From 4c17515f5367c7a23782838ffcee41816f2f3fa0 Mon Sep 17 00:00:00 2001 From: Update third-party rules <41898282+github-actions[bot]@users.noreply.github.com> Date: Wed, 8 Jan 2025 00:24:29 +0000 Subject: [PATCH] Update third-party rules as of 2025-01-08 --- third_party/yara/YARAForge/RELEASE | 2 +- .../yara/YARAForge/yara-rules-full.yar | 965 +++++++++--------- 2 files changed, 496 insertions(+), 471 deletions(-) diff --git a/third_party/yara/YARAForge/RELEASE b/third_party/yara/YARAForge/RELEASE index 4f5a9843..224468db 100644 --- a/third_party/yara/YARAForge/RELEASE +++ b/third_party/yara/YARAForge/RELEASE @@ -1 +1 @@ -20241229 +20250105 diff --git a/third_party/yara/YARAForge/yara-rules-full.yar b/third_party/yara/YARAForge/yara-rules-full.yar index 14a82885..235f5168 100644 --- a/third_party/yara/YARAForge/yara-rules-full.yar +++ b/third_party/yara/YARAForge/yara-rules-full.yar @@ -12,15 +12,15 @@ * Force Exclude Importance Level: 0 * Minimum Age (in days): 0 * Minimum Score: 40 - * Creation Date: 2024-12-29 - * Number of Rules: 13071 + * Creation Date: 2025-01-05 + * Number of Rules: 13072 * Skipped: 0 (age), 226 (quality), 7 (score), 0 (importance) */ /* * YARA Rule Set * Repository Name: ReversingLabs * Repository: https://github.com/reversinglabs/reversinglabs-yara-rules/ - * Retrieval Date: 2024-12-29 + * Retrieval Date: 2025-01-05 * Git Commit: 9bcb61c86aa4583e393269828225349a81ea08a4 * Number of Rules: 1218 * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance) @@ -5964,8 +5964,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Oct : TC_DETECTION MALICIOUS MALWARE description = "Yara rule that detects Oct ransomware." author = "ReversingLabs" id = "e811a0ba-52df-5e88-ab71-df91d5cb584a" - date = "2024-10-29" - date = "2024-10-29" + date = "2025-10-05" + date = "2025-10-05" modified = "2021-08-12" reference = "ReversingLabs" source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/ByteCode.MSIL.Ransomware.Oct.yara#L1-L68" @@ -26936,8 +26936,8 @@ rule REVERSINGLABS_Win32_Ransomware_ONI : TC_DETECTION MALICIOUS MALWARE FILE description = "Yara rule that detects Oni ransomware." author = "ReversingLabs" id = "9190aee2-1119-546e-82ca-a7aba44a9d7f" - date = "2024-12-29" - date = "2024-12-29" + date = "2025-01-05" + date = "2025-01-05" modified = "2020-12-07" reference = "ReversingLabs" source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/ransomware/Win32.Ransomware.Oni.yara#L1-L82" @@ -57020,8 +57020,8 @@ rule REVERSINGLABS_Linux_Virus_Vit : TC_DETECTION MALICIOUS MALWARE FILE description = "Yara rule that detects Vit virus." author = "ReversingLabs" id = "4515fe43-4c5a-521d-82b7-273823f0c64e" - date = "2024-12-29" - date = "2024-12-29" + date = "2025-01-05" + date = "2025-01-05" modified = "2023-06-07" reference = "ReversingLabs" source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/9bcb61c86aa4583e393269828225349a81ea08a4/yara/virus/Linux.Virus.Vit.yara#L3-L36" @@ -57260,7 +57260,7 @@ rule REVERSINGLABS_Win32_Virus_Awfull : TC_DETECTION MALICIOUS MALWARE FILE * YARA Rule Set * Repository Name: Elastic * Repository: https://github.com/elastic/protections-artifacts/ - * Retrieval Date: 2024-12-29 + * Retrieval Date: 2025-01-05 * Git Commit: c6eb0081d3784ad249bb8c3aa419fbfe54263215 * Number of Rules: 1848 * Skipped: 0 (age), 7 (quality), 0 (score), 0 (importance) @@ -114424,7 +114424,7 @@ rule ELASTIC_Linux_Hacktool_Infectionmonkey_6C84537B : FILE MEMORY * YARA Rule Set * Repository Name: R3c0nst * Repository: https://github.com/fboldewin/YARA-rules/ - * Retrieval Date: 2024-12-29 + * Retrieval Date: 2025-01-05 * Git Commit: 54e9e6899b258b72074b2b4db6909257683240c2 * Number of Rules: 26 * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance) @@ -115189,8 +115189,8 @@ rule R3C0NST_ATM_Malware_Dispcashbr : FILE * YARA Rule Set * Repository Name: CAPE * Repository: https://github.com/kevoreilly/CAPEv2 - * Retrieval Date: 2024-12-29 - * Git Commit: 04d655d6aab3f877bf21ac5e8000d0d028a25553 + * Retrieval Date: 2025-01-05 + * Git Commit: bd1397b2e703b20766353d415d4d421a09e6bc6e * Number of Rules: 165 * Skipped: 0 (age), 14 (quality), 3 (score), 0 (importance) * @@ -115872,8 +115872,8 @@ rule CAPE_Themida : FILE date = "2024-09-11" modified = "2024-09-11" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/binaries/Themida.yar#L1-L11" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/binaries/Themida.yar#L1-L11" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "c4f1e01a3fe3cb66062ce03253bfe9edc09dc6f1a77db99b281106e8ceff9257" score = 75 quality = 70 @@ -115895,8 +115895,8 @@ rule CAPE_Megacortex : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/MegaCortex.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/MegaCortex.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "5de1d8241260070241c91b97f18feb2a90069e3b158e863e2d9f568799c244e6" score = 75 quality = 70 @@ -115920,8 +115920,8 @@ rule CAPE_Sedreco : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/Sedreco.yar#L1-L15" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/Sedreco.yar#L1-L15" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "f735549606917f59a19157e604e54766e4456bc5d46e94cae3e0a3c18b52a7ca" score = 75 quality = 70 @@ -115945,8 +115945,8 @@ rule CAPE_Kronos : FILE date = "2020-07-02" modified = "2020-07-02" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/Kronos.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/Kronos.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "52ce9caf3627efe8ae86df6ca59e51e9f738e13ac0265f797e8d70123dbcaeb3" score = 75 quality = 70 @@ -115971,8 +115971,8 @@ rule CAPE_Varenyky : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/Varenyky.yar#L1-L11" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/Varenyky.yar#L1-L11" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "602f1b8b60b29565eabe2171fde4eb58546af68f8acecad402a7a51ea9a08ed9" score = 75 quality = 70 @@ -115994,8 +115994,8 @@ rule CAPE_Amadey : FILE date = "2023-09-04" modified = "2023-09-04" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/Amadey.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/Amadey.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" hash = "988258716d5296c1323303e8fe4efd7f4642c87bfdbe970fe9a3bb3f410f70a4" logic_hash = "38f710b422a3644c9f0f3e80ad9ff28ef02050368c651a6cc2ce8b152b67bf48" score = 75 @@ -116020,8 +116020,8 @@ rule CAPE_Rokrat : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/RokRat.yar#L1-L12" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/RokRat.yar#L1-L12" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "2aaa7de7ccd59e0da690f4bc0c7deaacf61314d61f8d2aa3ce6f6892f50612ec" score = 75 quality = 70 @@ -116044,8 +116044,8 @@ rule CAPE_Eternalromance : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/EternalRomance.yar#L1-L33" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/EternalRomance.yar#L1-L33" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "5390fae3e2411a715cdc965df8648c0c4c511d53d5f76031714f1b784b58eb0d" score = 75 quality = 68 @@ -116089,8 +116089,8 @@ rule CAPE_Vidar : FILE date = "2023-04-21" modified = "2023-04-21" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/Vidar.yar#L1-L22" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/Vidar.yar#L1-L22" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "5d4c030536ed41cf4e0dcb77b2fe4553d789ee2b8095a4b3e050692335a8709d" score = 75 quality = 70 @@ -116123,8 +116123,8 @@ rule CAPE_Zeuspanda : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/ZeusPanda.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/ZeusPanda.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "43d8a56cae9fd23c053f6956851734d3270b46a906236854502c136e3bb1e761" score = 75 quality = 70 @@ -116147,8 +116147,8 @@ rule CAPE_Nettraveler : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/NetTraveler.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/NetTraveler.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "bf5026f1a1cb3d6986a29d22657a9f1904b362391a6715d7468f8f8aca351233" score = 75 quality = 70 @@ -116172,8 +116172,8 @@ rule CAPE_Buerloader : FILE date = "2022-05-31" modified = "2022-05-31" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/BuerLoader.yar#L1-L12" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/BuerLoader.yar#L1-L12" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "05c1f008f0a2bb8232867977fb23a5ae8312f10f0637c6265561052596319c29" score = 75 quality = 70 @@ -116197,8 +116197,8 @@ rule CAPE_Petya : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/Petya.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/Petya.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "f819261bb34f3b2eb7dc2f843b56be25105570fe902a77940a632a54fbe0d014" score = 75 quality = 70 @@ -116222,8 +116222,8 @@ rule CAPE_Oyster date = "2024-05-30" modified = "2024-05-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/Oyster.yar#L1-L19" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/Oyster.yar#L1-L19" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" hash = "8bae0fa9f589cd434a689eebd7a1fde949cc09e6a65e1b56bb620998246a1650" logic_hash = "23ab1518712dbce8319b87785d7ffc0c2b61de82c2bbf533ebf0aae39ec33540" score = 75 @@ -116253,8 +116253,8 @@ rule CAPE_Zerot : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/ZeroT.yar#L1-L15" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/ZeroT.yar#L1-L15" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "f60ae25ac3cd741b8bdc5100b5d3c474b5d9fbe8be88bfd184994bae106c3803" score = 75 quality = 68 @@ -116280,8 +116280,8 @@ rule CAPE_Quasarrat : FILE date = "2024-10-09" modified = "2024-10-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/QuasarRAT.yar#L1-L22" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/QuasarRAT.yar#L1-L22" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "556b19dc0980761198ea31a285f281adae084463d24bff1eda15326436ad562b" score = 75 quality = 70 @@ -116315,8 +116315,8 @@ rule CAPE_Quasarrat_Kingrat date = "2024-10-09" modified = "2024-10-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/QuasarRAT.yar#L24-L43" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/QuasarRAT.yar#L24-L43" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "1f4296a592134edbe52e256dc353143af02e897ff1afad98f3dac0c5ab13f3f7" score = 75 quality = 70 @@ -116348,8 +116348,8 @@ rule CAPE_Ursnif : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/Ursnif.yar#L1-L19" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/Ursnif.yar#L1-L19" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "46e79fde81ff5352314618021e394b2e0322df07170c7279363290b7134935fd" score = 75 quality = 70 @@ -116378,8 +116378,8 @@ rule CAPE_Tscookie : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/TSCookie.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/TSCookie.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "0461c7fd14c74646437654f0a63a4a89d4efad620e197a8ca1e8d390618842c3" score = 75 quality = 70 @@ -116403,8 +116403,8 @@ rule CAPE_Dridexv4 : FILE date = "2022-05-31" modified = "2022-05-31" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/DridexV4.yar#L1-L15" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/DridexV4.yar#L1-L15" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "cb103fe5f2d4792e3c612db4e2d84a4c8b0ce0f9a8443e9147e2c345f1dbdff6" score = 75 quality = 70 @@ -116430,8 +116430,8 @@ rule CAPE_Seduploader : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/Seduploader.yar#L1-L11" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/Seduploader.yar#L1-L11" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "d70c886699169d4dafc5b063c93682a34af5667df6d293b52256ddc19ab9c516" score = 75 quality = 70 @@ -116453,8 +116453,8 @@ rule CAPE_Wanacry : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/WanaCry.yar#L1-L16" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/WanaCry.yar#L1-L16" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "16d5e39f043d27bbf22f8f21e13971b7e0709b07e44746dd157d11ee4cc51944" score = 75 quality = 70 @@ -116480,8 +116480,8 @@ rule CAPE_Bazar : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/Bazar.yar#L1-L11" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/Bazar.yar#L1-L11" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "9375f59b56e47fd0b90b089afdf3be8f16f960038fc625523a2e2d5509ab099d" score = 75 quality = 70 @@ -116504,8 +116504,8 @@ rule CAPE_Remcos : FILE date = "2022-05-10" modified = "2022-05-10" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/Remcos.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/Remcos.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "38142e784ad437d9592353b924f74777bb62e5ed176c811230a2021a437d4710" score = 75 quality = 68 @@ -116530,8 +116530,8 @@ rule CAPE_Cerber : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/Cerber.yar#L1-L12" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/Cerber.yar#L1-L12" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "16a8f808c28d3b142c079a305aba7f553f2452e439710bf610a06f8f2924d5a3" score = 75 quality = 70 @@ -116555,8 +116555,8 @@ rule CAPE_Nighthawk date = "2022-12-05" modified = "2022-12-05" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/Nighthawk.yar#L3-L24" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/Nighthawk.yar#L3-L24" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "2d77912678e06503ffef0e8ed84aa4f9ac74357480d57742fbae619acebfb5f2" score = 75 quality = 70 @@ -116580,8 +116580,8 @@ rule CAPE_Qakbot5 : FILE date = "2024-04-28" modified = "2024-04-28" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/QakBot.yar#L1-L15" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/QakBot.yar#L1-L15" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" hash = "59559e97962e40a15adb2237c4d01cfead03623aff1725616caeaa5a8d273a35" logic_hash = "cc23a92f45619d44af824128b743c259dd9dfa7cb5106932f3425f3dfd1dccdf" score = 75 @@ -116607,8 +116607,8 @@ rule CAPE_Qakbot4 : FILE date = "2024-04-28" modified = "2024-04-28" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/QakBot.yar#L17-L35" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/QakBot.yar#L17-L35" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "b2870e33abffbb3ff49b7891b0f5c538ab48ee63da5553929d4e37dec921344f" score = 75 quality = 70 @@ -116638,8 +116638,8 @@ rule CAPE_Rozena date = "2024-03-15" modified = "2024-03-15" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/Rozena.yar#L1-L10" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/Rozena.yar#L1-L10" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "c415a8108b58a125a604031bb8d73b58a8aae5429b5b765e35fa8a4add9cd135" score = 75 quality = 70 @@ -116662,8 +116662,8 @@ rule CAPE_Zloader : FILE date = "2024-05-06" modified = "2024-05-06" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/Zloader.yar#L1-L18" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/Zloader.yar#L1-L18" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" hash = "adbd0c7096a7373be82dd03df1aae61cb39e0a155c00bbb9c67abc01d48718aa" logic_hash = "a94efd87c69146cf5771341974e5abe789445d67dde3e045e1b87d3131539ff9" score = 75 @@ -116692,8 +116692,8 @@ rule CAPE_Doomedloader : FILE date = "2024-05-09" modified = "2024-05-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/DoomedLoader.yar#L1-L12" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/DoomedLoader.yar#L1-L12" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "54a5962ef49ebf987908c4ea1559788f7c96a7e4ea61d2973636e998a0239c77" score = 75 quality = 70 @@ -116717,8 +116717,8 @@ rule CAPE_Icedid date = "2021-12-16" modified = "2021-12-16" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/IcedID.yar#L1-L18" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/IcedID.yar#L1-L18" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "e60ccbab7a360020744eba65961156ca3e2ae9cf23671014f913d71c1a96a331" score = 75 quality = 45 @@ -116747,8 +116747,8 @@ rule CAPE_Gandcrab : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/Gandcrab.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/Gandcrab.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "354ed566dbafbe8e9531bb771d9846952eb8c0e70ee94c26d09368159ce4142c" score = 75 quality = 70 @@ -116773,8 +116773,8 @@ rule CAPE_Rcsession date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/RCSession.yar#L1-L12" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/RCSession.yar#L1-L12" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "ebd1e9e615a91c35b36332cad55519607323469df738cec4464288b45787630d" score = 75 quality = 70 @@ -116797,8 +116797,8 @@ rule CAPE_Ursnifv3 : FILE date = "2023-03-23" modified = "2023-03-23" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/UrsnifV3.yar#L1-L18" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/UrsnifV3.yar#L1-L18" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "501cd52388aba16f9d33b4555f310e1ad58326916b15358a485c701acb87abd8" score = 75 quality = 70 @@ -116827,8 +116827,8 @@ rule CAPE_Formbook date = "2023-10-13" modified = "2023-10-13" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/Formbook.yar#L1-L18" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/Formbook.yar#L1-L18" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "63ee4dd6fe5ed2a3e5ee88ba7de48d2c9e0024961a550d0fdb68891c9885e05e" score = 75 quality = 70 @@ -116857,8 +116857,8 @@ rule CAPE_Hermes : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/Hermes.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/Hermes.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "9bc974173f39a57e7adfbf8ae106a20d960557696b4c3ce16e9b4e47d3e9e95b" score = 75 quality = 70 @@ -116882,8 +116882,8 @@ rule CAPE_Dcrat : FILE date = "2024-10-09" modified = "2024-10-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/DCRat.yar#L1-L66" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/DCRat.yar#L1-L66" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "5a02dcc2b9c7eb3efdba39047e37886240b45fb7e2db3b82aa5b4b9526dfb7f8" score = 75 quality = 45 @@ -116956,8 +116956,8 @@ rule CAPE_Dcrat_Kingrat date = "2024-10-09" modified = "2024-10-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/DCRat.yar#L68-L87" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/DCRat.yar#L68-L87" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "73ac27c3f0fc71d053e89690b5a7d29c1f8b0ea0a22e8595148a9001799fae54" score = 75 quality = 62 @@ -116989,8 +116989,8 @@ rule CAPE_Kpot : FILE date = "2020-10-19" modified = "2020-10-19" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/Kpot.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/Kpot.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "75abaab9a10e8ac8808425c389238285ab9bd9cb76f0cd03cc1e35b3ea0a1b0f" score = 75 quality = 70 @@ -117014,8 +117014,8 @@ rule CAPE_Emotetloader : FILE date = "2022-05-31" modified = "2022-05-31" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/EmotetLoader.yar#L1-L12" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/EmotetLoader.yar#L1-L12" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "410872d25ed3a89a2cba108f952d606cd1c3bf9ccc89ae6ab3377b83665c2773" score = 75 quality = 70 @@ -117037,8 +117037,8 @@ rule CAPE_Gootkit : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/Gootkit.yar#L1-L11" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/Gootkit.yar#L1-L11" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "26704b6b0adca51933fc9d5e097930320768fd0e9355dcefc725aee7775316e7" score = 75 quality = 70 @@ -117060,8 +117060,8 @@ rule CAPE_Kovter : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/Kovter.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/Kovter.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "888fccb8fbfbe6c05ec63bc5658b4743f8e10a96ef51b3868c2ff94afec76f2d" score = 75 quality = 70 @@ -117086,8 +117086,8 @@ rule CAPE_Pikabotloader : FILE date = "2024-03-13" modified = "2024-03-13" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/PikaBot.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/PikaBot.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "7e5f1f2911545ee6bd36b54f2627fbdec1b957f4b91df901dd1c6cbd4dff0231" score = 75 quality = 70 @@ -117111,8 +117111,8 @@ rule CAPE_Pikabot : FILE date = "2024-03-13" modified = "2024-03-13" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/PikaBot.yar#L15-L28" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/PikaBot.yar#L15-L28" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "ed07217c373831a9a67d914854154988696e6fcea70dedabf333385f0e7bb8b7" score = 75 quality = 70 @@ -117137,8 +117137,8 @@ rule CAPE_Pik23 : FILE date = "2024-03-13" modified = "2024-03-13" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/PikaBot.yar#L30-L44" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/PikaBot.yar#L30-L44" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" hash = "59f42ecde152f78731e54ea27e761bba748c9309a6ad1c2fd17f0e8b90f8aed1" logic_hash = "71a71df2f2a075294941c54eed06cafaaa4d3294e45b3a0098c1cffddd0438bc" score = 75 @@ -117164,8 +117164,8 @@ rule CAPE_Hancitor : FILE date = "2020-10-20" modified = "2020-10-20" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/Hancitor.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/Hancitor.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "84003542a2f587b5fbd43731c4240759806f8ee46df2bd96aae4a3c09d97e41c" score = 75 quality = 70 @@ -117190,8 +117190,8 @@ rule CAPE_Bruteratel date = "2024-07-11" modified = "2024-07-11" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/BruteRatel.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/BruteRatel.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "0984977c716d6f8e068c045166eb5db77c9fbce27513e555dceca348375f1a66" score = 75 quality = 70 @@ -117216,8 +117216,8 @@ rule CAPE_Lokibot : FILE date = "2022-02-01" modified = "2022-02-01" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/LokiBot.yar#L1-L12" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/LokiBot.yar#L1-L12" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "a5b3d518371138740e913d2d6ce4fa22d3da5cea7e034c7d6b4b502e6bf44b06" score = 75 quality = 70 @@ -117240,8 +117240,8 @@ rule CAPE_Tclient : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/TClient.yar#L1-L11" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/TClient.yar#L1-L11" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "6edcd01e4722b367723ed77d9596877d16ee35dc4c160885d125f83e45cee24d" score = 75 quality = 70 @@ -117263,8 +117263,8 @@ rule CAPE_Rhadamanthys date = "2023-09-18" modified = "2023-09-18" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/Rhadamanthys.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/Rhadamanthys.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "f71bee3ef1dd7b16a55397645d16c0a20d1fdd3bf662f241c0b11796629b11ff" score = 75 quality = 70 @@ -117289,8 +117289,8 @@ rule CAPE_Mole : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/Mole.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/Mole.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "8be4d190d554a610360c0e04b33da59eb00319395e5b2000d580546ce6503786" score = 75 quality = 70 @@ -117314,8 +117314,8 @@ rule CAPE_Magniber : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/Magniber.yar#L1-L11" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/Magniber.yar#L1-L11" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "1875754bdf98c1886f31f6c6e29992a98180f74d8fa168ae391e2c660d760618" score = 75 quality = 70 @@ -117337,8 +117337,8 @@ rule CAPE_Nanolocker : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/NanoLocker.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/NanoLocker.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "fe6c8a4e259c3c526f8f50771251f6762b2b92a4df2e8bfc705f282489f757db" score = 75 quality = 70 @@ -117362,8 +117362,8 @@ rule CAPE_Squirrelwaffle : FILE date = "2021-10-13" modified = "2021-10-13" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/SquirrelWaffle.yar#L1-L11" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/SquirrelWaffle.yar#L1-L11" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "5f799333398421d537ec7a87ca94f6cc9cf1e53e55b353036a5132440990e500" score = 75 quality = 70 @@ -117386,8 +117386,8 @@ rule CAPE_Doppelpaymer : FILE date = "2022-06-27" modified = "2022-06-27" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/DoppelPaymer.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/DoppelPaymer.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "73a2575671bafc31a70af3ce072d6f94ae172b12202baebba586a02524cb6f9d" score = 75 quality = 70 @@ -117410,8 +117410,8 @@ rule CAPE_Ramnit : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/Ramnit.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/Ramnit.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "6f661f47bdf8377b0fb96f190fcb964c0ed2b43ce7ae7880f9dfce9e43837efd" score = 75 quality = 70 @@ -117435,8 +117435,8 @@ rule CAPE_Agent_Tesla date = "2024-03-22" modified = "2024-03-22" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/AgentTesla.yar#L1-L17" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/AgentTesla.yar#L1-L17" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "3945754129dcc58e0abfd7485f5ff0c0afdd1078ae2cf164ca8f59a6f79db1be" score = 75 quality = 70 @@ -117462,8 +117462,8 @@ rule CAPE_Agenttesla : FILE date = "2024-03-22" modified = "2024-03-22" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/AgentTesla.yar#L19-L41" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/AgentTesla.yar#L19-L41" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "1bf9b26c4cf87e674ddffabe40aba5a45499c6a04d4ff3e43c3cda4cbcb4d188" score = 75 quality = 70 @@ -117495,8 +117495,8 @@ rule CAPE_Agentteslav2 : FILE date = "2024-03-22" modified = "2024-03-22" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/AgentTesla.yar#L43-L67" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/AgentTesla.yar#L43-L67" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "b45296b3b94fa1ff32de48c94329a17402461fb6696e9390565c4dba9738ed78" score = 75 quality = 70 @@ -117532,8 +117532,8 @@ rule CAPE_Agentteslav3 : FILE date = "2024-03-22" modified = "2024-03-22" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/AgentTesla.yar#L69-L111" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/AgentTesla.yar#L69-L111" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "26c4fa0ce8de6982eb599f3872e8ab2a6e83da4741db7f3500c94e0a8fe5d459" score = 75 quality = 68 @@ -117586,8 +117586,8 @@ rule CAPE_Agentteslaxor : FILE date = "2024-03-22" modified = "2024-03-22" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/AgentTesla.yar#L113-L123" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/AgentTesla.yar#L113-L123" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "54581e83e5fa13fae4bda74016b3fa1d18c92e2659f493ebe54d70fd5f77bba5" score = 75 quality = 20 @@ -117609,8 +117609,8 @@ rule CAPE_Agentteslav4 : FILE date = "2024-03-22" modified = "2024-03-22" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/AgentTesla.yar#L125-L138" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/AgentTesla.yar#L125-L138" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "0a39036f408728ab312a54ff3354453d171424f57f9a8f3b42af867be3037ca9" score = 75 quality = 70 @@ -117635,8 +117635,8 @@ rule CAPE_Agentteslav4Jit date = "2024-03-22" modified = "2024-03-22" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/AgentTesla.yar#L140-L153" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/AgentTesla.yar#L140-L153" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "8f7144d2a989ce8d291af926b292f5f0f7772e707b0e49797eba13ecf91b90bc" score = 75 quality = 70 @@ -117661,8 +117661,8 @@ rule CAPE_Asyncrat : FILE date = "2024-10-09" modified = "2024-10-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/AsyncRAT.yar#L1-L17" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/AsyncRAT.yar#L1-L17" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "8f960131bb86e1c09127324bd5877364ab25e0cb37f5f9755230c7fed9094de3" score = 75 quality = 66 @@ -117690,8 +117690,8 @@ rule CAPE_Asyncrat_Kingrat date = "2024-10-09" modified = "2024-10-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/AsyncRAT.yar#L19-L40" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/AsyncRAT.yar#L19-L40" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "2699ef93ae10b205b79025098afc1d1cfe7dbdf192f4d98a6e34a8f3de154810" score = 75 quality = 62 @@ -117724,8 +117724,8 @@ rule CAPE_Locky : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/Locky.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/Locky.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "9786c54a2644d9581fefe64be11b26e22806398e54e961fa4f19d26eae039cd7" score = 75 quality = 70 @@ -117749,8 +117749,8 @@ rule CAPE_Cryptoshield : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/Cryptoshield.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/Cryptoshield.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "46064b4c69cb1af01330c5d194ef50728e0f0479e9fbf72828822935f8e37ac6" score = 75 quality = 70 @@ -117774,8 +117774,8 @@ rule CAPE_Darkgate date = "2024-02-26" modified = "2024-02-26" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/DarkGate.yar#L1-L16" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/DarkGate.yar#L1-L16" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "25c0e77a83676c6a18445f8df0b1f7a9148de5f64eeb532f9a4f4d4652dd8191" score = 75 quality = 70 @@ -117802,8 +117802,8 @@ rule CAPE_Carbanak : FILE date = "2024-03-18" modified = "2024-03-18" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/Carbanak.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/Carbanak.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" hash = "c9c1b06cb9c9bd6fc4451f5e2847a1f9524bb2870d7bb6f0ee09b9dd4e3e4c84" logic_hash = "8ed5ab07f1635dc7cdf296e86a71a0a99d0b2faef8fc460f43d426b24b8c8367" score = 75 @@ -117828,8 +117828,8 @@ rule CAPE_Blister : FILE date = "2023-09-20" modified = "2023-09-20" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/Blister.yar#L1-L17" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/Blister.yar#L1-L17" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" hash = "afb77617a4ca637614c429440c78da438e190dd1ca24dc78483aa731d80832c2" hash = "d3eab2a134e7bd3f2e8767a6285b38d19cd3df421e8af336a7852b74f194802c" logic_hash = "f26d85fdf0eb07e67fe38c43c5f6d024bfb7b2a333cb3411f5cdcff6bf5db12d" @@ -117857,8 +117857,8 @@ rule CAPE_Jaff : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/Jaff.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/Jaff.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "6806a5eeee04b7436ff694addc334bfc0f1ee611116904d57be9506acfd47418" score = 75 quality = 70 @@ -117883,8 +117883,8 @@ rule CAPE_Ryuk : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/Ryuk.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/Ryuk.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "b4463993d8956e402b927a3dcfa2ca9693a959908187f720372f2d3a40e6db0c" score = 75 quality = 70 @@ -117909,8 +117909,8 @@ rule CAPE_Smokeloader date = "2024-11-12" modified = "2024-11-12" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/SmokeLoader.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/SmokeLoader.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "779e2ac213e5ced7bc06e6208826b65cf8fc3113a69ede6408b84055542fa76d" score = 75 quality = 70 @@ -117935,8 +117935,8 @@ rule CAPE_Xworm : FILE date = "2024-10-09" modified = "2024-10-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/XWorm.yar#L1-L27" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/XWorm.yar#L1-L27" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "5a86c2f0a188135e53d86c176806a208abbe3dd830bde364016859ffa5294bd7" score = 75 quality = 68 @@ -117975,8 +117975,8 @@ rule CAPE_Xworm_Kingrat date = "2024-10-09" modified = "2024-10-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/XWorm.yar#L29-L46" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/XWorm.yar#L29-L46" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "3914be652bb7271e5e6b89d05edf10a54f8ddaf9e22d194b60501aa2cdd495d3" score = 75 quality = 66 @@ -118007,8 +118007,8 @@ rule CAPE_Stealc : FILE date = "2024-09-10" modified = "2024-09-10" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/Stealc.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/Stealc.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" hash = "77d6f1914af6caf909fa2a246fcec05f500f79dd56e5d0d466d55924695c702d" logic_hash = "a6165168b7c74761b91d1691465688c748227b830813067edb4e9bdc934271c4" score = 75 @@ -118032,8 +118032,8 @@ rule CAPE_Blackdropper date = "2024-10-22" modified = "2024-10-22" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/BlackDropper.yar#L1-L17" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/BlackDropper.yar#L1-L17" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" hash = "f8026ae3237bdd885e5fcaceb86bcab4087d8857e50ba472ca79ce44c12bc257" logic_hash = "c7f7bc740d413b479ebe45611ddfc04f7e4f2978516b2882069b2569c7acdf28" score = 75 @@ -118061,8 +118061,8 @@ rule CAPE_Cobaltstrikestager date = "2023-01-18" modified = "2023-01-18" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/CobaltStrikeStager.yar#L1-L15" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/CobaltStrikeStager.yar#L1-L15" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "6a55b0c3ab5f557dfb7a3f8bd616ede1bd9b93198590fc9d52aa19c1154388c5" score = 75 quality = 70 @@ -118087,8 +118087,8 @@ rule CAPE_Atlas : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/Atlas.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/Atlas.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "c3f73b29df5caf804dbfe3e6ac07a9e2c772bd2a126f0487e4a65e72bd501e6e" score = 75 quality = 70 @@ -118112,8 +118112,8 @@ rule CAPE_Latrodectus date = "2024-09-03" modified = "2024-09-03" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/Latrodectus.yar#L1-L16" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/Latrodectus.yar#L1-L16" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" hash = "a547cff9991a713535e5c128a0711ca68acf9298cc2220c4ea0685d580f36811" logic_hash = "2f98d570bf9a490eecd2807599b93023ccacab86f3b7674f0118bbebd4dd2776" score = 75 @@ -118140,8 +118140,8 @@ rule CAPE_Latrodectus_AES date = "2024-09-03" modified = "2024-09-03" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/Latrodectus.yar#L18-L34" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/Latrodectus.yar#L18-L34" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" hash = "5cecb26a3f33c24b92a0c8f6f5175da0664b21d7c4216a41694e4a4cad233ca8" logic_hash = "1f00f6f187f15d39a30e15ffd14dae07707141999271ad4ac6a75ff4d93dd54d" score = 75 @@ -118169,8 +118169,8 @@ rule CAPE_Codoso : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/Codoso.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/Codoso.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "32c9ed2ac29e8905266977a9ee573a252442d96fb9ec97d88642180deceec3f8" score = 75 quality = 70 @@ -118194,8 +118194,8 @@ rule CAPE_Xenorat date = "2024-10-09" modified = "2024-10-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/XenoRAT.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/XenoRAT.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "26f520fb69a52d05786fac0e9e38f5db9601da0a3e7768e00975a9684f3560ef" score = 75 quality = 66 @@ -118222,8 +118222,8 @@ rule CAPE_Arkei : FILE date = "2020-02-11" modified = "2020-02-11" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/Arkei.yar#L1-L24" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/Arkei.yar#L1-L24" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "03980827db1c53d4090ab196ba820ca34b5d83dc7140b11ead9182cb5d28c7d3" score = 75 quality = 70 @@ -118257,8 +118257,8 @@ rule CAPE_Scarab : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/Scarab.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/Scarab.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "0d8fa7ab4c8e5699f17f9e9444e85a42563a840a8e7ee9eda54add3a6845d1c6" score = 75 quality = 70 @@ -118282,8 +118282,8 @@ rule CAPE_Azorult : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/Azorult.yar#L1-L12" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/Azorult.yar#L1-L12" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "4691cf48d513d1965416b0cce1b6e19c8f7b393a940afd68b7c6ca8c0d125d90" score = 75 quality = 70 @@ -118306,8 +118306,8 @@ rule CAPE_Bumblebee : FILE date = "2024-10-29" modified = "2024-10-29" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/BumbleBee.yar#L35-L50" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/BumbleBee.yar#L35-L50" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "bc7c2ce9d3cd598c9510dc64d78048999f2f89ee5a84cd0d6046dbdfabe260ee" score = 75 quality = 70 @@ -118334,8 +118334,8 @@ rule CAPE_Bumblebee2024 date = "2024-10-29" modified = "2024-10-29" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/BumbleBee.yar#L52-L68" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/BumbleBee.yar#L52-L68" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "db58272c1ba74bc6e6a90bdacf7e8feec94be5da2b5123e0475ce86448f3edb2" score = 75 quality = 70 @@ -118363,8 +118363,8 @@ rule CAPE_Nitrogenloader date = "2024-12-02" modified = "2024-12-02" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/NitrogenLoader.yar#L1-L23" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/NitrogenLoader.yar#L1-L23" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "24117d6e04bc964c17c08c9918502410890d7ccdc2e9971f2d01f6f0b41d3836" score = 75 quality = 70 @@ -118398,8 +118398,8 @@ rule CAPE_Badrabbit : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/BadRabbit.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/BadRabbit.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "309e14ab4ea2f919358631f9d8b2aaff1f51e7708b6114e4e6bf4a9d9a5fc86c" score = 75 quality = 70 @@ -118423,8 +118423,8 @@ rule CAPE_Dreambot : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/Dreambot.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/Dreambot.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "29c6d648d5d38667c5824c2d20a83a20448c2ae6054ddddb2b2b7f8bdb69f74b" score = 75 quality = 70 @@ -118449,8 +118449,8 @@ rule CAPE_Fareit : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/Fareit.yar#L1-L11" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/Fareit.yar#L1-L11" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "ed35391ffc949219f380da3f22bc8397a7d5c742bd68e227c3becdebcab5cf83" score = 75 quality = 70 @@ -118472,8 +118472,8 @@ rule CAPE_Masslogger : FILE date = "2020-11-24" modified = "2020-11-24" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/MassLogger.yar#L1-L12" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/MassLogger.yar#L1-L12" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "c8d82694810aafbdc6a35a661e7431e9536035e2f7fef90b9359064c4209b66c" score = 75 quality = 70 @@ -118496,8 +118496,8 @@ rule CAPE_Lumma : FILE date = "2024-10-22" modified = "2024-10-22" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/Lumma.yar#L1-L15" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/Lumma.yar#L1-L15" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "44408ffa7870dbc1a8a31567dd743f46542da01ed8083e5413392920b9d1bafe" score = 75 quality = 70 @@ -118523,8 +118523,8 @@ rule CAPE_Lockbit : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/Lockbit.yar#L1-L15" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/Lockbit.yar#L1-L15" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "80ab705c8246a0bd5b3de65146cf32b102f39bf9444bdf1d366b5a794c1229b9" score = 75 quality = 70 @@ -118550,8 +118550,8 @@ rule CAPE_Aurorastealer : FILE date = "2022-12-14" modified = "2023-03-31" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/AuroraStealer.yar#L1-L74" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/AuroraStealer.yar#L1-L74" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "0d10e9268184f494a73d5b4ab0d9a478ad0c26d2ef13d5134f8c9769f028b8f5" score = 75 quality = 45 @@ -118630,8 +118630,8 @@ rule CAPE_Koiloader date = "2024-10-25" modified = "2024-10-25" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/KoiLoader.yar#L1-L35" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/KoiLoader.yar#L1-L35" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" hash = "b462e3235c7578450b2b56a8aff875a3d99d22f6970a01db3ba98f7ecb6b01a0" logic_hash = "264a536632f8f11c904b00c9d2e505b3263c733ad8fbc2ef19c25a5ad58cef90" score = 75 @@ -118675,8 +118675,8 @@ rule CAPE_Cargobayloader : FILE date = "2023-02-20" modified = "2023-02-20" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/CargoBayLoader.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/CargoBayLoader.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" hash = "75e975031371741498c5ba310882258c23b39310bd258239277708382bdbee9c" logic_hash = "1d5c4ca79f97e1fac358189a8c6530be12506974fc2fb42f63b0b621536a45c9" score = 75 @@ -118700,8 +118700,8 @@ rule CAPE_Socks5Systemz : FILE date = "2024-05-22" modified = "2024-05-22" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/Socks5Systemz.yar#L1-L18" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/Socks5Systemz.yar#L1-L18" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "44b83b6d2ab39b4258ae0d97d00d02afdbb62a3973fd788584e4dea9db69cc1b" score = 75 quality = 70 @@ -118730,8 +118730,8 @@ rule CAPE_Conti : FILE date = "2021-03-15" modified = "2021-03-15" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/Conti.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/Conti.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "c9842f93d012d0189b9c6f10ad558b37ae66226bbb619ad677f6906ccaf0e848" score = 75 quality = 70 @@ -118755,8 +118755,8 @@ rule CAPE_Petrwrap : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/PetrWrap.yar#L1-L15" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/PetrWrap.yar#L1-L15" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "6dd1cf5639b63d0ab41b24080dad68d285f2e3969ad34fd724c83e7a0dd4b968" score = 75 quality = 70 @@ -118781,8 +118781,8 @@ rule CAPE_Bitpaymer : FILE date = "2019-11-27" modified = "2019-11-27" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/BitPaymer.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/BitPaymer.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "6ae0dc9a36da13e483d8d653276b06f59ecc15c95c754c268dcc91b181677c4c" score = 75 quality = 70 @@ -118805,8 +118805,8 @@ rule CAPE_Azer : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/Azer.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/Azer.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "48bd4a4e071f10d1911c4173a0cd39c69fed7a3b29eb92beffe709899f4cefa5" score = 75 quality = 70 @@ -118830,8 +118830,8 @@ rule CAPE_Nemty : FILE date = "2020-04-03" modified = "2020-04-03" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/Nemty.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/Nemty.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "a05974b561c67b4f1e0812639b74831edcf65686a06c0d380f0b45739e342419" score = 75 quality = 70 @@ -118855,8 +118855,8 @@ rule CAPE_Trickbot date = "2023-02-07" modified = "2023-02-07" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/TrickBot.yar#L1-L20" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/TrickBot.yar#L1-L20" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "47cc2070b43957601a72745329a9d14fb3fbfd4d2b31cacc35d4ac750dde31ea" score = 75 quality = 70 @@ -118887,8 +118887,8 @@ rule CAPE_Trickbot_Permadll_UEFI_Module date = "2023-02-07" modified = "2023-02-07" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/TrickBot.yar#L22-L38" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/TrickBot.yar#L22-L38" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" hash = "491115422a6b94dc952982e6914adc39" logic_hash = "564055f56fd19bed8900e6d451ba050b4e9013a9208a3bdc3d3d563567d225d2" score = 75 @@ -118916,8 +118916,8 @@ rule CAPE_Dridexloader : FILE date = "2021-03-10" modified = "2021-03-10" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/data/yara/CAPE/DridexLoader.yar#L1-L17" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/data/yara/CAPE/DridexLoader.yar#L1-L17" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "20696b1f14539c8ecf21bffc696596040c20b1ee2fcedc173945482c0baca588" score = 75 quality = 70 @@ -118944,8 +118944,8 @@ rule CAPE_Singlestepantihook date = "2021-08-26" modified = "2021-08-26" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/analyzer/windows/data/yara/SingleStepAntiHook.yar#L1-L11" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/analyzer/windows/data/yara/SingleStepAntiHook.yar#L1-L11" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "fc9f36b0ecc13192fe8b6caaff256ac52c1f14480223d629a38ba84e90dd0809" score = 75 quality = 70 @@ -118967,8 +118967,8 @@ rule CAPE_Heavenssyscall : FILE date = "2024-03-25" modified = "2024-03-25" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/analyzer/windows/data/yara/HeavensSyscall.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/analyzer/windows/data/yara/HeavensSyscall.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "aeb981fcba0936ff8b1be4c601445fd45e5d3b74856a9439d351edd57f5a50c3" score = 75 quality = 70 @@ -118992,8 +118992,8 @@ rule CAPE_Gettickcountantivm date = "2022-02-25" modified = "2022-02-25" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/analyzer/windows/data/yara/GetTickCountAntiVM.yar#L1-L20" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/analyzer/windows/data/yara/GetTickCountAntiVM.yar#L1-L20" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" hash = "662bc7839ed7ddd82d5fdafa29fafd9a9ec299c28820fe4104fbba9be1a09c42" hash = "00f1537b13933762e1146e41f3bac668123fac7eacd0aa1f7be0aa37a91ef3ce" hash = "549bca48d0bac94b6a1e6eb36647cd007fed5c0e75a0e4aa315ceabdafe46541" @@ -119024,8 +119024,8 @@ rule CAPE_Buerloader_1 : FILE date = "2021-03-13" modified = "2021-03-13" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/analyzer/windows/data/yara/BuerLoader.yar#L1-L11" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/analyzer/windows/data/yara/BuerLoader.yar#L1-L11" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "6f9f9b4c01251c0643c61701084cca2bdfeea08ca95f982355565cf05483d940" score = 75 quality = 70 @@ -119047,8 +119047,8 @@ rule CAPE_Modiloader : FILE date = "2023-10-19" modified = "2023-10-19" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/analyzer/windows/data/yara/ModiLoader.yar#L1-L39" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/analyzer/windows/data/yara/ModiLoader.yar#L1-L39" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "fc006377e6d41515503b0b234ff87f59d930a7d9f8b32d2e072de79b9c52ddc4" score = 75 quality = 66 @@ -119092,8 +119092,8 @@ rule CAPE_Risepro : FILE date = "2023-12-16" modified = "2023-12-16" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/analyzer/windows/data/yara/RisePro.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/analyzer/windows/data/yara/RisePro.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" hash = "1b69a1dd5961241b926605f0a015fa17149c3b2759fb077a30a22d4ddcc273f6" logic_hash = "055ca8328923b91f93c116e4a856366356fa11155f4e9fde95da31129b51386a" score = 75 @@ -119118,8 +119118,8 @@ rule CAPE_Privateloader date = "2024-10-04" modified = "2024-10-04" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/analyzer/windows/data/yara/PrivateLoader.yar#L1-L12" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/analyzer/windows/data/yara/PrivateLoader.yar#L1-L12" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "204a86bb3743f19fed0fe55ff5ccd716661f7f315b5966a29e434ccb3e160526" score = 75 quality = 70 @@ -119142,8 +119142,8 @@ rule CAPE_Qakbot5_1 : FILE date = "2024-02-16" modified = "2024-02-16" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/analyzer/windows/data/yara/QakBot.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/analyzer/windows/data/yara/QakBot.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "303ea2d8d1a7f0fd0ca5508dae2c1b83c03b1e3e975760f15d36d93bcc152767" score = 75 quality = 70 @@ -119167,8 +119167,8 @@ rule CAPE_Qakbot4_1 : FILE date = "2024-02-16" modified = "2024-02-16" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/analyzer/windows/data/yara/QakBot.yar#L15-L29" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/analyzer/windows/data/yara/QakBot.yar#L15-L29" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "ad75b07b9b786f634fd46cbe6dc089d3f732673320e70714e8ab058f0392c9f5" score = 75 quality = 70 @@ -119194,8 +119194,8 @@ rule CAPE_Qakbotloader : FILE date = "2024-02-16" modified = "2024-02-16" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/analyzer/windows/data/yara/QakBot.yar#L31-L46" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/analyzer/windows/data/yara/QakBot.yar#L31-L46" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" hash = "6f99171c95a8ed5d056eeb9234dbbee123a6f95f481ad0e0a966abd2844f0e1a" logic_hash = "00869c0a9bf62cde3f46ca915b0ef689557b09dc58d6de34609e3998abfa7e98" score = 75 @@ -119222,8 +119222,8 @@ rule CAPE_Qakbotantivm date = "2024-02-16" modified = "2024-02-16" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/analyzer/windows/data/yara/QakBot.yar#L48-L59" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/analyzer/windows/data/yara/QakBot.yar#L48-L59" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" hash = "e269497ce458b21c8427b3f6f6594a25d583490930af2d3395cb013b20d08ff7" logic_hash = "20f1cd28f38945a3aa328e77e78525fb1ffc47ecf54d5a40c2f18264c3973989" score = 75 @@ -119246,8 +119246,8 @@ rule CAPE_Zloader_1 : FILE date = "2024-05-03" modified = "2024-05-03" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/analyzer/windows/data/yara/Zloader.yar#L1-L12" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/analyzer/windows/data/yara/Zloader.yar#L1-L12" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "319adca805083c7f5854fe840447cf961addbd748f1f25eb8ec8cdeed7af38aa" score = 75 quality = 70 @@ -119270,8 +119270,8 @@ rule CAPE_Zloader_2024 : FILE date = "2024-05-03" modified = "2024-05-03" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/analyzer/windows/data/yara/Zloader.yar#L14-L26" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/analyzer/windows/data/yara/Zloader.yar#L14-L26" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "38d555ef5f613cf7ca043697c479100a7a22e7f043acf8b6a46f8009eb92fd7e" score = 75 quality = 70 @@ -119295,8 +119295,8 @@ rule CAPE_Guloaderprecursor : FILE date = "2023-10-02" modified = "2023-10-02" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/analyzer/windows/data/yara/Guloader.yar#L17-L28" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/analyzer/windows/data/yara/Guloader.yar#L17-L28" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "ea05c352739366a03da302074b01537382ba26f7fd5049004f156e47d284f070" score = 75 quality = 70 @@ -119319,8 +119319,8 @@ rule CAPE_Rdtscpantivm date = "2021-12-11" modified = "2021-12-11" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/analyzer/windows/data/yara/RdtscpAntiVM.yar#L1-L11" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/analyzer/windows/data/yara/RdtscpAntiVM.yar#L1-L11" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "be0f9b52fb630730a38160f4ad2d50b6b4bea5edd82e3ea4d1e257cf7b090910" score = 75 quality = 70 @@ -119342,8 +119342,8 @@ rule CAPE_Icedidsyscallwritemem : FILE date = "2023-11-28" modified = "2023-11-28" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/analyzer/windows/data/yara/IcedID.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/analyzer/windows/data/yara/IcedID.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "6b068106b038e9efeb9057cadf314d400c1ada1a1cc70336d3272da3a212c993" score = 75 quality = 70 @@ -119367,8 +119367,8 @@ rule CAPE_Icedidhook date = "2023-11-28" modified = "2023-11-28" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/analyzer/windows/data/yara/IcedID.yar#L15-L25" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/analyzer/windows/data/yara/IcedID.yar#L15-L25" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "fd62e0ed6f2a18472fa9336daee0e8a3a55e21779a8385394e85f96da928e24f" score = 75 quality = 70 @@ -119390,8 +119390,8 @@ rule CAPE_Icedidpackera : FILE date = "2023-11-28" modified = "2023-11-28" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/analyzer/windows/data/yara/IcedID.yar#L27-L40" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/analyzer/windows/data/yara/IcedID.yar#L27-L40" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" hash = "fbad60002286599ca06d0ecb3624740efbf13ee5fda545341b3e0bf4d5348cfe" logic_hash = "aa0681e7794546355e6d61f739c49035a493cdfca7e666531d74e3835ec44408" score = 75 @@ -119416,8 +119416,8 @@ rule CAPE_Icedidpackerb : FILE date = "2023-11-28" modified = "2023-11-28" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/analyzer/windows/data/yara/IcedID.yar#L42-L56" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/analyzer/windows/data/yara/IcedID.yar#L42-L56" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" hash = "6517ef2c579002ec62ddeb01a3175917c75d79ceca355c415a4462922c715cb6" logic_hash = "fde1e2c0124d180b2fa3d0675b35e8d78fdd7b06cd27e9228c148aa29ce30ee7" score = 75 @@ -119442,8 +119442,8 @@ rule CAPE_Icedidpackerc : FILE date = "2023-11-28" modified = "2023-11-28" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/analyzer/windows/data/yara/IcedID.yar#L58-L71" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/analyzer/windows/data/yara/IcedID.yar#L58-L71" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" hash = "c06805b6efd482c1a671ec60c1469e47772c8937ec0496f74e987276fa9020a5" hash = "265c1857ac7c20432f36e3967511f1be0b84b1c52e4867889e367c0b5828a844" logic_hash = "f1e75e380ab0947fdfda012b7a5077a1c2ef51163239846ab2dc29cac95ba166" @@ -119468,8 +119468,8 @@ rule CAPE_Icedidpackerd : FILE date = "2023-11-28" modified = "2023-11-28" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/analyzer/windows/data/yara/IcedID.yar#L73-L86" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/analyzer/windows/data/yara/IcedID.yar#L73-L86" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" hash = "7b226f8cc05fa7d846c52eb0ec386ab37f9bae04372372509daa6bacc9f885d8" logic_hash = "6685e0246f5a11ce0ca33447837de06506b447a5f8591423e2b76f2ab0274dc7" score = 75 @@ -119494,8 +119494,8 @@ rule CAPE_Icedsleep : FILE date = "2023-11-28" modified = "2023-11-28" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/analyzer/windows/data/yara/IcedID.yar#L88-L99" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/analyzer/windows/data/yara/IcedID.yar#L88-L99" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "0b1a8be95b1b8a3b066837f9e47561ee8202d741b39d64e626c0461c2fbf7c70" score = 75 quality = 70 @@ -119518,8 +119518,8 @@ rule CAPE_Ursnifv3_1 date = "2023-03-23" modified = "2023-03-23" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/analyzer/windows/data/yara/UrsnifV3.yar#L1-L16" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/analyzer/windows/data/yara/UrsnifV3.yar#L1-L16" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "d679546e37ee58087fce75920b2ce4e6d2b9ae55fb1ef80d14ec14309396757c" score = 75 quality = 70 @@ -119546,8 +119546,8 @@ rule CAPE_Formhooka date = "2024-10-11" modified = "2024-10-11" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/analyzer/windows/data/yara/Formbook.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/analyzer/windows/data/yara/Formbook.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "21b8101a7039cfad0e9d49cc1f055bc23a2eb4c973dcda2a81a007e452d77a6d" score = 75 quality = 70 @@ -119572,8 +119572,8 @@ rule CAPE_Formhookb date = "2024-10-11" modified = "2024-10-11" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/analyzer/windows/data/yara/Formbook.yar#L16-L29" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/analyzer/windows/data/yara/Formbook.yar#L16-L29" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "b8b677ca239c6c5faf44f7a46c1e3e231f5708fb13aac724fd3ac9f865b965d8" score = 75 quality = 70 @@ -119598,8 +119598,8 @@ rule CAPE_Formconfa date = "2024-10-11" modified = "2024-10-11" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/analyzer/windows/data/yara/Formbook.yar#L31-L43" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/analyzer/windows/data/yara/Formbook.yar#L31-L43" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "b0aa4cec55a21245d8104380c531dd6cc0fdef64fbefd79616eadfb4e95b2d75" score = 75 quality = 70 @@ -119623,8 +119623,8 @@ rule CAPE_Formhelper date = "2024-10-11" modified = "2024-10-11" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/analyzer/windows/data/yara/Formbook.yar#L45-L57" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/analyzer/windows/data/yara/Formbook.yar#L45-L57" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "77cdfc94aac089c4f2590f4afbab35351fc6e104e67813548c68c59d27019a63" score = 75 quality = 70 @@ -119648,8 +119648,8 @@ rule CAPE_Formconfb date = "2024-10-11" modified = "2024-10-11" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/analyzer/windows/data/yara/Formbook.yar#L59-L73" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/analyzer/windows/data/yara/Formbook.yar#L59-L73" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "8a96ef5c6cebb51186acd099b795066e8e8b2c2adbed4dcc66b81228f70e5c4f" score = 75 quality = 70 @@ -119675,8 +119675,8 @@ rule CAPE_Formconfc date = "2024-10-11" modified = "2024-10-11" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/analyzer/windows/data/yara/Formbook.yar#L75-L87" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/analyzer/windows/data/yara/Formbook.yar#L75-L87" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "f52bce00d2ec88682115a8720f0a182b7ef7fe7b9b9fc466bb8ddc1779341509" score = 75 quality = 70 @@ -119700,8 +119700,8 @@ rule CAPE_Emotetpacker : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/analyzer/windows/data/yara/EmotetPacker.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/analyzer/windows/data/yara/EmotetPacker.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" hash = "5a95d1d87ce69881b58a0e3aafc1929861e2633cdd960021d7b23e2a36409e0d" logic_hash = "5f27d9d18884f7e0805f69960869b332c1577bf8be8ac103285e8bf98cda0ffd" score = 75 @@ -119725,8 +119725,8 @@ rule CAPE_Mysterysnail date = "2021-10-16" modified = "2021-10-16" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/analyzer/windows/data/yara/MysterySnail.yar#L1-L11" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/analyzer/windows/data/yara/MysterySnail.yar#L1-L11" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "9402dbbbfdd286e2309ee83fc08194f70f73657a3a4e3785dfbcb564dbee86a8" score = 75 quality = 70 @@ -119748,8 +119748,8 @@ rule CAPE_Bruteratelsyscall date = "2024-07-22" modified = "2024-07-22" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/analyzer/windows/data/yara/BruteRatel.yar#L1-L12" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/analyzer/windows/data/yara/BruteRatel.yar#L1-L12" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "5ed054b3cd5d2659c250945d55d6adac90945963c34ad2af0f8d7436141e86b6" score = 75 quality = 70 @@ -119772,8 +119772,8 @@ rule CAPE_Bruteratelpacker date = "2024-07-22" modified = "2024-07-22" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/analyzer/windows/data/yara/BruteRatel.yar#L14-L26" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/analyzer/windows/data/yara/BruteRatel.yar#L14-L26" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "2ccb17efe378d034df34d20d7580c58171d0fd11c18fef6c9a23f1ba238514e6" score = 75 quality = 70 @@ -119797,8 +119797,8 @@ rule CAPE_Bruterateldate date = "2024-07-22" modified = "2024-07-22" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/analyzer/windows/data/yara/BruteRatel.yar#L28-L39" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/analyzer/windows/data/yara/BruteRatel.yar#L28-L39" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "88589b2d08aea03565668ff1b9af20b6fe11cda50d867c60db7cb4d1826b0fd7" score = 75 quality = 70 @@ -119821,8 +119821,8 @@ rule CAPE_Bruteratelconfig date = "2024-07-22" modified = "2024-07-22" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/analyzer/windows/data/yara/BruteRatel.yar#L41-L51" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/analyzer/windows/data/yara/BruteRatel.yar#L41-L51" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "b1815aafec940ab6c8daafc68ccf294845221ada260de5209dcb7e49ccd061c7" score = 75 quality = 70 @@ -119844,8 +119844,8 @@ rule CAPE_Darkgateloader date = "2023-10-02" modified = "2023-10-02" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/analyzer/windows/data/yara/DarkGateLoader.yar#L1-L15" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/analyzer/windows/data/yara/DarkGateLoader.yar#L1-L15" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "56069f38edb7d50b0d5680a847d85b1aabc97e432a37911ac9d28aee3b12f526" score = 75 quality = 68 @@ -119871,8 +119871,8 @@ rule CAPE_Rhadamanthys_1 date = "2023-04-18" modified = "2023-04-18" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/analyzer/windows/data/yara/Rhadamanthys.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/analyzer/windows/data/yara/Rhadamanthys.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "3c8fbfe14f81e099fc900023d9c856e3f45b99af38889ed952b2ac67a636f51d" score = 75 quality = 70 @@ -119897,8 +119897,8 @@ rule CAPE_Agentteslav3Jit date = "2024-02-27" modified = "2024-02-27" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/analyzer/windows/data/yara/AgentTesla.yar#L16-L26" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/analyzer/windows/data/yara/AgentTesla.yar#L16-L26" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "62a49cf4295df637f96ba7c127cfc4aeb9af2fcced497fdf34d726a062edc1ec" score = 75 quality = 70 @@ -119920,8 +119920,8 @@ rule CAPE_Blister_1 : FILE date = "2024-05-09" modified = "2024-05-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/analyzer/windows/data/yara/Blister.yar#L1-L17" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/analyzer/windows/data/yara/Blister.yar#L1-L17" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "aba379b93c85241cf250829832b2c8a5eaafb3abd0ff955dbaf0d06489c00deb" score = 75 quality = 70 @@ -119949,8 +119949,8 @@ rule CAPE_Pikahook : FILE date = "2024-03-12" modified = "2024-03-12" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/analyzer/windows/data/yara/Pikabot.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/analyzer/windows/data/yara/Pikabot.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "2a50a5f2d905122a5b7ac8ca3666b47caa24d325e246841129e53807daf2a1dd" score = 75 quality = 70 @@ -119975,8 +119975,8 @@ rule CAPE_Pikexport : FILE date = "2024-03-12" modified = "2024-03-12" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/analyzer/windows/data/yara/Pikabot.yar#L16-L28" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/analyzer/windows/data/yara/Pikabot.yar#L16-L28" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" hash = "238dcc5611ed9066b63d2d0109c9b623f54f8d7b61d5f9de59694cfc60a4e646" logic_hash = "33f58703a0e40c2361343dbdcc17111aafbf5cc912393edda79005c6ec566f42" score = 75 @@ -120000,8 +120000,8 @@ rule CAPE_Vbcrypter date = "2021-03-28" modified = "2021-03-28" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/analyzer/windows/data/yara/VBCrypter.yar#L1-L11" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/analyzer/windows/data/yara/VBCrypter.yar#L1-L11" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "a62bca62ab624ab1a2c2e612c5b7e6d543006026a49c07c46800499e31e41c4e" score = 75 quality = 70 @@ -120023,8 +120023,8 @@ rule CAPE_Smokeloader_1 : FILE date = "2023-02-06" modified = "2023-02-06" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/analyzer/windows/data/yara/SmokeLoader.yar#L1-L11" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/analyzer/windows/data/yara/SmokeLoader.yar#L1-L11" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "4b15162f4b754cdd6a9124f29f0fd979085734063a0b17f2a97a9750f29e2e0b" score = 75 quality = 70 @@ -120046,8 +120046,8 @@ rule CAPE_Xworm_1 date = "2023-11-07" modified = "2023-11-07" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/analyzer/windows/data/yara/XWorm.yar#L1-L11" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/analyzer/windows/data/yara/XWorm.yar#L1-L11" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "d8e103f3470e83d71cd4992b74698c0721b8a69d764fdb7a4543997b2853014a" score = 75 quality = 70 @@ -120069,8 +120069,8 @@ rule CAPE_Stealcanti : FILE date = "2024-01-19" modified = "2024-01-19" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/analyzer/windows/data/yara/Stealc.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/analyzer/windows/data/yara/Stealc.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" hash = "77d6f1914af6caf909fa2a246fcec05f500f79dd56e5d0d466d55924695c702d" logic_hash = "4132e8094b0b49a89e9f40a8b1a6abbf105bbb04e4ddf3ce739e39fc2baf0d13" score = 75 @@ -120094,8 +120094,8 @@ rule CAPE_Stealcstrings : FILE date = "2024-01-19" modified = "2024-01-19" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/analyzer/windows/data/yara/Stealc.yar#L15-L26" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/analyzer/windows/data/yara/Stealc.yar#L15-L26" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "6d402446a979c00b6257ace9924db381d98c530b22968bd2776c66d58c7faefc" score = 75 quality = 70 @@ -120118,8 +120118,8 @@ rule CAPE_Latrodectus_1 : FILE date = "2024-02-26" modified = "2024-02-26" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/analyzer/windows/data/yara/Latrodectus.yar#L1-L12" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/analyzer/windows/data/yara/Latrodectus.yar#L1-L12" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" hash = "378d220bc863a527c2bca204daba36f10358e058df49ef088f8b1045604d9d05" logic_hash = "c2c9f23e287253d766425c05eb774f6e07bdcbabc259e04b723a1a87c8b91fbd" score = 75 @@ -120142,8 +120142,8 @@ rule CAPE_Anticuckoo : FILE date = "2023-03-17" modified = "2023-03-17" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/analyzer/windows/data/yara/AntiCuckoo.yar#L1-L12" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/analyzer/windows/data/yara/AntiCuckoo.yar#L1-L12" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" hash = "ad5e52f144bb4a1dae3090978c6ecb4c7732538c9b62a6cedd32eccee6094be5" logic_hash = "a039aeca2dae44980e8bffafacfda90975e107001be50f11ac916b35ad43592e" score = 75 @@ -120166,8 +120166,8 @@ rule CAPE_Bumblebeeshellcode_1 date = "2023-02-08" modified = "2023-02-08" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/analyzer/windows/data/yara/BumbleBee.yar#L18-L32" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/analyzer/windows/data/yara/BumbleBee.yar#L18-L32" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "865510868ee7c089c2ada0645098e851ca2bb9084a74315ce16296eb19c93ab4" score = 75 quality = 70 @@ -120193,8 +120193,8 @@ rule CAPE_Loadersyscall date = "2024-12-02" modified = "2024-12-02" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/analyzer/windows/data/yara/NitrogenLoader.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/analyzer/windows/data/yara/NitrogenLoader.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "3c7ffd8b95032cffecff7fa7e5f5f561cce13e1109f6a9b30bc743642b495e45" score = 75 quality = 70 @@ -120218,8 +120218,8 @@ rule CAPE_Nitrogenloaderaes date = "2024-12-02" modified = "2024-12-02" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/analyzer/windows/data/yara/NitrogenLoader.yar#L15-L27" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/analyzer/windows/data/yara/NitrogenLoader.yar#L15-L27" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "de8ed0e98948cfadfd579e334fd9ce9f777ddbd988de897529ba71cb5eb2d396" score = 75 quality = 70 @@ -120243,8 +120243,8 @@ rule CAPE_Nitrogenloaderbypass date = "2024-12-02" modified = "2024-12-02" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/analyzer/windows/data/yara/NitrogenLoader.yar#L29-L41" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/analyzer/windows/data/yara/NitrogenLoader.yar#L29-L41" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "3a034d3ddd18723ea1f91814c8c2a2c47a749dfd1496a5d4777d8ff8bfab3457" score = 75 quality = 70 @@ -120268,8 +120268,8 @@ rule CAPE_Nitrogenloaderconfig date = "2024-12-02" modified = "2024-12-02" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/analyzer/windows/data/yara/NitrogenLoader.yar#L43-L54" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/analyzer/windows/data/yara/NitrogenLoader.yar#L43-L54" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "a1f9e95b8039b16e3926b7288c036e81cf72b2dbb91ab9e69125f18d89fa1a03" score = 75 quality = 70 @@ -120292,8 +120292,8 @@ rule CAPE_Lumma_1 : FILE date = "2024-05-09" modified = "2024-05-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/analyzer/windows/data/yara/Lumma.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/analyzer/windows/data/yara/Lumma.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "a8f9212b619796f91f14c4164e4d2f30c66b51118f22f3d6c310841b6707b7b0" score = 75 quality = 70 @@ -120318,8 +120318,8 @@ rule CAPE_Lummaremap date = "2024-05-09" modified = "2024-05-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/analyzer/windows/data/yara/Lumma.yar#L16-L27" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/analyzer/windows/data/yara/Lumma.yar#L16-L27" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "51093379fbd041f75bdfe161bc9dfcc7d782c23ce16d625ca558bb58d8d57713" score = 75 quality = 70 @@ -120342,8 +120342,8 @@ rule CAPE_Slowloader date = "2024-09-23" modified = "2024-09-23" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/analyzer/windows/data/yara/SlowLoader.yar#L1-L12" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/analyzer/windows/data/yara/SlowLoader.yar#L1-L12" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "f07528c646ebd980a5e843caa4a4715e31b22c3cd091576600e9fe45d7fc2fe4" score = 75 quality = 70 @@ -120366,8 +120366,8 @@ rule CAPE_Dridexloader_1 : FILE date = "2021-03-09" modified = "2021-03-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/analyzer/windows/data/yara/DridexLoader.yar#L1-L11" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/04d655d6aab3f877bf21ac5e8000d0d028a25553/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/analyzer/windows/data/yara/DridexLoader.yar#L1-L11" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/bd1397b2e703b20766353d415d4d421a09e6bc6e/LICENSE" logic_hash = "00a3e4e80a2558ee52035f091e2339fa2dad6f6515b9dc099f2f3800e4c70bce" score = 75 quality = 70 @@ -120384,7 +120384,7 @@ rule CAPE_Dridexloader_1 : FILE * YARA Rule Set * Repository Name: BinaryAlert * Repository: https://github.com/airbnb/binaryalert/ - * Retrieval Date: 2024-12-29 + * Retrieval Date: 2025-01-05 * Git Commit: a9c0f06affc35e1f8e45bb77f835b92350c68a0b * Number of Rules: 78 * Skipped: 0 (age), 1 (quality), 0 (score), 0 (importance) @@ -122795,7 +122795,7 @@ rule BINARYALERT_Hacktool_Windows_Ncc_Wmicmd * YARA Rule Set * Repository Name: DeadBits * Repository: https://github.com/deadbits/yara-rules/ - * Retrieval Date: 2024-12-29 + * Retrieval Date: 2025-01-05 * Git Commit: d002f7ecee23e09142a3ac3e79c84f71dda3f001 * Number of Rules: 19 * Skipped: 0 (age), 4 (quality), 0 (score), 0 (importance) @@ -123191,7 +123191,7 @@ rule DEADBITS_Acbackdoor_ELF : LINUX MALWARE BACKDOOR description = "No description has been set in the source file - DeadBits" author = "Adam M. Swanda" id = "82eb41bf-cd1d-5b00-973b-31a79c75cfc0" - date = "2019-11-29" + date = "2019-11-05" modified = "2019-12-04" reference = "https://www.intezer.com/blog-acbackdoor-analysis-of-a-new-multiplatform-backdoor/" source_url = "https://github.com/deadbits/yara-rules//blob/d002f7ecee23e09142a3ac3e79c84f71dda3f001/rules/ACBackdoor_Linux.yara#L1-L41" @@ -123648,7 +123648,7 @@ rule DEADBITS_KPOT_V2 : WINMALWARE INFOSTEALER FILE * YARA Rule Set * Repository Name: DelivrTo * Repository: https://github.com/delivr-to/detections - * Retrieval Date: 2024-12-29 + * Retrieval Date: 2025-01-05 * Git Commit: 84158c63141cd22c128ff6f016329ffe67112f43 * Number of Rules: 9 * Skipped: 0 (age), 2 (quality), 0 (score), 0 (importance) @@ -123875,7 +123875,7 @@ rule DELIVRTO_SUSP_HTML_WASM_Smuggling * YARA Rule Set * Repository Name: ESET * Repository: https://github.com/eset/malware-ioc - * Retrieval Date: 2024-12-29 + * Retrieval Date: 2025-01-05 * Git Commit: 9431ee8ccf63b1c014bfaa5f1a28dc747772d28d * Number of Rules: 103 * Skipped: 0 (age), 5 (quality), 0 (score), 0 (importance) @@ -125815,7 +125815,7 @@ rule ESET_Apt_Windows_TA410_Flowcloud_Header_Decryption : FILE description = "Matches the function used to decrypt resources headers in TA410 FlowCloud" author = "ESET Research" id = "403c1845-bc25-5a49-8553-8a0be18d6970" - date = "2024-01-29" + date = "2025-01-05" modified = "2022-04-27" reference = "https://github.com/eset/malware-ioc/" source_url = "https://github.com/eset/malware-ioc/blob/9431ee8ccf63b1c014bfaa5f1a28dc747772d28d/ta410/ta410.yar#L417-L496" @@ -127602,7 +127602,7 @@ rule ESET_Sparklinggoblin_Mutex * YARA Rule Set * Repository Name: FireEye-RT * Repository: https://github.com/mandiant/red_team_tool_countermeasures/ - * Retrieval Date: 2024-12-29 + * Retrieval Date: 2025-01-05 * Git Commit: 3561b71724dbfa3e2bb78106aaa2d7f8b892c43b * Number of Rules: 167 * Skipped: 0 (age), 4 (quality), 0 (score), 0 (importance) @@ -132301,7 +132301,7 @@ rule FIREEYE_RT_Hunting_Gadgettojscript_1 * YARA Rule Set * Repository Name: GCTI * Repository: https://github.com/chronicle/GCTI - * Retrieval Date: 2024-12-29 + * Retrieval Date: 2025-01-05 * Git Commit: 1c5fd42b1895098527fde00c2d9757edf6b303bb * Number of Rules: 90 * Skipped: 0 (age), 1 (quality), 0 (score), 0 (importance) @@ -135518,7 +135518,7 @@ rule GCTI_Sliver_Implant_32Bit * YARA Rule Set * Repository Name: Malpedia * Repository: https://github.com/malpedia/signator-rules/ - * Retrieval Date: 2024-12-29 + * Retrieval Date: 2025-01-05 * Git Commit: 6558c417dcf07146b1309b6acde6be0aa96dea10 * Number of Rules: 1469 * Skipped: 0 (age), 15 (quality), 0 (score), 0 (importance) @@ -196581,7 +196581,7 @@ rule MALPEDIA_Win_Coronavirus_Ransomware_Auto : FILE * YARA Rule Set * Repository Name: Trellix ARC * Repository: https://github.com/advanced-threat-research/Yara-Rules/ - * Retrieval Date: 2024-12-29 + * Retrieval Date: 2025-01-05 * Git Commit: fc51a3fe3b450838614a5a5aa327c6bd8689cbb2 * Number of Rules: 162 * Skipped: 0 (age), 5 (quality), 0 (score), 0 (importance) @@ -196857,7 +196857,7 @@ rule TRELLIX_ARC_Shifu : FINANCIAL description = "No description has been set in the source file - Trellix ARC" author = "McAfee Labs" id = "81e9ad25-1df0-5196-be8b-1d1d5d8e4387" - date = "2024-12-01" + date = "2025-01-01" modified = "2020-08-14" reference = "https://blogs.mcafee.com/mcafee-labs/japanese-banking-trojan-shifu-combines-malware-tools/" source_url = "https://github.com/advanced-threat-research/Yara-Rules//blob/fc51a3fe3b450838614a5a5aa327c6bd8689cbb2/malware/MALW_Shifu.yar#L1-L24" @@ -196887,7 +196887,7 @@ rule TRELLIX_ARC_Rietspoof_Loader : RANSOMWARE FILE description = "Rule to detect the Rietspoof loader" author = "Marc Rivero | McAfee ATR Team" id = "f306e381-e2ae-528e-937b-aced72356d77" - date = "2024-12-01" + date = "2025-01-01" modified = "2020-08-14" reference = "https://blog.avast.com/rietspoof-malware-increases-activity" source_url = "https://github.com/advanced-threat-research/Yara-Rules//blob/fc51a3fe3b450838614a5a5aa327c6bd8689cbb2/malware/MALW_rietspoof_loader.yar#L1-L22" @@ -196969,7 +196969,7 @@ rule TRELLIX_ARC_Rovnix_Downloader : DOWNLOADER description = "Rovnix downloader with sinkhole checks" author = "Intel Security" id = "d51f8f73-7a3a-5ccf-9122-86061b5399f1" - date = "2024-12-01" + date = "2025-01-01" modified = "2020-08-14" reference = "https://blogs.mcafee.com/mcafee-labs/rovnix-downloader-sinkhole-time-checks/" source_url = "https://github.com/advanced-threat-research/Yara-Rules//blob/fc51a3fe3b450838614a5a5aa327c6bd8689cbb2/malware/MALW_Rovnix.yar#L1-L38" @@ -197595,7 +197595,7 @@ rule TRELLIX_ARC_Nionspy : FILEINFECTOR FILE description = "Triggers on old and new variants of W32/NionSpy file infector" author = "Trellix ARC Team" id = "86051ef8-a18b-553c-b06c-490f8d6df5cf" - date = "2024-12-01" + date = "2025-01-01" modified = "2020-08-14" reference = "https://blogs.mcafee.com/mcafee-labs/taking-a-close-look-at-data-stealing-nionspy-file-infector" source_url = "https://github.com/advanced-threat-research/Yara-Rules//blob/fc51a3fe3b450838614a5a5aa327c6bd8689cbb2/malware/MALW_NionSpy.yar#L1-L25" @@ -197623,7 +197623,7 @@ rule TRELLIX_ARC_Malw_Eicar : EICAR description = "Rule to detect the EICAR pattern" author = "Marc Rivero | McAfee ATR Team" id = "16307b03-7fab-5d68-ad3b-0efcea952fcf" - date = "2024-12-01" + date = "2025-01-01" modified = "2020-08-14" reference = "https://www.eicar.org/" source_url = "https://github.com/advanced-threat-research/Yara-Rules//blob/fc51a3fe3b450838614a5a5aa327c6bd8689cbb2/malware/MALW_Eicar.yar#L1-L22" @@ -197919,7 +197919,7 @@ rule TRELLIX_ARC_Msworldexploit_Builder_Doc : MALDOC FILE description = "Rule to detect RTF/Docs files created by MsWordExploit Builder" author = "Marc Rivero | McAfee ATR Team" id = "6c4c091b-5fce-583a-bc17-31830251892c" - date = "2024-12-01" + date = "2025-01-01" modified = "2020-08-14" reference = "https://github.com/advanced-threat-research/Yara-Rules/" source_url = "https://github.com/advanced-threat-research/Yara-Rules//blob/fc51a3fe3b450838614a5a5aa327c6bd8689cbb2/malware/MALW_MsWordExploit_DOC.yar#L1-L24" @@ -198897,7 +198897,7 @@ rule TRELLIX_ARC_Sodinokobi : RANSOMWARE description = "This rule detect Sodinokobi Ransomware in memory in old samples and perhaps future." author = "McAfee ATR team" id = "dd05ce31-9699-50a9-944c-5883340791af" - date = "2024-12-01" + date = "2025-01-01" modified = "2020-08-14" reference = "https://github.com/advanced-threat-research/Yara-Rules/" source_url = "https://github.com/advanced-threat-research/Yara-Rules//blob/fc51a3fe3b450838614a5a5aa327c6bd8689cbb2/ransomware/RANSOM_Sodinokibi.yar#L33-L54" @@ -198925,7 +198925,7 @@ rule TRELLIX_ARC_Ransom_Black_Kingdom : RANSOMWARE FILE description = "Rule to detect Black Kingdom ransomware that is spread using the latest Exchange vulns" author = "McAfee ATR" id = "c38e6dbf-7fb9-52f0-acd0-f824647b6041" - date = "2024-12-01" + date = "2025-01-01" modified = "2021-04-06" reference = "https://github.com/advanced-threat-research/Yara-Rules/" source_url = "https://github.com/advanced-threat-research/Yara-Rules//blob/fc51a3fe3b450838614a5a5aa327c6bd8689cbb2/ransomware/ransom_BlackKingDom.yar#L3-L49" @@ -198979,7 +198979,7 @@ rule TRELLIX_ARC_Cryptonar_Ransomware : RANSOMWARE FILE description = "Rule to detect CryptoNar Ransomware" author = "Marc Rivero | McAfee ATR Team" id = "0911250f-fc1f-58bc-ac09-d77d2a2ed3ce" - date = "2024-12-01" + date = "2025-01-01" modified = "2020-08-14" reference = "https://www.bleepingcomputer.com/news/security/cryptonar-ransomware-discovered-and-quickly-decrypted/" source_url = "https://github.com/advanced-threat-research/Yara-Rules//blob/fc51a3fe3b450838614a5a5aa327c6bd8689cbb2/ransomware/RANSOM_CryptoNar.yar#L1-L36" @@ -199944,7 +199944,7 @@ rule TRELLIX_ARC_Megacortex_Signed : RANSOMWARE FILE description = "Rule to detect MegaCortex samples digitally signed" author = "Marc Rivero | McAfee ATR Team" id = "78a74e30-4de0-5e63-8ca5-31251c296f98" - date = "2024-12-01" + date = "2025-01-01" modified = "2020-08-14" reference = "https://blog.malwarebytes.com/detections/ransom-megacortex/" source_url = "https://github.com/advanced-threat-research/Yara-Rules//blob/fc51a3fe3b450838614a5a5aa327c6bd8689cbb2/ransomware/RANSOM_MegaCortex.yar#L3-L26" @@ -200475,7 +200475,7 @@ rule TRELLIX_ARC_Badrabbit_Ransomware : RANSOMWARE FILE description = "Rule to detect Bad Rabbit Ransomware" author = "Marc Rivero | McAfee ATR Team" id = "d6e78c14-0913-5eed-be15-a6d1a8cd1a8d" - date = "2024-12-01" + date = "2025-01-01" modified = "2020-08-14" reference = "https://securelist.com/bad-rabbit-ransomware/82851/" source_url = "https://github.com/advanced-threat-research/Yara-Rules//blob/fc51a3fe3b450838614a5a5aa327c6bd8689cbb2/ransomware/RANSOM_BadRabbit.yar#L49-L101" @@ -202468,7 +202468,7 @@ rule TRELLIX_ARC_Apt_Babar_Malware : BACKDOOR FILE * YARA Rule Set * Repository Name: Arkbird SOLG * Repository: https://github.com/StrangerealIntel/DailyIOC - * Retrieval Date: 2024-12-29 + * Retrieval Date: 2025-01-05 * Git Commit: a873ff1298c43705e9c67286f3014f4300dd04f7 * Number of Rules: 215 * Skipped: 0 (age), 11 (quality), 0 (score), 0 (importance) @@ -209590,7 +209590,7 @@ rule ARKBIRD_SOLG_MAL_Zstealer_Nov_2021_1 : FILE * YARA Rule Set * Repository Name: Telekom Security * Repository: https://github.com/telekom-security/malware_analysis/ - * Retrieval Date: 2024-12-29 + * Retrieval Date: 2025-01-05 * Git Commit: bf832d97e8fd292ec5e095e35bde992a6462e71c * Number of Rules: 12 * Skipped: 0 (age), 5 (quality), 0 (score), 0 (importance) @@ -209958,7 +209958,7 @@ rule TELEKOM_SECURITY_Win_Iceid_Core_202104 : FILE * YARA Rule Set * Repository Name: Volexity * Repository: https://github.com/volexity/threat-intel - * Retrieval Date: 2024-12-29 + * Retrieval Date: 2025-01-05 * Git Commit: b2dd39c31efbb1ed004fb25faaace7d5caf2f424 * Number of Rules: 94 * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance) @@ -213190,7 +213190,7 @@ rule VOLEXITY_Apt_Delivery_Web_Js_Jmask : EVILBAMBOO FILE * YARA Rule Set * Repository Name: JPCERTCC * Repository: https://github.com/JPCERTCC/MalConfScan/ - * Retrieval Date: 2024-12-29 + * Retrieval Date: 2025-01-05 * Git Commit: 19ec0d145535a6a4cfd37c0960114f455a8c343e * Number of Rules: 30 * Skipped: 0 (age), 4 (quality), 0 (score), 0 (importance) @@ -214034,7 +214034,7 @@ rule JPCERTCC_Elf_Wellmess : FILE * YARA Rule Set * Repository Name: SecuInfra * Repository: https://github.com/SIFalcon/Detection - * Retrieval Date: 2024-12-29 + * Retrieval Date: 2025-01-05 * Git Commit: 2d7c66d7d16c7541bf2a9a83a7a6d334364a26fd * Number of Rules: 45 * Skipped: 0 (age), 11 (quality), 0 (score), 0 (importance) @@ -214457,8 +214457,8 @@ rule SECUINFRA_RANSOM_Esxiargs_Ransomware_Python_Feb23 condition: $python and $desc and 4 of ( $command* ) and $cmd and $OpenSLPPort and $listener } -import "console" import "math" +import "console" import "pe" rule SECUINFRA_RANSOM_Lockbit_Black_Packer : RANSOMWARE FILE @@ -215338,9 +215338,9 @@ rule SECUINFRA_DROPPER_Asyncrat_VBS_February_2022_1 : FILE * YARA Rule Set * Repository Name: RussianPanda * Repository: https://github.com/RussianPanda95/Yara-Rules - * Retrieval Date: 2024-12-29 - * Git Commit: 2b40630c067f4ba3a207fcf1951e07a9a01ba69a - * Number of Rules: 76 + * Retrieval Date: 2025-01-05 + * Git Commit: e0394e68ccd3363745685db3839a7ff2ebedfec9 + * Number of Rules: 77 * Skipped: 0 (age), 1 (quality), 0 (score), 0 (importance) * * @@ -215357,7 +215357,7 @@ rule RUSSIANPANDA_Susp_Obf_Py_Marshal_Module : FILE date = "2024-01-16" modified = "2024-01-16" reference = "https://www.trendmicro.com/fr_fr/research/23/j/infection-techniques-across-supply-chains-and-codebases.html" - source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/2b40630c067f4ba3a207fcf1951e07a9a01ba69a/Techniques/susp_obf_py_marshal_module.yar#L1-L18" + source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/e0394e68ccd3363745685db3839a7ff2ebedfec9/Techniques/susp_obf_py_marshal_module.yar#L1-L18" license_url = "N/A" hash = "d740129ff6bdb65a324eadf4ac8de3893a54306cf2a11712a305ef6247204092" logic_hash = "f150fae6d7a4642f714f4620dab65f452e5eb9cb57e9cbea46010aac3ecbb3cb" @@ -215384,7 +215384,7 @@ rule RUSSIANPANDA_Win_Sus_Internetshortcutfile date = "2024-02-17" modified = "2024-02-17" reference = "https://github.com/RussianPanda95/Yara-Rules" - source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/2b40630c067f4ba3a207fcf1951e07a9a01ba69a/Techniques/win_sus_InternetShortcutFile.yar#L1-L19" + source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/e0394e68ccd3363745685db3839a7ff2ebedfec9/Techniques/win_sus_InternetShortcutFile.yar#L1-L19" license_url = "N/A" logic_hash = "9ec321ba521949fcc1db09b843913424182bfbb14eac61e92b7132d88b275ceb" score = 65 @@ -215414,7 +215414,7 @@ rule RUSSIANPANDA_Golang_Base64_Enc : FILE date = "2024-01-10" modified = "2024-01-14" reference = "https://unprotect.it/technique/base64/" - source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/2b40630c067f4ba3a207fcf1951e07a9a01ba69a/Techniques/golang_base64_enc.yar#L1-L18" + source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/e0394e68ccd3363745685db3839a7ff2ebedfec9/Techniques/golang_base64_enc.yar#L1-L18" license_url = "N/A" hash = "509a359b4d0cd993497671b91255c3775628b078cde31a32158c1bc3b2ce461c" logic_hash = "72cf3ee948df9c4ce593f16a49397e79fdc5ecc3264b3685bbc54f60ed1278bd" @@ -215440,7 +215440,7 @@ rule RUSSIANPANDA_Check_Installed_Software : FILE date = "2024-01-14" modified = "2024-01-15" reference = "https://unprotect.it/technique/checking-installed-software/" - source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/2b40630c067f4ba3a207fcf1951e07a9a01ba69a/Techniques/check_installed_software.yar#L1-L19" + source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/e0394e68ccd3363745685db3839a7ff2ebedfec9/Techniques/check_installed_software.yar#L1-L19" license_url = "N/A" hash = "db44d4cd1ea8142790a6b26880b41ee23de5db5c2a63afb9ee54585882f1aa07" logic_hash = "ab079f1edaffca5bce1e872d6e4fc44f7c22b9260feaed7cd38e578646d420ef" @@ -215466,7 +215466,7 @@ rule RUSSIANPANDA_Zharkbot : FILE date = "2024-09-02" modified = "2024-09-03" reference = "https://research.openanalysis.net/zharkbot/triage/x64dbg/2024/09/02/zharkbot-config.html" - source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/2b40630c067f4ba3a207fcf1951e07a9a01ba69a/ZharkBot/Zharkbot.yar#L1-L15" + source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/e0394e68ccd3363745685db3839a7ff2ebedfec9/ZharkBot/Zharkbot.yar#L1-L15" license_url = "N/A" hash = "1aa0622a744ec4d28a561bac60ec5e907476587efbadfde546d2b145be4b8109" logic_hash = "fded6a0c7af4fda13619778669ef619f88b43e12f12284a3c551c4fddac01024" @@ -215490,7 +215490,7 @@ rule RUSSIANPANDA_Zharkbot_1 : FILE date = "2024-01-21" modified = "2024-03-12" reference = "https://x.com/ViriBack/status/1749184882822029564?s=20" - source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/2b40630c067f4ba3a207fcf1951e07a9a01ba69a/ZharkBot/zharkbot.yar#L1-L15" + source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/e0394e68ccd3363745685db3839a7ff2ebedfec9/ZharkBot/zharkbot.yar#L1-L15" license_url = "N/A" hash = "d53ce8c0a8a89c2e3eb080849da8b1c47eaac614248fc55d03706dd5b4e10bdd" logic_hash = "ffaec6b19dd4385cd1bc156fdfde39a356367c7fba4135c48a8de62a18a78576" @@ -215514,7 +215514,7 @@ rule RUSSIANPANDA_Sentinel_Stealer date = "2024-01-19" modified = "2024-01-19" reference = "https://github.com/RussianPanda95/Yara-Rules" - source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/2b40630c067f4ba3a207fcf1951e07a9a01ba69a/SentinelStealer/sentinel_stealer.yar#L1-L14" + source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/e0394e68ccd3363745685db3839a7ff2ebedfec9/SentinelStealer/sentinel_stealer.yar#L1-L14" license_url = "N/A" hash = "3a540a8a81c5a5b452f154d7875423a3" logic_hash = "b9d72848842ea4d26544633bb83fccd17239b28493bde3f73341eb2004d8ee0c" @@ -215539,7 +215539,7 @@ rule RUSSIANPANDA_Lummac2 : FILE date = "2024-09-12" modified = "2024-09-12" reference = "https://github.com/RussianPanda95/Yara-Rules" - source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/2b40630c067f4ba3a207fcf1951e07a9a01ba69a/LummaC2/LummaC2.yar#L1-L14" + source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/e0394e68ccd3363745685db3839a7ff2ebedfec9/LummaC2/LummaC2.yar#L1-L14" license_url = "N/A" hash = "988f54f9694dd1ae701bacec3b83c752" logic_hash = "875709f48ff93c8e986f3c1d2e32268bf3458d870082072e7727d8ec85b1a021" @@ -215563,7 +215563,7 @@ rule RUSSIANPANDA_Johnwalkertexasloader_V2 : FILE date = "2024-10-15" modified = "2024-10-15" reference = "https://github.com/RussianPanda95/Yara-Rules" - source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/2b40630c067f4ba3a207fcf1951e07a9a01ba69a/JWTL/JohnWalkerTexasLoader_v2.yar#L1-L16" + source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/e0394e68ccd3363745685db3839a7ff2ebedfec9/JWTL/JohnWalkerTexasLoader_v2.yar#L1-L16" license_url = "N/A" hash = "9f6bf0473f5541d84faad4c33a0bc5b1928fceb5938f2d6a7e6e02b7f0980341" logic_hash = "70cbf6cf0602dc8087f4845451d13d0043872733615050161c077e3346387873" @@ -215588,7 +215588,7 @@ rule RUSSIANPANDA_Johnwalkertexasloader : FILE date = "2024-10-10" modified = "2024-10-10" reference = "https://github.com/RussianPanda95/Yara-Rules" - source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/2b40630c067f4ba3a207fcf1951e07a9a01ba69a/JWTL/JohnWalkerTexasLoader.yar#L1-L16" + source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/e0394e68ccd3363745685db3839a7ff2ebedfec9/JWTL/JohnWalkerTexasLoader.yar#L1-L16" license_url = "N/A" hash = "3784fc39dc5c0dec08ad0a49bbbb990359e313a9fa87e6842fd67ed7cc1c0baa" logic_hash = "414be3219d12823639d140d132a9bbc2ca7bf8c44d0c560e4a49b76323be3f8a" @@ -215613,7 +215613,7 @@ rule RUSSIANPANDA_Danabot date = "2023-12-01" modified = "2023-12-01" reference = "https://github.com/RussianPanda95/Yara-Rules" - source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/2b40630c067f4ba3a207fcf1951e07a9a01ba69a/DanaBot/danabot_yara.yar#L1-L17" + source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/e0394e68ccd3363745685db3839a7ff2ebedfec9/DanaBot/danabot_yara.yar#L1-L17" license_url = "N/A" logic_hash = "4968531f27fa1a8bc3fca536a04b75277adefc42addb9f1999c564510cbcb684" score = 75 @@ -215640,7 +215640,7 @@ rule RUSSIANPANDA_Win_Mal_Rustydropper : FILE date = "2024-03-01" modified = "2024-03-01" reference = "https://github.com/RussianPanda95/Yara-Rules" - source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/2b40630c067f4ba3a207fcf1951e07a9a01ba69a/RustyDropper/win_mal_RustyDropper.yar#L1-L12" + source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/e0394e68ccd3363745685db3839a7ff2ebedfec9/RustyDropper/win_mal_RustyDropper.yar#L1-L12" license_url = "N/A" hash = "a3a5e7011335a2284e2d4f73fd464ff129f0c9276878a054c1932bc50608584b" logic_hash = "d0c76bcd1af63cc1b1fbabc3fa33e6caafd7d9c7c3780a94a1ed37eadef655d7" @@ -215664,7 +215664,7 @@ rule RUSSIANPANDA_Win_Mal_Zloader : FILE date = "2024-03-10" modified = "2024-03-10" reference = "https://github.com/RussianPanda95/Yara-Rules" - source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/2b40630c067f4ba3a207fcf1951e07a9a01ba69a/Zloader/win_mal_Zloader.yar#L1-L13" + source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/e0394e68ccd3363745685db3839a7ff2ebedfec9/Zloader/win_mal_Zloader.yar#L1-L13" license_url = "N/A" logic_hash = "9ac9e8ca4a6f84e1bccac2292705ee6ebbc1595eb3f40ed777f7973e9bda7fc1" score = 75 @@ -215689,7 +215689,7 @@ rule RUSSIANPANDA_Win_Mal_Glorysprout_Stealer : FILE date = "2024-03-16" modified = "2024-03-16" reference = "https://github.com/RussianPanda95/Yara-Rules" - source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/2b40630c067f4ba3a207fcf1951e07a9a01ba69a/GlorySprout/win_mal_GlorySprout_Stealer.yar#L1-L13" + source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/e0394e68ccd3363745685db3839a7ff2ebedfec9/GlorySprout/win_mal_GlorySprout_Stealer.yar#L1-L13" license_url = "N/A" hash = "8996c252fc41b7ec0ec73ce814e84136be6efef898822146c25af2330f4fd04a" logic_hash = "c843f7924e69c1b9fc3676178aa630319fe25605deddcd73c4905c51cc97d7eb" @@ -215714,7 +215714,7 @@ rule RUSSIANPANDA_Mal_Botnetfenix_Payload : FILE date = "2024-02-02" modified = "2024-02-04" reference = "https://github.com/RussianPanda95/Yara-Rules" - source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/2b40630c067f4ba3a207fcf1951e07a9a01ba69a/FenixBotnet/mal_BotnetFenix_Payload.yar#L1-L16" + source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/e0394e68ccd3363745685db3839a7ff2ebedfec9/FenixBotnet/mal_BotnetFenix_Payload.yar#L1-L16" license_url = "N/A" hash = "65a9575c50a96d04a3f649fe0f6b8ccd" logic_hash = "27f423b509ad8de0f8389c7b3e3bfec2eeb10c964aa8c70bad47cc4334df1a5e" @@ -215742,7 +215742,7 @@ rule RUSSIANPANDA_Mal_Fenixbotnet_Jse date = "2024-01-18" modified = "2024-02-02" reference = "https://github.com/RussianPanda95/Yara-Rules" - source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/2b40630c067f4ba3a207fcf1951e07a9a01ba69a/FenixBotnet/mal_FenixBotnet_jse.yar#L1-L14" + source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/e0394e68ccd3363745685db3839a7ff2ebedfec9/FenixBotnet/mal_FenixBotnet_jse.yar#L1-L14" license_url = "N/A" hash = "a7fadf0050d4d0b2cefd808e16dfde69" logic_hash = "848c00361fba60e63e8ec4098404e87d4ba2b11d8489ad16d49c20fc653a5e45" @@ -215768,7 +215768,7 @@ rule RUSSIANPANDA_Mal_Asuka_Stealer : FILE date = "2024-02-02" modified = "2024-03-18" reference = "https://github.com/RussianPanda95/Yara-Rules" - source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/2b40630c067f4ba3a207fcf1951e07a9a01ba69a/AsukaStealer/mal_asuka_stealer.yar#L1-L12" + source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/e0394e68ccd3363745685db3839a7ff2ebedfec9/AsukaStealer/mal_asuka_stealer.yar#L1-L12" license_url = "N/A" logic_hash = "7974e0de821ddcafd4f00b27d587108f0d80f8a231dd0db4d2be4fa6ab44fef4" score = 75 @@ -215794,7 +215794,7 @@ rule RUSSIANPANDA_Swaetrat date = "2023-11-27" modified = "2023-11-27" reference = "https://github.com/RussianPanda95/Yara-Rules" - source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/2b40630c067f4ba3a207fcf1951e07a9a01ba69a/SwaetRAT/swaetrat.yar#L3-L19" + source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/e0394e68ccd3363745685db3839a7ff2ebedfec9/SwaetRAT/swaetrat.yar#L3-L19" license_url = "N/A" logic_hash = "4dc1107a34d678c3fa0939fab7986fe744ac246400823d08b1ab6db0942821da" score = 75 @@ -215821,7 +215821,7 @@ rule RUSSIANPANDA_Purecrypter_Core : FILE date = "2024-01-09" modified = "2024-01-09" reference = "https://www.zscaler.com/blogs/security-research/technical-analysis-purecrypter" - source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/2b40630c067f4ba3a207fcf1951e07a9a01ba69a/PureCrypter/purecrypter_core.yar#L3-L28" + source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/e0394e68ccd3363745685db3839a7ff2ebedfec9/PureCrypter/purecrypter_core.yar#L3-L28" license_url = "N/A" hash = "e4faa7d7a098414449abffb210fd874798207ee9d27643c8088676ff429b56b7" logic_hash = "8c761a98369436ffbe1379152461753778985a42ae656567018b47c71af7d866" @@ -215853,7 +215853,7 @@ rule RUSSIANPANDA_Purecrypter : FILE date = "2024-01-09" modified = "2024-01-09" reference = "https://www.zscaler.com/blogs/security-research/technical-analysis-purecrypter" - source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/2b40630c067f4ba3a207fcf1951e07a9a01ba69a/PureCrypter/purecrypter.yar#L3-L22" + source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/e0394e68ccd3363745685db3839a7ff2ebedfec9/PureCrypter/purecrypter.yar#L3-L22" license_url = "N/A" hash = "566d8749e166436792dfcbb5e5514f18c9afc0e1314833ac2e3d86f37ff2030f" logic_hash = "dd8592fa0b7d240d23235008601500a20e068032f6dcd6e90a38b06ac747b8af" @@ -215882,7 +215882,7 @@ rule RUSSIANPANDA_Bandit_Stealer : FILE date = "2023-05-05" modified = "2023-05-05" reference = "https://github.com/RussianPanda95/Yara-Rules" - source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/2b40630c067f4ba3a207fcf1951e07a9a01ba69a/BanditStealer/bandit_stealer.yar#L3-L21" + source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/e0394e68ccd3363745685db3839a7ff2ebedfec9/BanditStealer/bandit_stealer.yar#L3-L21" license_url = "N/A" logic_hash = "304bf05a58d5b762ffe078457739188692f4f7109db929418832c4379b21ae72" score = 50 @@ -215905,7 +215905,7 @@ rule RUSSIANPANDA_Win_Mal_Gobitloader : FILE date = "2024-03-24" modified = "2024-03-24" reference = "https://www.malwarebytes.com/blog/threat-intelligence/2024/03/new-go-loader-pushes-rhadamanthys" - source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/2b40630c067f4ba3a207fcf1951e07a9a01ba69a/GoBitLoader/win_mal_GoBitLoader.yar#L1-L13" + source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/e0394e68ccd3363745685db3839a7ff2ebedfec9/GoBitLoader/win_mal_GoBitLoader.yar#L1-L13" license_url = "N/A" logic_hash = "66951b290bef6a6c9eef4ea674472465dfe0ec5072dce21f48b58191f7ce90e3" score = 75 @@ -215929,7 +215929,7 @@ rule RUSSIANPANDA_Easycrypter : FILE date = "2024-01-05" modified = "2024-01-05" reference = "https://github.com/RussianPanda95/Yara-Rules" - source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/2b40630c067f4ba3a207fcf1951e07a9a01ba69a/EasyCrypter/easycrypter.yar#L1-L16" + source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/e0394e68ccd3363745685db3839a7ff2ebedfec9/EasyCrypter/easycrypter.yar#L1-L16" license_url = "N/A" hash = "60063c99fda3b6c5c839ec1c310b03e8f9c7c8823f2eb7bf75e22c6d738ffa8f" logic_hash = "761ed4629150453009b76d9c2ad251754009b464550b92dab3395fa30422f6ef" @@ -215953,7 +215953,7 @@ rule RUSSIANPANDA_Win_Mal_Mpxdropper : FILE date = "2024-03-01" modified = "2024-03-01" reference = "https://github.com/RussianPanda95/Yara-Rules" - source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/2b40630c067f4ba3a207fcf1951e07a9a01ba69a/MpxDropper/mal_win_MpxDropper.yar#L1-L11" + source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/e0394e68ccd3363745685db3839a7ff2ebedfec9/MpxDropper/mal_win_MpxDropper.yar#L1-L11" license_url = "N/A" hash = "3a44a45afbfe5fc7cdeb3723e05c4e892b079abdb7d1e8d6fc70496ef0a14d5d" logic_hash = "e8d2672553c7f44e1cc177fad6596bd58b5c32a7541f91ce1207e6b21ef6e52d" @@ -215976,7 +215976,7 @@ rule RUSSIANPANDA_Ghostgambit : FILE date = "2024-07-09" modified = "2024-07-09" reference = "https://github.com/RussianPanda95/Yara-Rules" - source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/2b40630c067f4ba3a207fcf1951e07a9a01ba69a/GhostGambit/GhostGambit.yar#L1-L14" + source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/e0394e68ccd3363745685db3839a7ff2ebedfec9/GhostGambit/GhostGambit.yar#L1-L14" license_url = "N/A" hash = "2b16c68d9bafbd2ecf3634d991d7c794" logic_hash = "419efbea3c347d0ec9365c0c21cccb6f229f8c42d22a2bcfdf14854e7f83aea1" @@ -216004,7 +216004,7 @@ rule RUSSIANPANDA_Ducktail_Myrdpservice_Bot : FILE date = "2023-12-24" modified = "2023-12-26" reference = "https://github.com/RussianPanda95/Yara-Rules" - source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/2b40630c067f4ba3a207fcf1951e07a9a01ba69a/Ducktail/ducktail_myrdpservice-12-2023.yar#L3-L17" + source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/e0394e68ccd3363745685db3839a7ff2ebedfec9/Ducktail/ducktail_myrdpservice-12-2023.yar#L3-L17" license_url = "N/A" logic_hash = "a329067fbb2acc34c4970167bbce0706c5a3ec09ee89ce16817c105ae1c17b1b" score = 75 @@ -216028,7 +216028,7 @@ rule RUSSIANPANDA_Ducktail : FILE date = "2023-04-25" modified = "2023-05-05" reference = "https://github.com/RussianPanda95/Yara-Rules" - source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/2b40630c067f4ba3a207fcf1951e07a9a01ba69a/Ducktail/ducktail.yar#L1-L16" + source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/e0394e68ccd3363745685db3839a7ff2ebedfec9/Ducktail/ducktail.yar#L1-L16" license_url = "N/A" logic_hash = "cb248870f6945d7a6d60d54944dc726d40ba326448af39b87325ec56445602a5" score = 75 @@ -216057,7 +216057,7 @@ rule RUSSIANPANDA_Ducktail_Mainbot : FILE date = "2023-12-24" modified = "2023-12-26" reference = "https://github.com/RussianPanda95/Yara-Rules" - source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/2b40630c067f4ba3a207fcf1951e07a9a01ba69a/Ducktail/ducktail_mainbot-12-2023.yar#L3-L19" + source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/e0394e68ccd3363745685db3839a7ff2ebedfec9/Ducktail/ducktail_mainbot-12-2023.yar#L3-L19" license_url = "N/A" logic_hash = "33b85c6e1e1137aeeb07eba957b73d738a70ddc561b42bd2d39258e90280fca4" score = 75 @@ -216082,7 +216082,7 @@ rule RUSSIANPANDA_Prysmax_Stealer : FILE date = "2024-01-09" modified = "2024-01-10" reference = "https://www.cyfirma.com/outofband/new-maas-prysmax-launches-fully-undetectable-infostealer/" - source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/2b40630c067f4ba3a207fcf1951e07a9a01ba69a/Prysmax Stealer/prysmax_stealer.yar#L1-L21" + source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/e0394e68ccd3363745685db3839a7ff2ebedfec9/Prysmax Stealer/prysmax_stealer.yar#L1-L21" license_url = "N/A" logic_hash = "869eee7dd5209bdea98c248791b9ac911e3daabe6d440aa62aecefa43539a41c" score = 75 @@ -216111,7 +216111,7 @@ rule RUSSIANPANDA_Metastealer date = "2023-11-16" modified = "2023-12-30" reference = "https://github.com/RussianPanda95/Yara-Rules" - source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/2b40630c067f4ba3a207fcf1951e07a9a01ba69a/MetaStealer/metastealer.yar#L2-L19" + source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/e0394e68ccd3363745685db3839a7ff2ebedfec9/MetaStealer/metastealer.yar#L2-L19" license_url = "N/A" logic_hash = "f78b376713daf82aa2e0cbd6bf45f33d25530449fa05673c8a7c6b4c0dddca79" score = 75 @@ -216137,7 +216137,7 @@ rule RUSSIANPANDA_Metastealer_NET_Reactor_Packer : FILE date = "2023-12-29" modified = "2023-12-30" reference = "https://github.com/RussianPanda95/Yara-Rules" - source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/2b40630c067f4ba3a207fcf1951e07a9a01ba69a/MetaStealer/metastealer_12-2023_packer.yar#L1-L16" + source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/e0394e68ccd3363745685db3839a7ff2ebedfec9/MetaStealer/metastealer_12-2023_packer.yar#L1-L16" license_url = "N/A" logic_hash = "1951d8b05f11b8a77a5bf792ad2b0ad95b8dede936ab5cd0699383468c3c97a8" score = 75 @@ -216164,7 +216164,7 @@ rule RUSSIANPANDA_Metastealer_Core_Payload date = "2023-12-29" modified = "2023-12-29" reference = "https://github.com/RussianPanda95/Yara-Rules" - source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/2b40630c067f4ba3a207fcf1951e07a9a01ba69a/MetaStealer/metastealer_core_payload_12-2023.yar#L2-L19" + source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/e0394e68ccd3363745685db3839a7ff2ebedfec9/MetaStealer/metastealer_core_payload_12-2023.yar#L2-L19" license_url = "N/A" logic_hash = "99a319023f2c1b714a70458bd33649d6cc343b500a409af12c2eb1ce38ba4241" score = 75 @@ -216190,7 +216190,7 @@ rule RUSSIANPANDA_Aurorastealer_March_2023 date = "2023-03-23" modified = "2023-05-05" reference = "https://github.com/RussianPanda95/Yara-Rules" - source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/2b40630c067f4ba3a207fcf1951e07a9a01ba69a/AuroraStealer/Aurora_March_2023.yar#L1-L15" + source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/e0394e68ccd3363745685db3839a7ff2ebedfec9/AuroraStealer/Aurora_March_2023.yar#L1-L15" license_url = "N/A" logic_hash = "d74d2843a03e826f334ce3c5eb10cc2b43cfd832174769e5d067fb877abe13a0" score = 75 @@ -216213,7 +216213,7 @@ rule RUSSIANPANDA_Aurorastealer_1 date = "2023-02-07" modified = "2023-05-05" reference = "https://github.com/RussianPanda95/Yara-Rules" - source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/2b40630c067f4ba3a207fcf1951e07a9a01ba69a/AuroraStealer/AuroraStealer.yar#L1-L16" + source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/e0394e68ccd3363745685db3839a7ff2ebedfec9/AuroraStealer/AuroraStealer.yar#L1-L16" license_url = "N/A" logic_hash = "7a9900266a0dfa7bf0ea91a0260a1d30bd7799a491fba87db083f4fea4115f2a" score = 50 @@ -216239,7 +216239,7 @@ rule RUSSIANPANDA_Purelogs_Stealer_Core : FILE date = "2023-12-26" modified = "2024-01-10" reference = "https://github.com/RussianPanda95/Yara-Rules" - source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/2b40630c067f4ba3a207fcf1951e07a9a01ba69a/Pure Logs Stealer/purelogs_stealer_core.yar#L3-L18" + source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/e0394e68ccd3363745685db3839a7ff2ebedfec9/Pure Logs Stealer/purelogs_stealer_core.yar#L3-L18" license_url = "N/A" logic_hash = "7388299ebcc70aeb86c46c29a787f790993a67148d9f3968def1109e45f69452" score = 75 @@ -216263,7 +216263,7 @@ rule RUSSIANPANDA_Purelogs_Stealer_Initial_Dropper : FILE date = "2024-01-10" modified = "2024-01-10" reference = "https://russianpanda.com/2023/12/26/Pure-Logs-Stealer-Malware-Analysis/" - source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/2b40630c067f4ba3a207fcf1951e07a9a01ba69a/Pure Logs Stealer/purelogs_stealer_initial_payload.yar#L1-L19" + source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/e0394e68ccd3363745685db3839a7ff2ebedfec9/Pure Logs Stealer/purelogs_stealer_initial_payload.yar#L1-L19" license_url = "N/A" logic_hash = "0fe94c705b94f82163f952d0a29aac4689947a1d439bdc1847ee510c25cf2e40" score = 75 @@ -216289,7 +216289,7 @@ rule RUSSIANPANDA_Darkvnc : FILE date = "2024-01-15" modified = "2024-01-15" reference = "https://github.com/RussianPanda95/Yara-Rules" - source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/2b40630c067f4ba3a207fcf1951e07a9a01ba69a/DarkVNC/darkvnc.yar#L1-L15" + source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/e0394e68ccd3363745685db3839a7ff2ebedfec9/DarkVNC/darkvnc.yar#L1-L15" license_url = "N/A" hash = "3c74dccd06605bcf527ffc27b3122959" logic_hash = "1dd1246e0b22181706433f0cff9b231017e747d8faaa2db4cb9adefeab492ab7" @@ -216306,6 +216306,31 @@ rule RUSSIANPANDA_Darkvnc : FILE condition: uint16( 0 ) == 0x5A4D and 3 of them and filesize < 700KB } +rule RUSSIANPANDA_Legionloader : FILE +{ + meta: + description = "Detects LegionLoader core payload" + author = "RussianPanda" + id = "8ef86f65-543e-5491-8459-fd540e70fc0c" + date = "2024-10-05" + modified = "2024-12-30" + reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.satacom" + source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/e0394e68ccd3363745685db3839a7ff2ebedfec9/LegionLoader/legionloader.yar#L1-L17" + license_url = "N/A" + hash = "3b630367b2942bd765f8a35bca47ea6b" + logic_hash = "c833b22a6e87f6289e723a51ac9eb02848a4868c73ca9f568f6450e53c41a657" + score = 75 + quality = 85 + tags = "FILE" + + strings: + $s1 = "crypto_domain" + $s2 = "postback_url" + $s3 = "last_win_error" + + condition: + uint16( 0 ) == 0x5A4D and all of them and filesize < 500KB +} rule RUSSIANPANDA_Legionloader_Dropper : FILE { meta: @@ -216315,7 +216340,7 @@ rule RUSSIANPANDA_Legionloader_Dropper : FILE date = "2024-09-23" modified = "2024-09-23" reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.satacom" - source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/2b40630c067f4ba3a207fcf1951e07a9a01ba69a/LegionLoader/LegionLoader_dropper.yar#L1-L17" + source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/e0394e68ccd3363745685db3839a7ff2ebedfec9/LegionLoader/LegionLoader_dropper.yar#L1-L17" license_url = "N/A" hash = "ef5b961ebc6167e728f9bf40e726ac71" logic_hash = "0871a6a0ab2c405793e8a49e662ba41acdcc6c8afac315f290de2cc05abd39fa" @@ -216340,7 +216365,7 @@ rule RUSSIANPANDA_Win_Mal_Planetstealer : FILE date = "2024-03-04" modified = "2024-03-24" reference = "https://github.com/RussianPanda95/Yara-Rules" - source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/2b40630c067f4ba3a207fcf1951e07a9a01ba69a/PlanetStealer/win_mal_PlanetStealer.yar#L1-L14" + source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/e0394e68ccd3363745685db3839a7ff2ebedfec9/PlanetStealer/win_mal_PlanetStealer.yar#L1-L14" license_url = "N/A" logic_hash = "e1660d6fed4c48b45b40bd51fb52254c5b19ca6f1938b68f2344bde473820b86" score = 75 @@ -216366,7 +216391,7 @@ rule RUSSIANPANDA_Mal_Cleanuploader : FILE date = "2024-02-14" modified = "2024-02-14" reference = "https://x.com/AnFam17/status/1757871703282077857?s=20" - source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/2b40630c067f4ba3a207fcf1951e07a9a01ba69a/CleanUpLoader/mal_cleanuploader.yar#L1-L14" + source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/e0394e68ccd3363745685db3839a7ff2ebedfec9/CleanUpLoader/mal_cleanuploader.yar#L1-L14" license_url = "N/A" hash = "2b62dd154b431d8309002d5b4a35de07" logic_hash = "a9267c568c11420e36f0781469aa7d932c87d52707981912558eb0f4f84f673a" @@ -216391,7 +216416,7 @@ rule RUSSIANPANDA_Pikabot_1 : FILE date = "2024-01-02" modified = "2024-01-02" reference = "https://research.openanalysis.net/pikabot/debugging/string%20decryption/2023/11/12/new-pikabot.html" - source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/2b40630c067f4ba3a207fcf1951e07a9a01ba69a/PikaBot/Pikabot_1-2-2024.yar#L1-L16" + source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/e0394e68ccd3363745685db3839a7ff2ebedfec9/PikaBot/Pikabot_1-2-2024.yar#L1-L16" license_url = "N/A" logic_hash = "f2dd26c23aba72c2b6b959fb411381b7d3a7466f94bf5259f57e96e44d3ee153" score = 75 @@ -216415,7 +216440,7 @@ rule RUSSIANPANDA_Vidar_DLL_Embedded date = "2023-05-02" modified = "2023-05-05" reference = "https://github.com/RussianPanda95/Yara-Rules" - source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/2b40630c067f4ba3a207fcf1951e07a9a01ba69a/VidarStealer/vidar_ver3.6_3.7_dll_embedded.yar#L1-L21" + source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/e0394e68ccd3363745685db3839a7ff2ebedfec9/VidarStealer/vidar_ver3.6_3.7_dll_embedded.yar#L1-L21" license_url = "N/A" logic_hash = "98d23523c2ab196f670dc33164954fc69a1c1692fa870a476e25d7dd3cebace2" score = 75 @@ -216444,7 +216469,7 @@ rule RUSSIANPANDA_Raccoonstealer : FILE date = "2024-01-08" modified = "2024-01-08" reference = "https://www.esentire.com/blog/esentire-threat-intelligence-malware-analysis-raccoon-stealer-v2-0" - source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/2b40630c067f4ba3a207fcf1951e07a9a01ba69a/RaccoonStealer_v2/raccoonstealer_v2.3.1.1.yar#L1-L20" + source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/e0394e68ccd3363745685db3839a7ff2ebedfec9/RaccoonStealer_v2/raccoonstealer_v2.3.1.1.yar#L1-L20" license_url = "N/A" hash = "c6d0d98dd43822fe12a1d785df4e391db3c92846b0473b54762fbb929de6f5cb" logic_hash = "ee2b39c1c2068b97e63a03330a2f9e2f12e53aaf9cfffb274acde2372a11fe45" @@ -216472,7 +216497,7 @@ rule RUSSIANPANDA_Raccoonstealerv2 : FILE date = "2023-04-17" modified = "2023-05-05" reference = "https://github.com/RussianPanda95/Yara-Rules" - source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/2b40630c067f4ba3a207fcf1951e07a9a01ba69a/RaccoonStealer_v2/raccoonstealerv2_2.1.0-4_build.yar#L1-L14" + source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/e0394e68ccd3363745685db3839a7ff2ebedfec9/RaccoonStealer_v2/raccoonstealerv2_2.1.0-4_build.yar#L1-L14" license_url = "N/A" logic_hash = "e2226f08753a3571045953363c04ec52de3c79cd0cd29e7ecb6afaf2ad573e4e" score = 50 @@ -216498,7 +216523,7 @@ rule RUSSIANPANDA_Atomic_Stealer : FILE date = "2024-01-13" modified = "2024-01-17" reference = "https://www.bleepingcomputer.com/news/security/macos-info-stealers-quickly-evolve-to-evade-xprotect-detection/" - source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/2b40630c067f4ba3a207fcf1951e07a9a01ba69a/AtomicStealer/Atomic_Stealer.yar#L1-L27" + source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/e0394e68ccd3363745685db3839a7ff2ebedfec9/AtomicStealer/Atomic_Stealer.yar#L1-L27" license_url = "N/A" hash = "dd8aa38c7f06cb1c12a4d2c0927b6107" logic_hash = "7601e508aeccba943b54e675212993920c984271f655e68c19efaf6d12cfebd5" @@ -216527,7 +216552,7 @@ rule RUSSIANPANDA_Darkgate_Autoit date = "2024-01-26" modified = "2024-01-26" reference = "https://yara.readthedocs.io/en/stable/writingrules.html?highlight=xor" - source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/2b40630c067f4ba3a207fcf1951e07a9a01ba69a/DarkGate/darkgate_autoit.yar#L1-L19" + source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/e0394e68ccd3363745685db3839a7ff2ebedfec9/DarkGate/darkgate_autoit.yar#L1-L19" license_url = "N/A" hash = "e1803b01e3f187355dbeb87a0c91b76c" logic_hash = "dda6726d09035d6f61ca331d18ed37f032c6f6a5ab88e1754a21587f4c79ac87" @@ -216556,7 +216581,7 @@ rule RUSSIANPANDA_Workersdevbackdoor_PS : FILE date = "2023-12-15" modified = "2023-12-15" reference = "https://github.com/RussianPanda95/Yara-Rules" - source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/2b40630c067f4ba3a207fcf1951e07a9a01ba69a/WorkersDevBackdoor/WorkersDevBackdoor_PS.yar#L1-L18" + source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/e0394e68ccd3363745685db3839a7ff2ebedfec9/WorkersDevBackdoor/WorkersDevBackdoor_PS.yar#L1-L18" license_url = "N/A" logic_hash = "c71eed8fd7a44f3018150cc6ef55d10779093ed8e4c77fd9babcf9b1b9fadfda" score = 75 @@ -216585,7 +216610,7 @@ rule RUSSIANPANDA_Workersdevbackdoor : FILE date = "2023-12-15" modified = "2024-01-05" reference = "https://github.com/RussianPanda95/Yara-Rules" - source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/2b40630c067f4ba3a207fcf1951e07a9a01ba69a/WorkersDevBackdoor/WorkDevBackdoor.yar#L3-L20" + source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/e0394e68ccd3363745685db3839a7ff2ebedfec9/WorkersDevBackdoor/WorkDevBackdoor.yar#L3-L20" license_url = "N/A" logic_hash = "f92ad9dc657d87a47e539ea2ee896f9b86bb95e51a890a838c6e6b0efa5deb7d" score = 75 @@ -216610,7 +216635,7 @@ rule RUSSIANPANDA_PSWSTEALER : FILE date = "2023-04-02" modified = "2023-05-05" reference = "https://github.com/RussianPanda95/Yara-Rules" - source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/2b40630c067f4ba3a207fcf1951e07a9a01ba69a/PSWSTEALER/pswstealer.yar#L1-L14" + source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/e0394e68ccd3363745685db3839a7ff2ebedfec9/PSWSTEALER/pswstealer.yar#L1-L14" license_url = "N/A" logic_hash = "7d85b0ccaa07419f22b9f38a4bc66435cd689b21fa7e4584ef8bea485b6bd2c1" score = 75 @@ -216637,7 +216662,7 @@ rule RUSSIANPANDA_Andeloader date = "2023-12-11" modified = "2023-12-11" reference = "https://github.com/RussianPanda95/Yara-Rules" - source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/2b40630c067f4ba3a207fcf1951e07a9a01ba69a/AndeLoader/ande_loader.yar#L3-L18" + source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/e0394e68ccd3363745685db3839a7ff2ebedfec9/AndeLoader/ande_loader.yar#L3-L18" license_url = "N/A" logic_hash = "cd55153077e5cfbd84cbe5b062dbd842def245417acfea4ed6c2b1db702dcc81" score = 75 @@ -216661,7 +216686,7 @@ rule RUSSIANPANDA_Fakebat_Powershell date = "2023-12-01" modified = "2023-12-01" reference = "https://github.com/RussianPanda95/Yara-Rules" - source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/2b40630c067f4ba3a207fcf1951e07a9a01ba69a/FakeBat/fakebat_powershell.yar#L1-L13" + source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/e0394e68ccd3363745685db3839a7ff2ebedfec9/FakeBat/fakebat_powershell.yar#L1-L13" license_url = "N/A" logic_hash = "df6b30d97ac6c9b248fed0d901e8a0a6ad1d855483a5006b008b839d9961092a" score = 75 @@ -216684,7 +216709,7 @@ rule RUSSIANPANDA_Garystealer : FILE date = "2024-01-03" modified = "2024-01-03" reference = "https://cybersecurity.att.com/blogs/labs-research/behind-the-scenes-jaskagos-coordinated-strike-on-macos-and-windows" - source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/2b40630c067f4ba3a207fcf1951e07a9a01ba69a/GaryStealer/garystealer-1-3-2024.yar#L1-L20" + source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/e0394e68ccd3363745685db3839a7ff2ebedfec9/GaryStealer/garystealer-1-3-2024.yar#L1-L20" license_url = "N/A" hash = "6efa29a0f9d112cfbb982f7d9c0ddfe395b0b0edb885c2d5409b33ad60ce1435" logic_hash = "f71655d0cb237c08af9c298ec9eec1ae9bd1efd50e26d61afddf9056b6883a15" @@ -216710,7 +216735,7 @@ rule RUSSIANPANDA_Mal_Xred_Backdoor : FILE date = "2024-02-09" modified = "2024-02-09" reference = "https://github.com/RussianPanda95/Yara-Rules" - source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/2b40630c067f4ba3a207fcf1951e07a9a01ba69a/XRed_Backdoor/mal_xred_backdoor.yar#L1-L18" + source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/e0394e68ccd3363745685db3839a7ff2ebedfec9/XRed_Backdoor/mal_xred_backdoor.yar#L1-L18" license_url = "N/A" hash = "9e1fbae3a659899dde8db18a32daa46a" logic_hash = "36d138a0efade1d5c075662dc528235fe66b49879730db78c4c7290fec7420b5" @@ -216738,7 +216763,7 @@ rule RUSSIANPANDA_Win_Mal_Xworm : FILE date = "2024-03-11" modified = "2024-03-11" reference = "https://github.com/RussianPanda95/Yara-Rules" - source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/2b40630c067f4ba3a207fcf1951e07a9a01ba69a/XWorm/win_mal_XWorm.yar#L1-L15" + source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/e0394e68ccd3363745685db3839a7ff2ebedfec9/XWorm/win_mal_XWorm.yar#L1-L15" license_url = "N/A" hash = "fc422800144383ef6e2e0eee37e7d6ba" logic_hash = "c42544285517dc61628e8df2ee5ab6733924fbb2cc08b9b2df273eec0a401d90" @@ -216765,7 +216790,7 @@ rule RUSSIANPANDA_Meduzastealer : FILE date = "2024-01-01" modified = "2024-01-01" reference = "https://russianpanda.com/2023/06/28/Meduza-Stealer-or-The-Return-of-The-Infamous-Aurora-Stealer/" - source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/2b40630c067f4ba3a207fcf1951e07a9a01ba69a/MeduzaStealer/MeduzaStealer_1-1-2024.yar#L1-L16" + source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/e0394e68ccd3363745685db3839a7ff2ebedfec9/MeduzaStealer/MeduzaStealer_1-1-2024.yar#L1-L16" license_url = "N/A" logic_hash = "0547e51abd04302c45f1319bc21046ade019bc98eb85d9cba67cb2109ff642eb" score = 75 @@ -216790,7 +216815,7 @@ rule RUSSIANPANDA_Jinxloader : FILE date = "2024-01-02" modified = "2024-01-02" reference = "https://github.com/RussianPanda95/Yara-Rules" - source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/2b40630c067f4ba3a207fcf1951e07a9a01ba69a/JinxLoader/JinxLoader-1-2-2024.yar#L1-L16" + source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/e0394e68ccd3363745685db3839a7ff2ebedfec9/JinxLoader/JinxLoader-1-2-2024.yar#L1-L16" license_url = "N/A" hash = "6bd7ff5d764214f239af2bb58b368308c2d04f1147678c2f638f37a893995f71" logic_hash = "13dee435fb4d40c629c0a30b6f655b87f14b10a6f6acf61d00e6c692c9bb0ff1" @@ -216816,7 +216841,7 @@ rule RUSSIANPANDA_Smartapesg_JS_Netsupportrat_Stage2 : FILE date = "2024-01-11" modified = "2024-01-12" reference = "https://github.com/RussianPanda95/Yara-Rules" - source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/2b40630c067f4ba3a207fcf1951e07a9a01ba69a/SmartApeSG/SmartApeSG_JS_NetSupportRAT_stage2.yar#L1-L23" + source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/e0394e68ccd3363745685db3839a7ff2ebedfec9/SmartApeSG/SmartApeSG_JS_NetSupportRAT_stage2.yar#L1-L23" license_url = "N/A" hash = "67d8f84b37732cf85e05b327ad6b6a9f" logic_hash = "5a2afaa14d513e0a3c4e52acfb433e53a4541983a05d15318a217c14dc06453c" @@ -216845,7 +216870,7 @@ rule RUSSIANPANDA_Smartapesg_JS_Dropper_Stage1 : FILE date = "2024-01-11" modified = "2024-01-11" reference = "https://medium.com/walmartglobaltech/smartapesg-4605157a5b80" - source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/2b40630c067f4ba3a207fcf1951e07a9a01ba69a/SmartApeSG/SmartApeSG_JS_dropper_stage1.yar#L1-L18" + source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/e0394e68ccd3363745685db3839a7ff2ebedfec9/SmartApeSG/SmartApeSG_JS_dropper_stage1.yar#L1-L18" license_url = "N/A" hash = "8769d9ebcf14b24a657532cd96f9520f54aa0e799399d840285311dfebe3fb15" logic_hash = "de7e4ec30c780699b46de7baf2a916fdb7331da2ee7c2d637422ea664cd03b82" @@ -216874,7 +216899,7 @@ rule RUSSIANPANDA_Gh0Strat : FILE date = "2024-07-09" modified = "2024-07-09" reference = "https://github.com/RussianPanda95/Yara-Rules" - source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/2b40630c067f4ba3a207fcf1951e07a9a01ba69a/Gh0stRAT/Gh0stRAT.yar#L1-L14" + source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/e0394e68ccd3363745685db3839a7ff2ebedfec9/Gh0stRAT/Gh0stRAT.yar#L1-L14" license_url = "N/A" hash = "678b06ecdbc9b186788cf960332566f9" logic_hash = "bc4bdad83a0e23273774c3d4812cabe9fa44897c8ff2e308004e03b4f1622cd5" @@ -216900,7 +216925,7 @@ rule RUSSIANPANDA_Whitesnakestealer : FILE date = "2023-07-04" modified = "2023-12-11" reference = "https://russianpanda.com/2023/07/04/WhiteSnake-Stealer-Malware-Analysis/" - source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/2b40630c067f4ba3a207fcf1951e07a9a01ba69a/WhiteSnake-Stealer/WhiteSnake_rc4.yar#L1-L17" + source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/e0394e68ccd3363745685db3839a7ff2ebedfec9/WhiteSnake-Stealer/WhiteSnake_rc4.yar#L1-L17" license_url = "N/A" logic_hash = "24985a2c3b0d72858decd17cb2b8e485caa94c01ad72a014edc68ed4facfd71e" score = 75 @@ -216925,7 +216950,7 @@ rule RUSSIANPANDA_Whitesnakestealer_1 : FILE date = "2023-07-04" modified = "2023-12-11" reference = "https://russianpanda.com/2023/07/04/WhiteSnake-Stealer-Malware-Analysis/" - source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/2b40630c067f4ba3a207fcf1951e07a9a01ba69a/WhiteSnake-Stealer/WhiteSnake_xor.yar#L1-L15" + source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/e0394e68ccd3363745685db3839a7ff2ebedfec9/WhiteSnake-Stealer/WhiteSnake_xor.yar#L1-L15" license_url = "N/A" logic_hash = "0bd0e250b8598be297296ecf6644d3bf649e3dc4598438325a0913afed04c819" score = 75 @@ -216948,7 +216973,7 @@ rule RUSSIANPANDA_Solarmarker_Loader_PS2EXE : FILE date = "2024-01-04" modified = "2024-01-04" reference = "https://www.esentire.com/blog/solarmarker-to-jupyter-and-back" - source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/2b40630c067f4ba3a207fcf1951e07a9a01ba69a/SolarMarker/solarmarker_loader.yar#L1-L17" + source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/e0394e68ccd3363745685db3839a7ff2ebedfec9/SolarMarker/solarmarker_loader.yar#L1-L17" license_url = "N/A" hash = "b45c31679c2516b38c7ff8c395f1d11d" logic_hash = "4f579f350c3320e7b811cae0efe7302e852f59adc02d805f64ba464f8a995f25" @@ -216973,7 +216998,7 @@ rule RUSSIANPANDA_Solardropper date = "2024-01-03" modified = "2024-01-03" reference = "https://www.esentire.com/blog/solarmarker-to-jupyter-and-back" - source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/2b40630c067f4ba3a207fcf1951e07a9a01ba69a/SolarMarker/solardropper.yar#L1-L15" + source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/e0394e68ccd3363745685db3839a7ff2ebedfec9/SolarMarker/solardropper.yar#L1-L15" license_url = "N/A" logic_hash = "5dccb7be94e814335c0c867f8b3dd8855043375fe9f1235d5519c690fc7df842" score = 75 @@ -216997,7 +217022,7 @@ rule RUSSIANPANDA_Solarmarker_First_Stage_Payload : FILE date = "2024-01-30" modified = "2024-01-30" reference = "https://x.com/luke92881/status/1751968350689771966?s=20" - source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/2b40630c067f4ba3a207fcf1951e07a9a01ba69a/SolarMarker/solarmarker_first_stage_payload.yar#L1-L21" + source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/e0394e68ccd3363745685db3839a7ff2ebedfec9/SolarMarker/solarmarker_first_stage_payload.yar#L1-L21" license_url = "N/A" hash = "f53563541293a826738d3b8f1164ea43" logic_hash = "e704614782b0f3cba60c53413e889113d2d44f37e60801205e5ed5ff921b13ee" @@ -217027,7 +217052,7 @@ rule RUSSIANPANDA_Solarphantom : FILE date = "2023-12-11" modified = "2023-12-11" reference = "https://www.esentire.com/blog/solarmarker-to-jupyter-and-back" - source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/2b40630c067f4ba3a207fcf1951e07a9a01ba69a/SolarMarker/solarphantom.yar#L1-L16" + source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/e0394e68ccd3363745685db3839a7ff2ebedfec9/SolarMarker/solarphantom.yar#L1-L16" license_url = "N/A" logic_hash = "3b49d301e625d5abf1b726481a80d6a97d33acd3301c12964f2f37d37130c1b7" score = 75 @@ -217053,7 +217078,7 @@ rule RUSSIANPANDA_Solarmarker_Loader : FILE date = "2024-01-04" modified = "2024-01-04" reference = "https://www.esentire.com/blog/solarmarker-to-jupyter-and-back" - source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/2b40630c067f4ba3a207fcf1951e07a9a01ba69a/SolarMarker/solarmarker_backdoor.yar#L3-L19" + source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/e0394e68ccd3363745685db3839a7ff2ebedfec9/SolarMarker/solarmarker_backdoor.yar#L3-L19" license_url = "N/A" hash = "8eeefe0df0b057fc866b8d35625156de" logic_hash = "035eccb41f2ecdeb196003542c165cedad96e3e8e741511b4beda3dfe1ece74e" @@ -217076,7 +217101,7 @@ rule RUSSIANPANDA_Neptune_Loader : FILE date = "2024-01-17" modified = "2024-01-21" reference = "https://github.com/RussianPanda95/Yara-Rules" - source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/2b40630c067f4ba3a207fcf1951e07a9a01ba69a/NeptuneLoader/neptune_loader.yar#L1-L18" + source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/e0394e68ccd3363745685db3839a7ff2ebedfec9/NeptuneLoader/neptune_loader.yar#L1-L18" license_url = "N/A" logic_hash = "ca54b8a624d48aa28bc727420f25e6f0fd67b193ac79443a357d88a9fe7cbdbb" score = 75 @@ -217104,7 +217129,7 @@ rule RUSSIANPANDA_Mal_Narniarat : FILE date = "2024-02-02" modified = "2024-02-02" reference = "https://github.com/RussianPanda95/Yara-Rules" - source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/2b40630c067f4ba3a207fcf1951e07a9a01ba69a/NarniaRAT/mal_NarniaRAT.yar#L1-L16" + source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/e0394e68ccd3363745685db3839a7ff2ebedfec9/NarniaRAT/mal_NarniaRAT.yar#L1-L16" license_url = "N/A" hash = "43f6c3f92a025d12de4c4f14afa5d098" logic_hash = "3ee8bf6b3970c6f56ca98c87752050217e350da160a650e1724b19f340bf0230" @@ -217132,7 +217157,7 @@ rule RUSSIANPANDA_Truecrypt_Crypter : FILE date = "2024-01-06" modified = "2024-01-06" reference = "https://github.com/RussianPanda95/Yara-Rules" - source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/2b40630c067f4ba3a207fcf1951e07a9a01ba69a/TrueCrypt/truecrypt_crypter.yar#L1-L27" + source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/e0394e68ccd3363745685db3839a7ff2ebedfec9/TrueCrypt/truecrypt_crypter.yar#L1-L27" license_url = "N/A" hash = "167637397fb45ea19bafcf208d8f27dceec82caa7ab19d40ecdb08eb1b7d4f60" logic_hash = "68612c68053e9fb81d9616c04b04ac2e2cb685f3b7ed71f8b31e8f22e3a539e7" @@ -217163,7 +217188,7 @@ rule RUSSIANPANDA_Obfuscation_Powershell_Special_Chars date = "2024-01-12" modified = "2024-02-02" reference = "https://perl-users.jp/articles/advent-calendar/2010/sym/11" - source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/2b40630c067f4ba3a207fcf1951e07a9a01ba69a/PowerShell Obfuscation/obfuscation_powershell_special_chars.yar#L1-L15" + source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/e0394e68ccd3363745685db3839a7ff2ebedfec9/PowerShell Obfuscation/obfuscation_powershell_special_chars.yar#L1-L15" license_url = "N/A" hash = "d77efad78ef3afc5426432597ba129141952719846bc5ccd058249bb23d8a905" logic_hash = "4cc4ebffe7bf712b412a060536acc51d94381d24b46e5494195ae17482076cd6" @@ -217191,7 +217216,7 @@ rule RUSSIANPANDA_Illyrianstealer : FILE date = "2024-01-08" modified = "2024-01-08" reference = "https://github.com/RussianPanda95/Yara-Rules" - source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/2b40630c067f4ba3a207fcf1951e07a9a01ba69a/IllyrianStealer/illyrian_stealer.yar#L2-L18" + source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/e0394e68ccd3363745685db3839a7ff2ebedfec9/IllyrianStealer/illyrian_stealer.yar#L2-L18" license_url = "N/A" hash = "fae0aed6173804e8c22027cbb0c121eedd927f16ea7e2b23662dbe6e016980e8" logic_hash = "2012d401d3e7ce2d4d6ea12ed01a30b7d3e18f4ed47dbf70d43bae6c328960ea" @@ -217217,7 +217242,7 @@ rule RUSSIANPANDA_Mal_Msedge_Dll_Virusloader : FILE date = "2024-01-19" modified = "2024-01-19" reference = "https://blog.phylum.io/npm-package-found-delivering-sophisticated-rat/" - source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/2b40630c067f4ba3a207fcf1951e07a9a01ba69a/virusloader/mal_msedge_dll_virusloader.yar#L1-L16" + source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/e0394e68ccd3363745685db3839a7ff2ebedfec9/virusloader/mal_msedge_dll_virusloader.yar#L1-L16" license_url = "N/A" hash = "ab2e3b07170ef1516af3af0d03388868" logic_hash = "659fd5fa3121fec5bf4cceb6f3dea95bf4cbcde7441d6f11c35288d8ad75a803" @@ -217242,7 +217267,7 @@ rule RUSSIANPANDA_Mal_Nitrogen : FILE date = "2024-02-04" modified = "2024-02-04" reference = "https://github.com/RussianPanda95/Yara-Rules" - source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/2b40630c067f4ba3a207fcf1951e07a9a01ba69a/Nitrogen/mal_nitrogen.yar#L1-L15" + source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/e0394e68ccd3363745685db3839a7ff2ebedfec9/Nitrogen/mal_nitrogen.yar#L1-L15" license_url = "N/A" logic_hash = "642d5a16c7fb217a297bba683221de474eb028ac48ec8f52be897eaa056acb9b" score = 75 @@ -217269,7 +217294,7 @@ rule RUSSIANPANDA_Win_Mal_Koistealer_PS date = "2024-04-04" modified = "2024-04-04" reference = "https://github.com/RussianPanda95/Yara-Rules" - source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/2b40630c067f4ba3a207fcf1951e07a9a01ba69a/Koi/win_mal_KoiStealer_PS.yar#L1-L12" + source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/e0394e68ccd3363745685db3839a7ff2ebedfec9/Koi/win_mal_KoiStealer_PS.yar#L1-L12" license_url = "N/A" hash = "4f55be0b55ec67dfda42b88e9c743a2a" logic_hash = "8a60a1d770eb4b5048762ddfd4657fdf7a430b09eb454ae5a5bb3103460907db" @@ -217293,7 +217318,7 @@ rule RUSSIANPANDA_Win_Mal_Koi_Loader_Decrypted : FILE date = "2024-04-04" modified = "2024-04-04" reference = "https://github.com/RussianPanda95/Yara-Rules" - source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/2b40630c067f4ba3a207fcf1951e07a9a01ba69a/Koi/win_mal_Koi_loader_decrypted.yar#L1-L12" + source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/e0394e68ccd3363745685db3839a7ff2ebedfec9/Koi/win_mal_Koi_loader_decrypted.yar#L1-L12" license_url = "N/A" hash = "1901593e0299930d46b963866f33a93b" logic_hash = "f73ada7185ff109afe1e186a0fb7b4420b3d0e04c93c7c5423243db97eb34e49" @@ -217317,7 +217342,7 @@ rule RUSSIANPANDA_Win_Mal_Koi_Loader : FILE date = "2024-04-04" modified = "2024-04-04" reference = "https://github.com/RussianPanda95/Yara-Rules" - source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/2b40630c067f4ba3a207fcf1951e07a9a01ba69a/Koi/win_mal_Koi_loader.yar#L1-L14" + source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/e0394e68ccd3363745685db3839a7ff2ebedfec9/Koi/win_mal_Koi_loader.yar#L1-L14" license_url = "N/A" hash = "47e208687c2fb40bdbaa17e368aaa1bd" logic_hash = "4f909865c6d274804c3fa7f66822d7bea71bb93e7c6a422ebaf220df056ac095" @@ -217338,7 +217363,7 @@ rule RUSSIANPANDA_Win_Mal_Koi_Loader : FILE * YARA Rule Set * Repository Name: Check Point * Repository: https://github.com/mikesxrs/Open-Source-YARA-rules - * Retrieval Date: 2024-12-29 + * Retrieval Date: 2025-01-05 * Git Commit: ec0056f767db98bf6d5fd63877ad51fb54d350e9 * Number of Rules: 4 * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance) @@ -217552,7 +217577,7 @@ rule CHECK_POINT_Malware_Bumblebee_Packed * YARA Rule Set * Repository Name: Dragon Threat Labs * Repository: https://github.com/mikesxrs/Open-Source-YARA-rules - * Retrieval Date: 2024-12-29 + * Retrieval Date: 2025-01-05 * Git Commit: ec0056f767db98bf6d5fd63877ad51fb54d350e9 * Number of Rules: 7 * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance) @@ -217743,7 +217768,7 @@ rule DRAGON_THREAT_LABS_Apt_C16_Win64_Dropper : DROPPER FILE * YARA Rule Set * Repository Name: Microsoft * Repository: https://github.com/mikesxrs/Open-Source-YARA-rules - * Retrieval Date: 2024-12-29 + * Retrieval Date: 2025-01-05 * Git Commit: ec0056f767db98bf6d5fd63877ad51fb54d350e9 * Number of Rules: 21 * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance) @@ -218347,7 +218372,7 @@ rule MICROSOFT_Devilstongue_Hijackdll : FILE * YARA Rule Set * Repository Name: NCSC * Repository: https://github.com/mikesxrs/Open-Source-YARA-rules - * Retrieval Date: 2024-12-29 + * Retrieval Date: 2025-01-05 * Git Commit: ec0056f767db98bf6d5fd63877ad51fb54d350e9 * Number of Rules: 17 * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance) @@ -218818,7 +218843,7 @@ rule NCSC_Sparrowdoor_Sleep_Routine * YARA Rule Set * Repository Name: Dr4k0nia * Repository: https://github.com/dr4k0nia/yara-rules - * Retrieval Date: 2024-12-29 + * Retrieval Date: 2025-01-05 * Git Commit: 4b10f9b79a4cfb3ec9cb5675f32cc7ee6885fbd8 * Number of Rules: 5 * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance) @@ -218999,7 +219024,7 @@ rule DR4K0NIA_Msil_Suspicious_Use_Of_Strreverse : FILE * YARA Rule Set * Repository Name: EmbeeResearch * Repository: https://github.com/embee-research/Yara-detection-rules/ - * Retrieval Date: 2024-12-29 + * Retrieval Date: 2025-01-05 * Git Commit: ac56d6f6fd2a30c8cb6e5c0455d6519210a8b0f4 * Number of Rules: 39 * Skipped: 0 (age), 8 (quality), 0 (score), 0 (importance) @@ -220092,7 +220117,7 @@ rule EMBEERESEARCH_Win_Havoc_Djb2_Hashing_Routine_Oct_2022 : FILE * YARA Rule Set * Repository Name: AvastTI * Repository: https://github.com/avast/ioc - * Retrieval Date: 2024-12-29 + * Retrieval Date: 2025-01-05 * Git Commit: c696ec4bc17b1d41d5585d40ccf476f445b4a3de * Number of Rules: 33 * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance) @@ -220955,7 +220980,7 @@ rule AVASTTI_Cobaltstrike_Beacon_Xored_X64 * YARA Rule Set * Repository Name: SBousseaden * Repository: https://github.com/sbousseaden/YaraHunts/ - * Retrieval Date: 2024-12-29 + * Retrieval Date: 2025-01-05 * Git Commit: 71b27a2a7c57c2aa1877a11d8933167794e2b4fb * Number of Rules: 36 * Skipped: 0 (age), 4 (quality), 0 (score), 0 (importance) @@ -222032,7 +222057,7 @@ rule SBOUSSEADEN_Shad0W_Beacon_16June : FILE * YARA Rule Set * Repository Name: Elceef * Repository: https://github.com/elceef/yara-rulz - * Retrieval Date: 2024-12-29 + * Retrieval Date: 2025-01-05 * Git Commit: 05834717d1464d5efce8ad9d688ff7b53886a0bb * Number of Rules: 17 * Skipped: 0 (age), 1 (quality), 0 (score), 0 (importance) @@ -222532,7 +222557,7 @@ rule ELCEEF_ZIP_High_Ratio_Single_Doc : FILE * YARA Rule Set * Repository Name: GodModeRules * Repository: https://github.com/Neo23x0/god-mode-rules/ - * Retrieval Date: 2024-12-29 + * Retrieval Date: 2025-01-05 * Git Commit: 436dc682164cf17a123d6b09d1424e7e2acf0c25 * Number of Rules: 1 * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance) @@ -222803,7 +222828,7 @@ rule GODMODERULES_IDDQD_God_Mode_Rule * YARA Rule Set * Repository Name: Cod3nym * Repository: https://github.com/cod3nym/detection-rules/ - * Retrieval Date: 2024-12-29 + * Retrieval Date: 2025-01-05 * Git Commit: ad485bff0ce30afb56e367b7f2b76fea81e78fc9 * Number of Rules: 13 * Skipped: 0 (age), 1 (quality), 0 (score), 0 (importance) @@ -223245,7 +223270,7 @@ rule COD3NYM_SUSP_RLO_Exe_Extension_Spoofing_Jan24 * YARA Rule Set * Repository Name: craiu * Repository: https://github.com/craiu/yararules - * Retrieval Date: 2024-12-29 + * Retrieval Date: 2025-01-05 * Git Commit: 23cf0ca22021fa3684e180a18416b9ae1b695243 * Number of Rules: 13 * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance) @@ -224410,7 +224435,7 @@ rule CRAIU_Exploit_CVE_2024_6387 : CVE_2024_6387 FILE * YARA Rule Set * Repository Name: DitekSHen * Repository: https://github.com/ditekshen/detection - * Retrieval Date: 2024-12-29 + * Retrieval Date: 2025-01-05 * Git Commit: e76c93dcdedff04076380ffc60ea54e45b313635 * Number of Rules: 1443 * Skipped: 0 (age), 112 (quality), 0 (score), 0 (importance) @@ -264854,7 +264879,7 @@ rule DITEKSHEN_INDICATOR_RTF_Remotetemplate : CVE_2017_11882 FILE * YARA Rule Set * Repository Name: WithSecureLabs * Repository: https://github.com/WithSecureLabs/iocs - * Retrieval Date: 2024-12-29 + * Retrieval Date: 2025-01-05 * Git Commit: 29adc4b6c2c2850f0f385aec77ab6fc0d7a8f20c * Number of Rules: 5 * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance) @@ -265109,7 +265134,7 @@ rule WITHSECURELABS_Kapeka_Backdoor : FILE * YARA Rule Set * Repository Name: HarfangLab * Repository: https://github.com/HarfangLab/iocs - * Retrieval Date: 2024-12-29 + * Retrieval Date: 2025-01-05 * Git Commit: 8dd8e9296b110ce3fb13bc557a0295dff8c4c357 * Number of Rules: 18 * Skipped: 0 (age), 1 (quality), 0 (score), 0 (importance) @@ -265802,7 +265827,7 @@ rule HARFANGLAB_Custom_Ateraagent_Operator : FILE * YARA Rule Set * Repository Name: LOLDrivers * Repository: https://github.com/magicsword-io/LOLDrivers/ - * Retrieval Date: 2024-12-29 + * Retrieval Date: 2025-01-05 * Git Commit: 23108d3a3a01afb30b93e1fd32d8f0a750159f4c * Number of Rules: 529 * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance) @@ -282362,7 +282387,7 @@ rule LOLDRIVERS_MAL_Driver_Microsoftcorporation_Ndislansys_Microsoftwindowsopera * YARA Rule Set * Repository Name: SEKOIA * Repository: https://github.com/SEKOIA-IO/Community - * Retrieval Date: 2024-12-29 + * Retrieval Date: 2025-01-05 * Git Commit: 476fd01a852246b8aeaa3e4e3a1f8b762c61bbc5 * Number of Rules: 746 * Skipped: 0 (age), 3 (quality), 0 (score), 0 (importance) @@ -305510,7 +305535,7 @@ rule SEKOIA_Rat_Win_Xeno_Rat : FILE * YARA Rule Set * Repository Name: Signature Base * Repository: https://github.com/Neo23x0/signature-base - * Retrieval Date: 2024-12-29 + * Retrieval Date: 2025-01-05 * Git Commit: 7f13b425aac90a00c208de8e3b28751b5aba3c45 * Number of Rules: 4298 * Skipped: 0 (age), 6 (quality), 4 (score), 0 (importance) @@ -321276,7 +321301,7 @@ rule SIGNATURE_BASE_Susp_File_Enumerator_With_Encrypted_Resource_101 : FILE description = "Generic detection for samples that enumerate files with encrypted resource called 101" author = "Kaspersky Lab" id = "9bc16ec2-c94c-54f5-b09c-88a78e9e3fb2" - date = "2024-01-04" + date = "2025-01-04" modified = "2023-12-05" reference = "https://securelist.com/blog/research/77725/from-shamoon-to-stonedrill/" source_url = "https://github.com/Neo23x0/signature-base/blob/7f13b425aac90a00c208de8e3b28751b5aba3c45/yara/apt_stonedrill.yar#L12-L41" @@ -352112,7 +352137,7 @@ rule SIGNATURE_BASE_Crime_Ole_Loadswf_Cve_2018_4878 : PURPORTED_NORTH_KOREAN_ACT description = "Detects CVE-2018-4878" author = "Vitali Kremez, Flashpoint" id = "44797bbc-693b-5fcb-a4a4-4ebf3f4da725" - date = "2024-01-01" + date = "2025-01-01" modified = "2023-12-05" reference = "hxxps://www[.]krcert[.]or[.kr/data/secNoticeView.do?bulletin_writing_sequence=26998" source_url = "https://github.com/Neo23x0/signature-base/blob/7f13b425aac90a00c208de8e3b28751b5aba3c45/yara/crime_ole_loadswf_cve_2018_4878.yar#L2-L31" @@ -373348,7 +373373,7 @@ rule SIGNATURE_BASE_TA17_293A_Energetic_Bear_Api_Hashing_Tool : FILE description = "Energetic Bear API Hashing Tool" author = "CERT RE Team" id = "4e58800a-9618-5d8b-954c-e843be6002c2" - date = "2024-02-29" + date = "2025-02-05" modified = "2023-12-05" reference = "https://github.com/Neo23x0/signature-base" source_url = "https://github.com/Neo23x0/signature-base/blob/7f13b425aac90a00c208de8e3b28751b5aba3c45/yara/apt_ta17_293A.yar#L77-L93"