhadamanthys)" + author = "Elastic Security" + id = "cf5dd2e2-a505-4927-8653-3c9addd3ac90" + date = "2024-04-03" + modified = "2024-05-08" + reference = "https://github.com/elastic/protections-artifacts/" + source_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/yara/rules/Windows_Trojan_Rhadamanthys.yar#L76-L97" + license_url = "https://github.com/elastic/protections-artifacts//blob/3bbef930abab9814b2fdb4704be075ab1daf2ea0/LICENSE.txt" + hash = "39ccc224c2c6d89d0bce3d9e2c677465cbc7524f2d2aa903f79ad26b340dec3d" + logic_hash = "039d6de0d072be6717ba3eb90735d7b4898d3bbac83db4feb75efcdbca8fd98b" + score = 75 + quality = 75 + tags = "FILE, MEMORY" + fingerprint = "3b2bdfd45a11649deb3430044c7b707aebcf74a3745398e3db09a7465fa62a6c" + severity = 100 + arch_context = "x86" + scan_context = "file, memory" + license = "Elastic License v2" + os = "windows" + + strings: + $a1 = { 33 D2 49 8B C4 49 83 C4 57 48 F7 F7 41 8A C2 46 0F B6 04 1A 33 D2 42 8D 4C 05 00 C1 E9 03 F6 E9 8A C8 49 8B C0 41 C0 E8 05 } + $a2 = { 8A 04 19 32 03 88 04 1A 48 83 C3 01 48 83 EF 01 } + $a3 = { 4C 01 27 48 8B 0F 48 8B 47 10 C6 04 01 00 48 83 07 01 48 8B 0F 48 8B 47 10 } + $a4 = { 69 F6 93 01 00 01 0F B6 C0 48 83 C1 01 33 F0 8A 01 84 C0 } + + condition: + 2 of them +} /* * YARA Rule Set * Repository Name: R3c0nst * Repository: https://github.com/fboldewin/YARA-rules/ - * Retrieval Date: 2024-05-05 + * Retrieval Date: 2024-05-12 * Git Commit: 54e9e6899b258b72074b2b4db6909257683240c2 * Number of Rules: 26 * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance) @@ -104876,9 +105842,9 @@ rule R3C0NST_ATM_Malware_Loup : FILE * YARA Rule Set * Repository Name: CAPE * Repository: https://github.com/kevoreilly/CAPEv2 - * Retrieval Date: 2024-05-05 - * Git Commit: 3cff06445d2f56ba1cea2846e79a7df06ac39c46 - * Number of Rules: 91 + * Retrieval Date: 2024-05-12 + * Git Commit: fa94c917659a24a412ae793a54e2be48e5f15ec7 + * Number of Rules: 92 * Skipped: 0 (age), 10 (quality), 0 (score), 0 (importance) * * @@ -105559,8 +106525,8 @@ rule CAPE_Azorult : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/Azorult.yar#L1-L12" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/Azorult.yar#L1-L12" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "4691cf48d513d1965416b0cce1b6e19c8f7b393a940afd68b7c6ca8c0d125d90" score = 75 quality = 70 @@ -105583,8 +106549,8 @@ rule CAPE_Rhadamanthys date = "2023-09-18" modified = "2023-09-18" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/Rhadamanthys.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/Rhadamanthys.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "f71bee3ef1dd7b16a55397645d16c0a20d1fdd3bf662f241c0b11796629b11ff" score = 75 quality = 70 @@ -105609,8 +106575,8 @@ rule CAPE_Petrwrap : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/PetrWrap.yar#L1-L15" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/PetrWrap.yar#L1-L15" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "6dd1cf5639b63d0ab41b24080dad68d285f2e3969ad34fd724c83e7a0dd4b968" score = 75 quality = 70 @@ -105635,8 +106601,8 @@ rule CAPE_Mole : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/Mole.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/Mole.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "8be4d190d554a610360c0e04b33da59eb00319395e5b2000d580546ce6503786" score = 75 quality = 70 @@ -105660,8 +106626,8 @@ rule CAPE_Amadey : FILE date = "2023-09-04" modified = "2023-09-04" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/Amadey.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/Amadey.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" hash = "988258716d5296c1323303e8fe4efd7f4642c87bfdbe970fe9a3bb3f410f70a4" logic_hash = "38f710b422a3644c9f0f3e80ad9ff28ef02050368c651a6cc2ce8b152b67bf48" score = 75 @@ -105686,8 +106652,8 @@ rule CAPE_Nemty : FILE date = "2020-04-03" modified = "2020-04-03" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/Nemty.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/Nemty.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "a05974b561c67b4f1e0812639b74831edcf65686a06c0d380f0b45739e342419" score = 75 quality = 70 @@ -105711,8 +106677,8 @@ rule CAPE_Vidar : FILE date = "2023-04-21" modified = "2023-04-21" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/Vidar.yar#L1-L22" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/Vidar.yar#L1-L22" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "5d4c030536ed41cf4e0dcb77b2fe4553d789ee2b8095a4b3e050692335a8709d" score = 75 quality = 70 @@ -105745,8 +106711,8 @@ rule CAPE_Cerber : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/Cerber.yar#L1-L12" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/Cerber.yar#L1-L12" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "16a8f808c28d3b142c079a305aba7f553f2452e439710bf610a06f8f2924d5a3" score = 75 quality = 70 @@ -105768,8 +106734,8 @@ rule CAPE_Emotetloader : FILE date = "2022-05-31" modified = "2022-05-31" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/EmotetLoader.yar#L1-L12" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/EmotetLoader.yar#L1-L12" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "410872d25ed3a89a2cba108f952d606cd1c3bf9ccc89ae6ab3377b83665c2773" score = 75 quality = 70 @@ -105791,8 +106757,8 @@ rule CAPE_Qakbot5 : FILE date = "2024-04-28" modified = "2024-04-28" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/QakBot.yar#L1-L15" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/QakBot.yar#L1-L15" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" hash = "59559e97962e40a15adb2237c4d01cfead03623aff1725616caeaa5a8d273a35" logic_hash = "cc23a92f45619d44af824128b743c259dd9dfa7cb5106932f3425f3dfd1dccdf" score = 75 @@ -105818,8 +106784,8 @@ rule CAPE_Qakbot4 : FILE date = "2024-04-28" modified = "2024-04-28" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/QakBot.yar#L17-L35" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/QakBot.yar#L17-L35" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "b2870e33abffbb3ff49b7891b0f5c538ab48ee63da5553929d4e37dec921344f" score = 75 quality = 70 @@ -105849,8 +106815,8 @@ rule CAPE_Sedreco : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/Sedreco.yar#L1-L15" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/Sedreco.yar#L1-L15" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "f735549606917f59a19157e604e54766e4456bc5d46e94cae3e0a3c18b52a7ca" score = 75 quality = 70 @@ -105874,8 +106840,8 @@ rule CAPE_Ryuk : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/Ryuk.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/Ryuk.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "b4463993d8956e402b927a3dcfa2ca9693a959908187f720372f2d3a40e6db0c" score = 75 quality = 70 @@ -105900,8 +106866,8 @@ rule CAPE_Wanacry : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/WanaCry.yar#L1-L16" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/WanaCry.yar#L1-L16" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "16d5e39f043d27bbf22f8f21e13971b7e0709b07e44746dd157d11ee4cc51944" score = 75 quality = 70 @@ -105927,8 +106893,8 @@ rule CAPE_Remcos : FILE date = "2022-05-10" modified = "2022-05-10" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/Remcos.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/Remcos.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "38142e784ad437d9592353b924f74777bb62e5ed176c811230a2021a437d4710" score = 75 quality = 68 @@ -105953,8 +106919,8 @@ rule CAPE_Lumma : FILE date = "2024-03-13" modified = "2024-03-13" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/Lumma.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/Lumma.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "5b172496e2488cc3e9cdbd5a08229c3691bafba2fcdbdfd2805c7ac58f9c5751" score = 75 quality = 70 @@ -105979,8 +106945,8 @@ rule CAPE_Seduploader : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/Seduploader.yar#L1-L11" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/Seduploader.yar#L1-L11" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "d70c886699169d4dafc5b063c93682a34af5667df6d293b52256ddc19ab9c516" score = 75 quality = 70 @@ -106002,8 +106968,8 @@ rule CAPE_Petya : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/Petya.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/Petya.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "f819261bb34f3b2eb7dc2f843b56be25105570fe902a77940a632a54fbe0d014" score = 75 quality = 70 @@ -106027,8 +106993,8 @@ rule CAPE_Rokrat : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/RokRat.yar#L1-L12" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/RokRat.yar#L1-L12" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "2aaa7de7ccd59e0da690f4bc0c7deaacf61314d61f8d2aa3ce6f6892f50612ec" score = 75 quality = 70 @@ -106051,8 +107017,8 @@ rule CAPE_Badrabbit : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/BadRabbit.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/BadRabbit.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "309e14ab4ea2f919358631f9d8b2aaff1f51e7708b6114e4e6bf4a9d9a5fc86c" score = 75 quality = 70 @@ -106076,8 +107042,8 @@ rule CAPE_Formbook date = "2023-10-13" modified = "2023-10-13" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/Formbook.yar#L1-L18" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/Formbook.yar#L1-L18" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "63ee4dd6fe5ed2a3e5ee88ba7de48d2c9e0024961a550d0fdb68891c9885e05e" score = 75 quality = 70 @@ -106106,8 +107072,8 @@ rule CAPE_Aurorastealer : FILE date = "2022-12-14" modified = "2023-03-31" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/AuroraStealer.yar#L1-L74" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/AuroraStealer.yar#L1-L74" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "0d10e9268184f494a73d5b4ab0d9a478ad0c26d2ef13d5134f8c9769f028b8f5" score = 75 quality = 45 @@ -106186,8 +107152,8 @@ rule CAPE_Trickbot date = "2023-02-07" modified = "2023-02-07" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/TrickBot.yar#L1-L20" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/TrickBot.yar#L1-L20" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "47cc2070b43957601a72745329a9d14fb3fbfd4d2b31cacc35d4ac750dde31ea" score = 75 quality = 70 @@ -106218,8 +107184,8 @@ rule CAPE_Trickbot_Permadll_UEFI_Module date = "2023-02-07" modified = "2023-02-07" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/TrickBot.yar#L22-L38" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/TrickBot.yar#L22-L38" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" hash = "491115422a6b94dc952982e6914adc39" logic_hash = "564055f56fd19bed8900e6d451ba050b4e9013a9208a3bdc3d3d563567d225d2" score = 75 @@ -106247,8 +107213,8 @@ rule CAPE_Rozena date = "2024-03-15" modified = "2024-03-15" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/Rozena.yar#L1-L10" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/Rozena.yar#L1-L10" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "c415a8108b58a125a604031bb8d73b58a8aae5429b5b765e35fa8a4add9cd135" score = 75 quality = 70 @@ -106271,8 +107237,8 @@ rule CAPE_Cryptoshield : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/Cryptoshield.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/Cryptoshield.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "46064b4c69cb1af01330c5d194ef50728e0f0479e9fbf72828822935f8e37ac6" score = 75 quality = 70 @@ -106296,8 +107262,8 @@ rule CAPE_Bumblebee : FILE date = "2023-10-02" modified = "2023-10-02" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/BumbleBee.yar#L35-L50" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/BumbleBee.yar#L35-L50" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "bc7c2ce9d3cd598c9510dc64d78048999f2f89ee5a84cd0d6046dbdfabe260ee" score = 75 quality = 70 @@ -106324,8 +107290,8 @@ rule CAPE_Ursnifv3 : FILE date = "2023-03-23" modified = "2023-03-23" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/UrsnifV3.yar#L1-L18" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/UrsnifV3.yar#L1-L18" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "501cd52388aba16f9d33b4555f310e1ad58326916b15358a485c701acb87abd8" score = 75 quality = 70 @@ -106354,8 +107320,8 @@ rule CAPE_Squirrelwaffle : FILE date = "2021-10-13" modified = "2021-10-13" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/SquirrelWaffle.yar#L1-L11" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/SquirrelWaffle.yar#L1-L11" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "5f799333398421d537ec7a87ca94f6cc9cf1e53e55b353036a5132440990e500" score = 75 quality = 70 @@ -106378,8 +107344,8 @@ rule CAPE_Doppelpaymer : FILE date = "2022-06-27" modified = "2022-06-27" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/DoppelPaymer.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/DoppelPaymer.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "73a2575671bafc31a70af3ce072d6f94ae172b12202baebba586a02524cb6f9d" score = 75 quality = 70 @@ -106402,8 +107368,8 @@ rule CAPE_Nanolocker : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/NanoLocker.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/NanoLocker.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "fe6c8a4e259c3c526f8f50771251f6762b2b92a4df2e8bfc705f282489f757db" score = 75 quality = 70 @@ -106427,8 +107393,8 @@ rule CAPE_Rcsession date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/RCSession.yar#L1-L12" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/RCSession.yar#L1-L12" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "ebd1e9e615a91c35b36332cad55519607323469df738cec4464288b45787630d" score = 75 quality = 70 @@ -106451,8 +107417,8 @@ rule CAPE_Jaff : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/Jaff.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/Jaff.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "6806a5eeee04b7436ff694addc334bfc0f1ee611116904d57be9506acfd47418" score = 75 quality = 70 @@ -106477,8 +107443,8 @@ rule CAPE_Atlas : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/Atlas.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/Atlas.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "c3f73b29df5caf804dbfe3e6ac07a9e2c772bd2a126f0487e4a65e72bd501e6e" score = 75 quality = 70 @@ -106502,8 +107468,8 @@ rule CAPE_Cargobayloader : FILE date = "2023-02-20" modified = "2023-02-20" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/CargoBayLoader.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/CargoBayLoader.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" hash = "75e975031371741498c5ba310882258c23b39310bd258239277708382bdbee9c" logic_hash = "1d5c4ca79f97e1fac358189a8c6530be12506974fc2fb42f63b0b621536a45c9" score = 75 @@ -106527,8 +107493,8 @@ rule CAPE_Bazar : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/Bazar.yar#L1-L11" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/Bazar.yar#L1-L11" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "9375f59b56e47fd0b90b089afdf3be8f16f960038fc625523a2e2d5509ab099d" score = 75 quality = 70 @@ -106551,8 +107517,8 @@ rule CAPE_Hermes : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/Hermes.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/Hermes.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "9bc974173f39a57e7adfbf8ae106a20d960557696b4c3ce16e9b4e47d3e9e95b" score = 75 quality = 70 @@ -106576,8 +107542,8 @@ rule CAPE_Masslogger : FILE date = "2020-11-24" modified = "2020-11-24" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/MassLogger.yar#L1-L12" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/MassLogger.yar#L1-L12" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "c8d82694810aafbdc6a35a661e7431e9536035e2f7fef90b9359064c4209b66c" score = 75 quality = 70 @@ -106600,8 +107566,8 @@ rule CAPE_Arkei : FILE date = "2020-02-11" modified = "2020-02-11" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/Arkei.yar#L1-L24" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/Arkei.yar#L1-L24" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "03980827db1c53d4090ab196ba820ca34b5d83dc7140b11ead9182cb5d28c7d3" score = 75 quality = 70 @@ -106632,17 +107598,17 @@ rule CAPE_Doomedloader : FILE description = "No description has been set in the source file - CAPE" author = "kevoreilly" id = "88436e71-360e-5719-989f-24e71591ebe0" - date = "2024-04-12" - modified = "2024-04-12" + date = "2024-05-09" + modified = "2024-05-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/DoomedLoader.yar#L1-L12" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" - hash = "914b1b3180e7ec1980d0bafe6fa36daade752bb26aec572399d2f59436eaa635" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/DoomedLoader.yar#L1-L12" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "54a5962ef49ebf987908c4ea1559788f7c96a7e4ea61d2973636e998a0239c77" score = 75 quality = 70 tags = "FILE" cape_type = "DoomedLoader Payload" + packed = "914b1b3180e7ec1980d0bafe6fa36daade752bb26aec572399d2f59436eaa635" strings: $anti = {48 8B 4C 24 ?? E8 [4] 84 C0 B8 [4] 41 0F 45 C6 EB} @@ -106660,8 +107626,8 @@ rule CAPE_Conti : FILE date = "2021-03-15" modified = "2021-03-15" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/Conti.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/Conti.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "c9842f93d012d0189b9c6f10ad558b37ae66226bbb619ad677f6906ccaf0e848" score = 75 quality = 70 @@ -106685,8 +107651,8 @@ rule CAPE_Oyster date = "2024-03-01" modified = "2024-03-01" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/Oyster.yar#L1-L19" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/Oyster.yar#L1-L19" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" hash = "8bae0fa9f589cd434a689eebd7a1fde949cc09e6a65e1b56bb620998246a1650" logic_hash = "cf3ac9864e458c89254094f4fee78457fe7e71cafcf91ce9847360504bd9a7f7" score = 75 @@ -106716,8 +107682,8 @@ rule CAPE_Fareit : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/Fareit.yar#L1-L11" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/Fareit.yar#L1-L11" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "ed35391ffc949219f380da3f22bc8397a7d5c742bd68e227c3becdebcab5cf83" score = 75 quality = 70 @@ -106739,8 +107705,8 @@ rule CAPE_Gootkit : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/Gootkit.yar#L1-L11" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/Gootkit.yar#L1-L11" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "26704b6b0adca51933fc9d5e097930320768fd0e9355dcefc725aee7775316e7" score = 75 quality = 70 @@ -106762,8 +107728,8 @@ rule CAPE_Dridexloader : FILE date = "2021-03-10" modified = "2021-03-10" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/DridexLoader.yar#L1-L17" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/DridexLoader.yar#L1-L17" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "20696b1f14539c8ecf21bffc696596040c20b1ee2fcedc173945482c0baca588" score = 75 quality = 70 @@ -106790,8 +107756,8 @@ rule CAPE_Bitpaymer : FILE date = "2019-11-27" modified = "2019-11-27" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/BitPaymer.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/BitPaymer.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "6ae0dc9a36da13e483d8d653276b06f59ecc15c95c754c268dcc91b181677c4c" score = 75 quality = 70 @@ -106814,8 +107780,8 @@ rule CAPE_Latrodectus date = "2024-01-18" modified = "2024-01-18" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/Latrodectus.yar#L1-L15" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/Latrodectus.yar#L1-L15" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" hash = "a547cff9991a713535e5c128a0711ca68acf9298cc2220c4ea0685d580f36811" logic_hash = "c0a0bbdc865600b78538670cd766b63f8ca1bf223195d0f5c937e5968500ea0e" score = 75 @@ -106841,8 +107807,8 @@ rule CAPE_Varenyky : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/Varenyky.yar#L1-L11" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/Varenyky.yar#L1-L11" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "602f1b8b60b29565eabe2171fde4eb58546af68f8acecad402a7a51ea9a08ed9" score = 75 quality = 70 @@ -106864,8 +107830,8 @@ rule CAPE_Zeuspanda : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/ZeusPanda.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/ZeusPanda.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "43d8a56cae9fd23c053f6956851734d3270b46a906236854502c136e3bb1e761" score = 75 quality = 70 @@ -106888,8 +107854,8 @@ rule CAPE_Azer : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/Azer.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/Azer.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "48bd4a4e071f10d1911c4173a0cd39c69fed7a3b29eb92beffe709899f4cefa5" score = 75 quality = 70 @@ -106913,8 +107879,8 @@ rule CAPE_Megacortex : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/MegaCortex.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/MegaCortex.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "5de1d8241260070241c91b97f18feb2a90069e3b158e863e2d9f568799c244e6" score = 75 quality = 70 @@ -106938,8 +107904,8 @@ rule CAPE_Icedid date = "2021-12-16" modified = "2021-12-16" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/IcedID.yar#L1-L18" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/IcedID.yar#L1-L18" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "e60ccbab7a360020744eba65961156ca3e2ae9cf23671014f913d71c1a96a331" score = 75 quality = 45 @@ -106968,8 +107934,8 @@ rule CAPE_Carbanak : FILE date = "2024-03-18" modified = "2024-03-18" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/Carbanak.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/Carbanak.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" hash = "c9c1b06cb9c9bd6fc4451f5e2847a1f9524bb2870d7bb6f0ee09b9dd4e3e4c84" logic_hash = "8ed5ab07f1635dc7cdf296e86a71a0a99d0b2faef8fc460f43d426b24b8c8367" score = 75 @@ -106994,8 +107960,8 @@ rule CAPE_Lockbit : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/Lockbit.yar#L1-L15" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/Lockbit.yar#L1-L15" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "80ab705c8246a0bd5b3de65146cf32b102f39bf9444bdf1d366b5a794c1229b9" score = 75 quality = 70 @@ -107021,8 +107987,8 @@ rule CAPE_Kpot : FILE date = "2020-10-19" modified = "2020-10-19" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/Kpot.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/Kpot.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "75abaab9a10e8ac8808425c389238285ab9bd9cb76f0cd03cc1e35b3ea0a1b0f" score = 75 quality = 70 @@ -107046,8 +108012,8 @@ rule CAPE_Stealc : FILE date = "2024-02-16" modified = "2024-02-16" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/Stealc.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/Stealc.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" hash = "77d6f1914af6caf909fa2a246fcec05f500f79dd56e5d0d466d55924695c702d" logic_hash = "90a3a72f53d0c020f1568d7bbf183ee4f76ec3f4706d2331bcbc4e631bf6399d" score = 75 @@ -107071,8 +108037,8 @@ rule CAPE_Eternalromance : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/EternalRomance.yar#L1-L33" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/EternalRomance.yar#L1-L33" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "5390fae3e2411a715cdc965df8648c0c4c511d53d5f76031714f1b784b58eb0d" score = 75 quality = 68 @@ -107116,8 +108082,8 @@ rule CAPE_Kronos : FILE date = "2020-07-02" modified = "2020-07-02" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/Kronos.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/Kronos.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "52ce9caf3627efe8ae86df6ca59e51e9f738e13ac0265f797e8d70123dbcaeb3" score = 75 quality = 70 @@ -107142,8 +108108,8 @@ rule CAPE_Kovter : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/Kovter.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/Kovter.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "888fccb8fbfbe6c05ec63bc5658b4743f8e10a96ef51b3868c2ff94afec76f2d" score = 75 quality = 70 @@ -107168,8 +108134,8 @@ rule CAPE_Codoso : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/Codoso.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/Codoso.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "32c9ed2ac29e8905266977a9ee573a252442d96fb9ec97d88642180deceec3f8" score = 75 quality = 70 @@ -107193,8 +108159,8 @@ rule CAPE_Zerot : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/ZeroT.yar#L1-L15" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/ZeroT.yar#L1-L15" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "f60ae25ac3cd741b8bdc5100b5d3c474b5d9fbe8be88bfd184994bae106c3803" score = 75 quality = 68 @@ -107220,8 +108186,8 @@ rule CAPE_Locky : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/Locky.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/Locky.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "9786c54a2644d9581fefe64be11b26e22806398e54e961fa4f19d26eae039cd7" score = 75 quality = 70 @@ -107245,8 +108211,8 @@ rule CAPE_Ursnif : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/Ursnif.yar#L1-L19" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/Ursnif.yar#L1-L19" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "46e79fde81ff5352314618021e394b2e0322df07170c7279363290b7134935fd" score = 75 quality = 70 @@ -107275,8 +108241,8 @@ rule CAPE_Nettraveler : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/NetTraveler.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/NetTraveler.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "bf5026f1a1cb3d6986a29d22657a9f1904b362391a6715d7468f8f8aca351233" score = 75 quality = 70 @@ -107300,8 +108266,8 @@ rule CAPE_Dreambot : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/Dreambot.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/Dreambot.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "29c6d648d5d38667c5824c2d20a83a20448c2ae6054ddddb2b2b7f8bdb69f74b" score = 75 quality = 70 @@ -107326,8 +108292,8 @@ rule CAPE_Magniber : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/Magniber.yar#L1-L11" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/Magniber.yar#L1-L11" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "1875754bdf98c1886f31f6c6e29992a98180f74d8fa168ae391e2c660d760618" score = 75 quality = 70 @@ -107340,6 +108306,36 @@ rule CAPE_Magniber : FILE condition: uint16(0)==0x5A4D and ( all of ($a*)) } +rule CAPE_Zloader : FILE +{ + meta: + description = "Zloader Payload" + author = "kevoreilly, enzok" + id = "ce0662b4-c615-5b87-b5c1-173f90a97db2" + date = "2024-05-06" + modified = "2024-05-06" + reference = "https://github.com/kevoreilly/CAPEv2" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/Zloader.yar#L1-L18" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" + hash = "adbd0c7096a7373be82dd03df1aae61cb39e0a155c00bbb9c67abc01d48718aa" + logic_hash = "a94efd87c69146cf5771341974e5abe789445d67dde3e045e1b87d3131539ff9" + score = 75 + quality = 70 + tags = "FILE" + cape_type = "Zloader Payload" + + strings: + $rc4_init = {31 [1-3] 66 C7 8? 00 01 00 00 00 00 90 90 [0-5] 8? [5-90] 00 01 00 00 [0-15] (74|75)} + $decrypt_conf = {83 C4 04 84 C0 74 5? E8 [4] E8 [4] E8 [4] E8 [4] ?8 [4] ?8 [4] ?8} + $decrypt_conf_1 = {48 8d [5] [0-6] e8 [4] 48 [3-4] 48 [3-4] 48 [6] E8} + $decrypt_conf_2 = {48 8d [5] 4? [5] e8 [4] 48 [3-4] 48 8d [5] E8 [4] 48} + $decrypt_key_1 = {66 89 C2 4? 8D 0D [3] 00 4? B? FC 03 00 00 E8 [4] 4? 83 C4 [1-2] C3} + $decrypt_key_2 = {48 8d 0d [3] 00 66 89 ?? 4? 89 F0 4? [2-5] E8 [4-5] 4? 83 C4} + $decrypt_key_3 = {48 8d 0d [3] 00 e8 [4] 66 89 [3] b? [4] e8 [4] 66 8b} + + condition: + uint16(0)==0x5A4D and 1 of ($decrypt_conf*) and (1 of ($decrypt_key*) or $rc4_init) +} rule CAPE_Cobaltstrikestager { meta: @@ -107349,8 +108345,8 @@ rule CAPE_Cobaltstrikestager date = "2023-01-18" modified = "2023-01-18" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/CobaltStrikeStager.yar#L1-L15" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/CobaltStrikeStager.yar#L1-L15" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "6a55b0c3ab5f557dfb7a3f8bd616ede1bd9b93198590fc9d52aa19c1154388c5" score = 75 quality = 70 @@ -107375,8 +108371,8 @@ rule CAPE_Blister : FILE date = "2023-09-20" modified = "2023-09-20" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/Blister.yar#L1-L17" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/Blister.yar#L1-L17" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" hash = "afb77617a4ca637614c429440c78da438e190dd1ca24dc78483aa731d80832c2" hash = "d3eab2a134e7bd3f2e8767a6285b38d19cd3df421e8af336a7852b74f194802c" logic_hash = "f26d85fdf0eb07e67fe38c43c5f6d024bfb7b2a333cb3411f5cdcff6bf5db12d" @@ -107404,8 +108400,8 @@ rule CAPE_Lokibot : FILE date = "2022-02-01" modified = "2022-02-01" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/LokiBot.yar#L1-L12" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/LokiBot.yar#L1-L12" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "a5b3d518371138740e913d2d6ce4fa22d3da5cea7e034c7d6b4b502e6bf44b06" score = 75 quality = 70 @@ -107428,8 +108424,8 @@ rule CAPE_Buerloader : FILE date = "2022-05-31" modified = "2022-05-31" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/BuerLoader.yar#L1-L12" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/BuerLoader.yar#L1-L12" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "05c1f008f0a2bb8232867977fb23a5ae8312f10f0637c6265561052596319c29" score = 75 quality = 70 @@ -107453,8 +108449,8 @@ rule CAPE_Darkgate date = "2024-02-26" modified = "2024-02-26" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/DarkGate.yar#L1-L16" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/DarkGate.yar#L1-L16" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "25c0e77a83676c6a18445f8df0b1f7a9148de5f64eeb532f9a4f4d4652dd8191" score = 75 quality = 70 @@ -107481,8 +108477,8 @@ rule CAPE_Tscookie : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/TSCookie.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/TSCookie.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "0461c7fd14c74646437654f0a63a4a89d4efad620e197a8ca1e8d390618842c3" score = 75 quality = 70 @@ -107506,8 +108502,8 @@ rule CAPE_Asyncrat : FILE date = "2022-03-09" modified = "2022-03-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/AsyncRat.yar#L1-L17" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/AsyncRat.yar#L1-L17" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "8f960131bb86e1c09127324bd5877364ab25e0cb37f5f9755230c7fed9094de3" score = 75 quality = 66 @@ -107535,8 +108531,8 @@ rule CAPE_Smokeloader date = "2023-02-06" modified = "2023-02-06" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/SmokeLoader.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/SmokeLoader.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "a2ed982f15a6c687da2fdba216868016722825edf7e8ff6a75f24d81af8276bc" score = 75 quality = 70 @@ -107563,8 +108559,8 @@ rule CAPE_Nighthawk date = "2022-12-05" modified = "2022-12-05" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/Nighthawk.yar#L3-L24" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/Nighthawk.yar#L3-L24" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "2d77912678e06503ffef0e8ed84aa4f9ac74357480d57742fbae619acebfb5f2" score = 75 quality = 70 @@ -107588,8 +108584,8 @@ rule CAPE_Dridexv4 : FILE date = "2022-05-31" modified = "2022-05-31" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/DridexV4.yar#L1-L15" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/DridexV4.yar#L1-L15" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "cb103fe5f2d4792e3c612db4e2d84a4c8b0ce0f9a8443e9147e2c345f1dbdff6" score = 75 quality = 70 @@ -107615,8 +108611,8 @@ rule CAPE_Hancitor : FILE date = "2020-10-20" modified = "2020-10-20" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/Hancitor.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/Hancitor.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "84003542a2f587b5fbd43731c4240759806f8ee46df2bd96aae4a3c09d97e41c" score = 75 quality = 70 @@ -107641,8 +108637,8 @@ rule CAPE_Ramnit : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/Ramnit.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/Ramnit.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "6f661f47bdf8377b0fb96f190fcb964c0ed2b43ce7ae7880f9dfce9e43837efd" score = 75 quality = 70 @@ -107666,8 +108662,8 @@ rule CAPE_Tclient : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/TClient.yar#L1-L11" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/TClient.yar#L1-L11" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "6edcd01e4722b367723ed77d9596877d16ee35dc4c160885d125f83e45cee24d" score = 75 quality = 70 @@ -107689,8 +108685,8 @@ rule CAPE_Gandcrab : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/Gandcrab.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/Gandcrab.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "354ed566dbafbe8e9531bb771d9846952eb8c0e70ee94c26d09368159ce4142c" score = 75 quality = 70 @@ -107715,8 +108711,8 @@ rule CAPE_Scarab : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/Scarab.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/Scarab.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "0d8fa7ab4c8e5699f17f9e9444e85a42563a840a8e7ee9eda54add3a6845d1c6" score = 75 quality = 70 @@ -107740,8 +108736,8 @@ rule CAPE_Pikabotloader : FILE date = "2024-03-13" modified = "2024-03-13" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/PikaBot.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/PikaBot.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "7e5f1f2911545ee6bd36b54f2627fbdec1b957f4b91df901dd1c6cbd4dff0231" score = 75 quality = 70 @@ -107765,8 +108761,8 @@ rule CAPE_Pikabot : FILE date = "2024-03-13" modified = "2024-03-13" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/PikaBot.yar#L15-L28" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/PikaBot.yar#L15-L28" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "ed07217c373831a9a67d914854154988696e6fcea70dedabf333385f0e7bb8b7" score = 75 quality = 70 @@ -107791,8 +108787,8 @@ rule CAPE_Pik23 : FILE date = "2024-03-13" modified = "2024-03-13" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/PikaBot.yar#L30-L44" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/PikaBot.yar#L30-L44" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" hash = "59f42ecde152f78731e54ea27e761bba748c9309a6ad1c2fd17f0e8b90f8aed1" logic_hash = "71a71df2f2a075294941c54eed06cafaaa4d3294e45b3a0098c1cffddd0438bc" score = 75 @@ -107818,8 +108814,8 @@ rule CAPE_Agent_Tesla date = "2024-03-22" modified = "2024-03-22" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/AgentTesla.yar#L1-L17" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/AgentTesla.yar#L1-L17" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "3945754129dcc58e0abfd7485f5ff0c0afdd1078ae2cf164ca8f59a6f79db1be" score = 75 quality = 70 @@ -107845,8 +108841,8 @@ rule CAPE_Agenttesla : FILE date = "2024-03-22" modified = "2024-03-22" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/AgentTesla.yar#L19-L41" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/AgentTesla.yar#L19-L41" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "1bf9b26c4cf87e674ddffabe40aba5a45499c6a04d4ff3e43c3cda4cbcb4d188" score = 75 quality = 70 @@ -107878,8 +108874,8 @@ rule CAPE_Agentteslav2 : FILE date = "2024-03-22" modified = "2024-03-22" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/AgentTesla.yar#L43-L67" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/AgentTesla.yar#L43-L67" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "b45296b3b94fa1ff32de48c94329a17402461fb6696e9390565c4dba9738ed78" score = 75 quality = 70 @@ -107915,8 +108911,8 @@ rule CAPE_Agentteslav3 : FILE date = "2024-03-22" modified = "2024-03-22" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/AgentTesla.yar#L69-L111" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/AgentTesla.yar#L69-L111" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "26c4fa0ce8de6982eb599f3872e8ab2a6e83da4741db7f3500c94e0a8fe5d459" score = 75 quality = 68 @@ -107969,8 +108965,8 @@ rule CAPE_Agentteslaxor : FILE date = "2024-03-22" modified = "2024-03-22" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/AgentTesla.yar#L113-L123" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/AgentTesla.yar#L113-L123" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "54581e83e5fa13fae4bda74016b3fa1d18c92e2659f493ebe54d70fd5f77bba5" score = 75 quality = 20 @@ -107992,8 +108988,8 @@ rule CAPE_Agentteslav4 : FILE date = "2024-03-22" modified = "2024-03-22" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/AgentTesla.yar#L125-L138" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/AgentTesla.yar#L125-L138" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "0a39036f408728ab312a54ff3354453d171424f57f9a8f3b42af867be3037ca9" score = 75 quality = 70 @@ -108018,8 +109014,8 @@ rule CAPE_Agentteslav4Jit date = "2024-03-22" modified = "2024-03-22" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/data/yara/CAPE/AgentTesla.yar#L140-L153" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/3cff06445d2f56ba1cea2846e79a7df06ac39c46/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/data/yara/CAPE/AgentTesla.yar#L140-L153" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/fa94c917659a24a412ae793a54e2be48e5f15ec7/LICENSE" logic_hash = "8f7144d2a989ce8d291af926b292f5f0f7772e707b0e49797eba13ecf91b90bc" score = 75 quality = 70 @@ -108039,7 +109035,7 @@ rule CAPE_Agentteslav4Jit * YARA Rule Set * Repository Name: BinaryAlert * Repository: https://github.com/airbnb/binaryalert/ - * Retrieval Date: 2024-05-05 + * Retrieval Date: 2024-05-12 * Git Commit: a9c0f06affc35e1f8e45bb77f835b92350c68a0b * Number of Rules: 80 * Skipped: 0 (age), 1 (quality), 0 (score), 0 (importance) @@ -110515,7 +111511,7 @@ rule BINARYALERT_Hacktool_Multi_Responder_Py * YARA Rule Set * Repository Name: DeadBits * Repository: https://github.com/deadbits/yara-rules/ - * Retrieval Date: 2024-05-05 + * Retrieval Date: 2024-05-12 * Git Commit: d002f7ecee23e09142a3ac3e79c84f71dda3f001 * Number of Rules: 17 * Skipped: 0 (age), 6 (quality), 0 (score), 0 (importance) @@ -111190,7 +112186,7 @@ rule DEADBITS_Acbackdoor_ELF : LINUX MALWARE BACKDOOR description = "No description has been set in the source file - DeadBits" author = "Adam M. Swanda" id = "82eb41bf-cd1d-5b00-973b-31a79c75cfc0" - date = "2019-11-05" + date = "2019-11-12" modified = "2019-12-04" reference = "https://www.intezer.com/blog-acbackdoor-analysis-of-a-new-multiplatform-backdoor/" source_url = "https://github.com/deadbits/yara-rules//blob/d002f7ecee23e09142a3ac3e79c84f71dda3f001/rules/ACBackdoor_Linux.yara#L1-L41" @@ -111286,7 +112282,7 @@ rule DEADBITS_APT34_VALUEVAULT : APT34 INFOSTEALER WINMALWARE FILE * YARA Rule Set * Repository Name: DelivrTo * Repository: https://github.com/delivr-to/detections - * Retrieval Date: 2024-05-05 + * Retrieval Date: 2024-05-12 * Git Commit: 9b73d9d4eff5ae22cab82ba892566c4fb14613ad * Number of Rules: 6 * Skipped: 0 (age), 1 (quality), 0 (score), 0 (importance) @@ -111443,7 +112439,7 @@ rule DELIVRTO_SUSP_Onenote_RTLO_Character_Feb23 : FILE * YARA Rule Set * Repository Name: ESET * Repository: https://github.com/eset/malware-ioc - * Retrieval Date: 2024-05-05 + * Retrieval Date: 2024-05-12 * Git Commit: a5367e6c85f7cdfca066d1fdacff9afaa615fcb9 * Number of Rules: 92 * Skipped: 0 (age), 6 (quality), 0 (score), 0 (importance) @@ -112336,7 +113332,7 @@ rule ESET_Apt_Windows_TA410_Flowcloud_Header_Decryption : FILE description = "Matches the function used to decrypt resources headers in TA410 FlowCloud" author = "ESET Research" id = "403c1845-bc25-5a49-8553-8a0be18d6970" - date = "2024-01-05" + date = "2024-01-12" modified = "2022-04-27" reference = "https://github.com/eset/malware-ioc/" source_url = "https://github.com/eset/malware-ioc/blob/a5367e6c85f7cdfca066d1fdacff9afaa615fcb9/ta410/ta410.yar#L417-L496" @@ -114916,7 +115912,7 @@ rule ESET_Onimiki : LINUX_ONIMIKI * YARA Rule Set * Repository Name: FireEye-RT * Repository: https://github.com/mandiant/red_team_tool_countermeasures/ - * Retrieval Date: 2024-05-05 + * Retrieval Date: 2024-05-12 * Git Commit: 3561b71724dbfa3e2bb78106aaa2d7f8b892c43b * Number of Rules: 168 * Skipped: 0 (age), 4 (quality), 0 (score), 0 (importance) @@ -119652,7 +120648,7 @@ rule FIREEYE_RT_APT_Hacktool_MSIL_DTRIM_1 : FILE * YARA Rule Set * Repository Name: GCTI * Repository: https://github.com/chronicle/GCTI - * Retrieval Date: 2024-05-05 + * Retrieval Date: 2024-05-12 * Git Commit: 1c5fd42b1895098527fde00c2d9757edf6b303bb * Number of Rules: 90 * Skipped: 0 (age), 1 (quality), 0 (score), 0 (importance) @@ -122869,7 +123865,7 @@ rule GCTI_Sliver_Implant_64Bit * YARA Rule Set * Repository Name: Malpedia * Repository: https://github.com/malpedia/signator-rules/ - * Retrieval Date: 2024-05-05 + * Retrieval Date: 2024-05-12 * Git Commit: fbacfc09b84d53d410385e66a8e56f25016c588a * Number of Rules: 1382 * Skipped: 0 (age), 15 (quality), 0 (score), 0 (importance) @@ -180347,7 +181343,7 @@ rule MALPEDIA_Win_Bluehaze_Auto : FILE * YARA Rule Set * Repository Name: Trellix ARC * Repository: https://github.com/advanced-threat-research/Yara-Rules/ - * Retrieval Date: 2024-05-05 + * Retrieval Date: 2024-05-12 * Git Commit: fc51a3fe3b450838614a5a5aa327c6bd8689cbb2 * Number of Rules: 162 * Skipped: 0 (age), 5 (quality), 0 (score), 0 (importance) @@ -186264,7 +187260,7 @@ rule TRELLIX_ARC_STEALER_Lokibot : STEALER FILE * YARA Rule Set * Repository Name: Arkbird SOLG * Repository: https://github.com/StrangerealIntel/DailyIOC - * Retrieval Date: 2024-05-05 + * Retrieval Date: 2024-05-12 * Git Commit: a873ff1298c43705e9c67286f3014f4300dd04f7 * Number of Rules: 214 * Skipped: 0 (age), 10 (quality), 0 (score), 0 (importance) @@ -193367,7 +194363,7 @@ rule ARKBIRD_SOLG_ATM_Dispcashbr_May_2021_1 : FILE * YARA Rule Set * Repository Name: Telekom Security * Repository: https://github.com/telekom-security/malware_analysis/ - * Retrieval Date: 2024-05-05 + * Retrieval Date: 2024-05-12 * Git Commit: bf832d97e8fd292ec5e095e35bde992a6462e71c * Number of Rules: 12 * Skipped: 0 (age), 5 (quality), 0 (score), 0 (importance) @@ -193735,7 +194731,7 @@ rule TELEKOM_SECURITY_Cn_Utf8_Windows_Terminal : CAPABILITY HACKTOOL * YARA Rule Set * Repository Name: Volexity * Repository: https://github.com/volexity/threat-intel - * Retrieval Date: 2024-05-05 + * Retrieval Date: 2024-05-12 * Git Commit: 62e031ea574efde68dac7d38dc23438466a5302b * Number of Rules: 72 * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance) @@ -196133,7 +197129,7 @@ rule VOLEXITY_Webshell_Php_Icescorpion : COMMODITY WEBSHELL FILE * YARA Rule Set * Repository Name: JPCERTCC * Repository: https://github.com/JPCERTCC/MalConfScan/ - * Retrieval Date: 2024-05-05 + * Retrieval Date: 2024-05-12 * Git Commit: 19ec0d145535a6a4cfd37c0960114f455a8c343e * Number of Rules: 30 * Skipped: 0 (age), 4 (quality), 0 (score), 0 (importance) @@ -196977,7 +197973,7 @@ rule JPCERTCC_Elf_Wellmess : FILE * YARA Rule Set * Repository Name: SecuInfra * Repository: https://github.com/SIFalcon/Detection - * Retrieval Date: 2024-05-05 + * Retrieval Date: 2024-05-12 * Git Commit: 2d7c66d7d16c7541bf2a9a83a7a6d334364a26fd * Number of Rules: 45 * Skipped: 0 (age), 11 (quality), 0 (score), 0 (importance) @@ -197710,9 +198706,9 @@ rule SECUINFRA_MALWARE_Plugx_USB_Delivery_Ini_Recbin_Jun23 condition: all of ($s_*) and not $neg_LRN } +import "console" import "pe" import "math" -import "console" rule SECUINFRA_RANSOM_Lockbit_Black_Packer : RANSOMWARE FILE { @@ -198292,7 +199288,7 @@ rule SECUINFRA_HUNT_RTF_CVE_2023_21716_Mar23 : CVE_2023_21716 * YARA Rule Set * Repository Name: RussianPanda * Repository: https://github.com/RussianPanda95/Yara-Rules - * Retrieval Date: 2024-05-05 + * Retrieval Date: 2024-05-12 * Git Commit: c65f3c62711bf141e4eb926ffe3a9880e5331974 * Number of Rules: 71 * Skipped: 0 (age), 1 (quality), 0 (score), 0 (importance) @@ -200167,7 +201163,7 @@ rule RUSSIANPANDA_Metastealer_Core_Payload * YARA Rule Set * Repository Name: Check Point * Repository: https://github.com/mikesxrs/Open-Source-YARA-rules - * Retrieval Date: 2024-05-05 + * Retrieval Date: 2024-05-12 * Git Commit: ec0056f767db98bf6d5fd63877ad51fb54d350e9 * Number of Rules: 4 * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance) @@ -200381,7 +201377,7 @@ rule CHECK_POINT_Injector_ZZ_Dotrunpex : FILE * YARA Rule Set * Repository Name: Dragon Threat Labs * Repository: https://github.com/mikesxrs/Open-Source-YARA-rules - * Retrieval Date: 2024-05-05 + * Retrieval Date: 2024-05-12 * Git Commit: ec0056f767db98bf6d5fd63877ad51fb54d350e9 * Number of Rules: 7 * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance) @@ -200576,7 +201572,7 @@ rule DRAGON_THREAT_LABS_Apt_C16_Win_Disk_Pcclient : DISK * YARA Rule Set * Repository Name: Microsoft * Repository: https://github.com/mikesxrs/Open-Source-YARA-rules - * Retrieval Date: 2024-05-05 + * Retrieval Date: 2024-05-12 * Git Commit: ec0056f767db98bf6d5fd63877ad51fb54d350e9 * Number of Rules: 21 * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance) @@ -201180,7 +202176,7 @@ rule MICROSOFT_Trojan_Win32_Plakpeer : PLATINUM * YARA Rule Set * Repository Name: NCSC * Repository: https://github.com/mikesxrs/Open-Source-YARA-rules - * Retrieval Date: 2024-05-05 + * Retrieval Date: 2024-05-12 * Git Commit: ec0056f767db98bf6d5fd63877ad51fb54d350e9 * Number of Rules: 17 * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance) @@ -201651,7 +202647,7 @@ rule NCSC_Sparrowdoor_Strings * YARA Rule Set * Repository Name: Dr4k0nia * Repository: https://github.com/dr4k0nia/yara-rules - * Retrieval Date: 2024-05-05 + * Retrieval Date: 2024-05-12 * Git Commit: 4b10f9b79a4cfb3ec9cb5675f32cc7ee6885fbd8 * Number of Rules: 5 * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance) @@ -201832,7 +202828,7 @@ rule DR4K0NIA_MAL_Msil_Net_Niximports_Loader : FILE * YARA Rule Set * Repository Name: EmbeeResearch * Repository: https://github.com/embee-research/Yara-detection-rules/ - * Retrieval Date: 2024-05-05 + * Retrieval Date: 2024-05-12 * Git Commit: ac56d6f6fd2a30c8cb6e5c0455d6519210a8b0f4 * Number of Rules: 39 * Skipped: 0 (age), 8 (quality), 0 (score), 0 (importance) @@ -202925,7 +203921,7 @@ rule EMBEERESEARCH_Win_Qakbot_Api_Hashing_Oct_2022 : FILE * YARA Rule Set * Repository Name: AvastTI * Repository: https://github.com/avast/ioc - * Retrieval Date: 2024-05-05 + * Retrieval Date: 2024-05-12 * Git Commit: 3daf463e031feb22b30b2d756578b67e3d86946f * Number of Rules: 33 * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance) @@ -203788,7 +204784,7 @@ rule AVASTTI_Manjusaka_Payload_Mz * YARA Rule Set * Repository Name: SBousseaden * Repository: https://github.com/sbousseaden/YaraHunts/ - * Retrieval Date: 2024-05-05 + * Retrieval Date: 2024-05-12 * Git Commit: 71b27a2a7c57c2aa1877a11d8933167794e2b4fb * Number of Rules: 36 * Skipped: 0 (age), 4 (quality), 0 (score), 0 (importance) @@ -204865,7 +205861,7 @@ rule SBOUSSEADEN_Mimikatz_Kiwikey * YARA Rule Set * Repository Name: Elceef * Repository: https://github.com/elceef/yara-rulz - * Retrieval Date: 2024-05-05 + * Retrieval Date: 2024-05-12 * Git Commit: ff4396e33ef3e2561191a2193902d1d809a7fa3d * Number of Rules: 16 * Skipped: 0 (age), 1 (quality), 0 (score), 0 (importance) @@ -205340,7 +206336,7 @@ rule ELCEEF_Polymorph_BAT_CAB : FILE * YARA Rule Set * Repository Name: GodModeRules * Repository: https://github.com/Neo23x0/god-mode-rules/ - * Retrieval Date: 2024-05-05 + * Retrieval Date: 2024-05-12 * Git Commit: c6de81ded89d2727bec9e0f6ed490f6c8ab380f2 * Number of Rules: 1 * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance) @@ -205611,7 +206607,7 @@ rule GODMODERULES_IDDQD_God_Mode_Rule * YARA Rule Set * Repository Name: Cod3nym * Repository: https://github.com/cod3nym/detection-rules/ - * Retrieval Date: 2024-05-05 + * Retrieval Date: 2024-05-12 * Git Commit: ad485bff0ce30afb56e367b7f2b76fea81e78fc9 * Number of Rules: 13 * Skipped: 0 (age), 1 (quality), 0 (score), 0 (importance) @@ -206055,7 +207051,7 @@ rule COD3NYM_SUSP_RLO_Exe_Extension_Spoofing_Jan24 * YARA Rule Set * Repository Name: craiu * Repository: https://github.com/craiu/yararules - * Retrieval Date: 2024-05-05 + * Retrieval Date: 2024-05-12 * Git Commit: 446e7fca8393eff54611365bed68bf0928581304 * Number of Rules: 9 * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance) @@ -207091,7 +208087,7 @@ rule CRAIU_Susp_Ios_Shutdown * YARA Rule Set * Repository Name: DitekSHen * Repository: https://github.com/ditekshen/detection - * Retrieval Date: 2024-05-05 + * Retrieval Date: 2024-05-12 * Git Commit: c37b067259715d4c93ac274a0830c54b355556a1 * Number of Rules: 1419 * Skipped: 0 (age), 119 (quality), 0 (score), 0 (importance) @@ -248126,7 +249122,7 @@ rule DITEKSHEN_INDICATOR_TOOL_Sharpghosttask : FILE * YARA Rule Set * Repository Name: WithSecureLabs * Repository: https://github.com/WithSecureLabs/iocs - * Retrieval Date: 2024-05-05 + * Retrieval Date: 2024-05-12 * Git Commit: 29adc4b6c2c2850f0f385aec77ab6fc0d7a8f20c * Number of Rules: 5 * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance) @@ -248381,7 +249377,7 @@ rule WITHSECURELABS_Kapeka_Backdoor : FILE * YARA Rule Set * Repository Name: HarfangLab * Repository: https://github.com/HarfangLab/iocs - * Retrieval Date: 2024-05-05 + * Retrieval Date: 2024-05-12 * Git Commit: da0cd41db7e3ebcfc1c3fa94f28c665df02a24ca * Number of Rules: 10 * Skipped: 0 (age), 1 (quality), 0 (score), 0 (importance) @@ -248716,7 +249712,7 @@ rule HARFANGLAB_Custom_Ateraagent_Operator : FILE * YARA Rule Set * Repository Name: Signature Base * Repository: https://github.com/Neo23x0/signature-base - * Retrieval Date: 2024-05-05 + * Retrieval Date: 2024-05-12 * Git Commit: 007d9ddee386f68aca3a3aac5e1514782f02ed2d * Number of Rules: 4551 * Skipped: 0 (age), 11 (quality), 4 (score), 0 (importance) @@ -274403,7 +275399,7 @@ rule SIGNATURE_BASE_TA17_293A_Energetic_Bear_Api_Hashing_Tool : FILE description = "Energetic Bear API Hashing Tool" author = "CERT RE Team" id = "4e58800a-9618-5d8b-954c-e843be6002c2" - date = "2024-02-05" + date = "2024-02-12" modified = "2023-12-05" reference = "https://github.com/Neo23x0/signature-base" source_url = "https://github.com/Neo23x0/signature-base/blob/007d9ddee386f68aca3a3aac5e1514782f02ed2d/yara/apt_ta17_293A.yar#L77-L93" @@ -352676,7 +353672,7 @@ rule SIGNATURE_BASE_WEBSHELL_ASP_Nano : FILE hash = "28cfcfe28419a399c606bf96505bc68d6fe05624dba18306993f9fe0d398fbe1" logic_hash = "1b969e098a0b2c86ceba9cbb7f31770ba04f1a4c225716ea27d7e4e4177c90c4" score = 75 - quality = -367 + quality = -417 tags = "FILE" license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE" importance = 70