From 1a1d98d16dad966e0016d445fe9e5b07ad9908ef Mon Sep 17 00:00:00 2001 From: Thomas Stromberg Date: Tue, 9 Jul 2024 15:39:08 -0400 Subject: [PATCH] Update YARAForge rules to 2024-07-07 --- third_party/yara/YARAForge/RELEASE | 2 +- .../yara/YARAForge/yara-rules-full.yar | 8509 +++++++++-------- 2 files changed, 4406 insertions(+), 4105 deletions(-) diff --git a/third_party/yara/YARAForge/RELEASE b/third_party/yara/YARAForge/RELEASE index e88fa6b41..391dc0be0 100644 --- a/third_party/yara/YARAForge/RELEASE +++ b/third_party/yara/YARAForge/RELEASE @@ -1 +1 @@ -20240630 +20240707 diff --git a/third_party/yara/YARAForge/yara-rules-full.yar b/third_party/yara/YARAForge/yara-rules-full.yar index 2f27c6033..8534c41c6 100644 --- a/third_party/yara/YARAForge/yara-rules-full.yar +++ b/third_party/yara/YARAForge/yara-rules-full.yar @@ -12,15 +12,15 @@ * Force Exclude Importance Level: 0 * Minimum Age (in days): 0 * Minimum Score: 40 - * Creation Date: 2024-06-30 - * Number of Rules: 11739 + * Creation Date: 2024-07-07 + * Number of Rules: 11746 * Skipped: 0 (age), 234 (quality), 4 (score), 0 (importance) */ /* * YARA Rule Set * Repository Name: ReversingLabs * Repository: https://github.com/reversinglabs/reversinglabs-yara-rules/ - * Retrieval Date: 2024-06-30 + * Retrieval Date: 2024-07-07 * Git Commit: d35a6845dcd00f2840f690611612b04dda6d195d * Number of Rules: 1208 * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance) @@ -7451,8 +7451,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Oct : TC_DETECTION MALICIOUS MALWARE description = "Yara rule that detects Oct ransomware." author = "ReversingLabs" id = "e811a0ba-52df-5e88-ab71-df91d5cb584a" - date = "2024-10-30" - date = "2024-10-30" + date = "2024-10-07" + date = "2024-10-07" modified = "2021-08-12" reference = "ReversingLabs" source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d35a6845dcd00f2840f690611612b04dda6d195d/yara/ransomware/ByteCode.MSIL.Ransomware.Oct.yara#L1-L68" @@ -7840,8 +7840,8 @@ rule REVERSINGLABS_Win32_Ransomware_ONI : TC_DETECTION MALICIOUS MALWARE FILE description = "Yara rule that detects Oni ransomware." author = "ReversingLabs" id = "9190aee2-1119-546e-82ca-a7aba44a9d7f" - date = "2024-06-30" - date = "2024-06-30" + date = "2024-07-07" + date = "2024-07-07" modified = "2020-12-07" reference = "ReversingLabs" source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d35a6845dcd00f2840f690611612b04dda6d195d/yara/ransomware/Win32.Ransomware.Oni.yara#L1-L82" @@ -31606,8 +31606,8 @@ rule REVERSINGLABS_Linux_Virus_Vit : TC_DETECTION MALICIOUS MALWARE FILE description = "Yara rule that detects Vit virus." author = "ReversingLabs" id = "4515fe43-4c5a-521d-82b7-273823f0c64e" - date = "2024-06-30" - date = "2024-06-30" + date = "2024-07-07" + date = "2024-07-07" modified = "2023-06-07" reference = "ReversingLabs" source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d35a6845dcd00f2840f690611612b04dda6d195d/yara/virus/Linux.Virus.Vit.yara#L3-L36" @@ -55193,9 +55193,9 @@ rule REVERSINGLABS_Cert_Blocklist_08Aa03F385F870E3A6D243B74B1Dadf6 : INFO FILE * YARA Rule Set * Repository Name: Elastic * Repository: https://github.com/elastic/protections-artifacts/ - * Retrieval Date: 2024-06-30 - * Git Commit: 7607ac6ed3bb869356a16d2f7488f6744c68b134 - * Number of Rules: 1763 + * Retrieval Date: 2024-07-07 + * Git Commit: 971c9e2713670f7a00aa78ed2c387ac3afd63a78 + * Number of Rules: 1768 * Skipped: 0 (age), 5 (quality), 0 (score), 0 (importance) * * @@ -55305,8 +55305,8 @@ rule ELASTIC_Linux_Cryptominer_Xpaj_Fdbd614E : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Xpaj.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Xpaj.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "3e2b1b36981713217301dd02db33fb01458b3ff47f28dfdc795d8d1d332f13ea" logic_hash = "70e6450f98411750361481aaad0d3ea079f58b1ae09970f04da09c20137a50fa" score = 75 @@ -55334,8 +55334,8 @@ rule ELASTIC_Windows_Ransomware_Helloxd_0C50F01B : FILE MEMORY date = "2022-06-14" modified = "2022-07-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Helloxd.yar#L1-L26" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Helloxd.yar#L1-L26" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "435781ab608ff908123d9f4758132fa45d459956755d27027a52b8c9e61f9589" logic_hash = "71e09fa1a00fa6f3688129ee2b2a8957b84f64ef51fcba5123a6a9df80a9c7e1" score = 75 @@ -55370,8 +55370,8 @@ rule ELASTIC_Linux_Trojan_Ganiw_99349371 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Ganiw.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Ganiw.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "e8dbb246fdd1a50226a36c407ac90eb44b0cf5e92bf0b92c89218f474f9c2afb" logic_hash = "26160e855c63fc0b73e415de2fe058f2005df1ec5544d21865d022c5474df30c" score = 75 @@ -55399,8 +55399,8 @@ rule ELASTIC_Linux_Trojan_Ganiw_B9F045Aa : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Ganiw.yar#L21-L38" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Ganiw.yar#L21-L38" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "2565101b261bee22ddecf6898ff0ac8a114d09c822d8db26ba3e3571ebe06b12" score = 75 quality = 75 @@ -55427,8 +55427,8 @@ rule ELASTIC_Windows_Ransomware_Magniber_Ea0140A1 : FILE MEMORY date = "2021-08-03" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Magniber.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Magniber.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "a2448b93d7c50801056052fb429d04bcf94a478a0a012191d60e595fed63eec4" logic_hash = "e2c05e2c92444d7bcb2bf68e97f809072d2ccdc8a171214d2e7a498b20d08f90" score = 75 @@ -55456,8 +55456,8 @@ rule ELASTIC_Windows_Ransomware_Magniber_97D7575B : FILE MEMORY date = "2021-08-03" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Magniber.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Magniber.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "a2448b93d7c50801056052fb429d04bcf94a478a0a012191d60e595fed63eec4" logic_hash = "9c85f98aaae28e9e90a94d6ce18389467013ea6b569f46f6acaf26a6c7e027fc" score = 75 @@ -55485,8 +55485,8 @@ rule ELASTIC_Windows_Hacktool_Safetykatz_072B7370 : FILE MEMORY date = "2022-11-20" modified = "2023-01-11" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Hacktool_SafetyKatz.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Hacktool_SafetyKatz.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "89a456943cf6d2b3cd9cdc44f13a23640575435ed49fa754f7ed358c1a3b6ba9" logic_hash = "cedd3ede487371a8e0d29804f2b81ae808c7ad01bd803fa39dc2c50e472cff43" score = 75 @@ -55518,8 +55518,8 @@ rule ELASTIC_Macos_Trojan_Electrorat_B4Dbfd1D : FILE MEMORY date = "2021-09-30" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/MacOS_Trojan_Electrorat.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/MacOS_Trojan_Electrorat.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "b1028b38fcce0d54f2013c89a9c0605ccb316c36c27faf3a35adf435837025a4" logic_hash = "a36143a8c93cb187dba0a88a15550219c19f1483502f782dfefc1e53829cfbf1" score = 75 @@ -55550,8 +55550,8 @@ rule ELASTIC_Windows_Vulndriver_Lha_F72Bff9A : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_VulnDriver_Lha.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_VulnDriver_Lha.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "e75714f8e0ff45605f6fc7689a1a89c7dcd34aab66c6131c63fefaca584539cf" logic_hash = "cea05432b47cf14982bda74476c8c8582068c22fe7dec6468c9756c20412dca2" score = 75 @@ -55580,8 +55580,8 @@ rule ELASTIC_Linux_Exploit_Local_47C64Fb6 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_Local.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_Local.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "0caa9035027ff88788e6b8e43bfc012a367a12148be809555c025942054a6360" logic_hash = "7d977edd5fc90c6f03ed5558c690b3dd2102bbff9d7e5124403276405e15201b" score = 75 @@ -55609,8 +55609,8 @@ rule ELASTIC_Linux_Exploit_Local_76C24B62 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_Local.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_Local.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "330de2ca1add7e06389d94dfc541c367a484394c51663b26d27d89346b08ad1b" logic_hash = "ff55d6a316394812cfa1108578aece91050bfb2f7e0f8c0440dcb64156f3e893" score = 75 @@ -55638,8 +55638,8 @@ rule ELASTIC_Linux_Exploit_Local_30C21B03 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_Local.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_Local.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "a09c81f185a4ceed134406fa7fefdfa7d8dfc10d639dd044c94fbb6d570fa029" logic_hash = "396965c457b2e02d7d524d9d5fb3cc76852895ed9675c7b1205a94f47ba10144" score = 75 @@ -55667,8 +55667,8 @@ rule ELASTIC_Linux_Exploit_Local_9Ace9649 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_Local.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_Local.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "b38869605521531153cfd8077f05e0d6b52dca0fffbc627a4d5eaa84855a491c" logic_hash = "d7a60b0cb7fcbd9e802660bda3e0456f7f4ef9db38b6dab131c160efce48909e" score = 75 @@ -55696,8 +55696,8 @@ rule ELASTIC_Linux_Exploit_Local_705C9589 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_Local.yar#L81-L99" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_Local.yar#L81-L99" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "845727ea46491b46a665d4e1a3a9dbbe6cd0536d070f1c1efd533b91b75cdc88" logic_hash = "9834d564c2acc688750d5e6c53db7c1201ef85c6fb3d1d0ea2425a5ba905ff18" score = 75 @@ -55725,8 +55725,8 @@ rule ELASTIC_Linux_Exploit_Local_A677Fb9C : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_Local.yar#L101-L119" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_Local.yar#L101-L119" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "d20b260c7485173264e3e674adc7563ea3891224a3dc98bdd342ebac4a1349e8" logic_hash = "9b43e651f73d17dbd2143cec4c79929723689ce738924588e38c99a9554e5545" score = 75 @@ -55754,8 +55754,8 @@ rule ELASTIC_Linux_Exploit_Local_78E50162 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_Local.yar#L121-L139" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_Local.yar#L121-L139" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "706c865257d5e1f5f434ae0f31e11dfc7e16423c4c639cb2763ec0f51bc73300" logic_hash = "10a5bef486ec0ececfe0a9edfcad7ce053da2a97028cd1648aa27572fedd8ef6" score = 75 @@ -55783,8 +55783,8 @@ rule ELASTIC_Linux_Exploit_Local_3B767A1F : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_Local.yar#L141-L159" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_Local.yar#L141-L159" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "e05fed9e514cccbdb775f295327d8f8838b73ad12f25e7bb0b9d607ff3d0511c" logic_hash = "0f24a7d4e8ff0899430aa0a702000f35039b07400120b382b675825630f0ea4e" score = 75 @@ -55812,8 +55812,8 @@ rule ELASTIC_Linux_Exploit_Local_2535C9B6 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_Local.yar#L161-L179" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_Local.yar#L161-L179" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "d0f9cc114f6a1f788f36e359e03a9bbf89c075f41aec006229b6ad20ebbfba0b" logic_hash = "222e929d8352ed02714a59b0e1b9777b0f2d80d63cb369fa9bf33460c84efbb2" score = 75 @@ -55841,8 +55841,8 @@ rule ELASTIC_Linux_Exploit_Local_6A9B5D50 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_Local.yar#L181-L199" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_Local.yar#L181-L199" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "80ab71dc9ed2131b08b5b75b5a4a12719d499c6b6ee6819ad5a6626df4a1b862" logic_hash = "99a18bfb62c195bdea89c688fed4456fee33477878ecdee8a78cd4bf18ad539b" score = 75 @@ -55870,8 +55870,8 @@ rule ELASTIC_Linux_Exploit_Local_66557224 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_Local.yar#L201-L219" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_Local.yar#L201-L219" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "f58151a2f653972e744822cdc420ab1c2b8b642877d3dfa2e8b2b6915e8edf40" logic_hash = "5583f086d594ebdf5890a8a5fbee5c04fbddfe42adcae07480532d87e474ef0c" score = 75 @@ -55899,8 +55899,8 @@ rule ELASTIC_Linux_Exploit_Local_6229602F : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_Local.yar#L221-L239" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_Local.yar#L221-L239" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "4fdb15663a405f6fc4379aad9a5021040d7063b8bb82403bedb9578d45d428fa" logic_hash = "c3ab6a36c0c2d430d576f7c0cfdc6d1affcd99d007e2d05596677da9bda5a19e" score = 75 @@ -55928,8 +55928,8 @@ rule ELASTIC_Windows_Trojan_Wikiloader_C57F3F88 : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_WikiLoader.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_WikiLoader.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "0f71b1805d7feb6830b856c5a5328d3a132af4c37fcd747d82beb0f61c77f6f5" logic_hash = "408c6d811232dbd0c87f75fd28508366151cf9f2f10f012919588db1919e406b" score = 75 @@ -55957,8 +55957,8 @@ rule ELASTIC_Windows_Trojan_Wikiloader_99681F1C : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_WikiLoader.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_WikiLoader.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "0b02cfe16ac73f2e7dc52eaf3b93279b7d02b3d64d061782dfed0c55ab621a8e" logic_hash = "fb293d74186e778856780377120ac2ebe9550a508a0b33e706c39f93a5509df8" score = 75 @@ -55986,8 +55986,8 @@ rule ELASTIC_Multi_Trojan_Mythic_4Beb7E17 : FILE MEMORY date = "2023-08-01" modified = "2023-09-20" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Multi_Trojan_Mythic.yar#L1-L28" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Multi_Trojan_Mythic.yar#L1-L28" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "7b3b7bae1763f3c73df206f97065920fa55b973d22c967acb3d26ac8e89e60c7" score = 75 quality = 75 @@ -56024,8 +56024,8 @@ rule ELASTIC_Linux_Trojan_Sysrv_85097F24 : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "17fbc8e10dea69b29093fcf2aa018be4d58fe5462c5a0363a0adde60f448fb26" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Sysrv.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Sysrv.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "96bee8b9b0e9c2afd684582301f9e110fd08fcabaea798bfb6259a4216f69be1" score = 75 quality = 75 @@ -56052,8 +56052,8 @@ rule ELASTIC_Windows_Ransomware_Wannacry_D9855102 : FILE MEMORY date = "2022-08-29" modified = "2022-09-29" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_WannaCry.yar#L1-L26" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_WannaCry.yar#L1-L26" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "0b7878babbaf7c63d808f3ce32c7306cb785fdfb1ceb73be07fb48fdd091fdfb" logic_hash = "5edf6a42c9f20de3819b46f24be243940b79e7e9004fee3d601794ea0b534cf1" score = 75 @@ -56088,8 +56088,8 @@ rule ELASTIC_Windows_Hacktool_Winpeas_Ng_66197D54 : FILE MEMORY date = "2022-12-21" modified = "2023-02-01" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L1-L27" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L1-L27" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "f3e1e5b6fd2d548dfe0af8730b15eb7ef40e128a0777855f569b2a99d6101195" logic_hash = "7bccf37960e2f197bb0021ecb12872f0f715b674d9774d02ec4e396f18963029" score = 75 @@ -56125,8 +56125,8 @@ rule ELASTIC_Windows_Hacktool_Winpeas_Ng_E8Ed269C : FILE MEMORY date = "2022-12-21" modified = "2023-02-01" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L29-L57" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L29-L57" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "f3e1e5b6fd2d548dfe0af8730b15eb7ef40e128a0777855f569b2a99d6101195" logic_hash = "c56b6dfb2c3ae657615c825a4d5d5640c2204fa4217262e1ccb4359d5a914a63" score = 75 @@ -56164,8 +56164,8 @@ rule ELASTIC_Windows_Hacktool_Winpeas_Ng_413Caa6B : FILE MEMORY date = "2022-12-21" modified = "2023-02-01" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L59-L87" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L59-L87" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "f3e1e5b6fd2d548dfe0af8730b15eb7ef40e128a0777855f569b2a99d6101195" logic_hash = "4f2417d61be5e68630408a151cd73372aef9e7f4638acf4e80bfa5b2811119a7" score = 75 @@ -56203,8 +56203,8 @@ rule ELASTIC_Windows_Hacktool_Winpeas_Ng_23Fee092 : FILE MEMORY date = "2022-12-21" modified = "2023-02-01" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L89-L115" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L89-L115" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "f3e1e5b6fd2d548dfe0af8730b15eb7ef40e128a0777855f569b2a99d6101195" logic_hash = "ed019c9198b5d9ff8392bfd7e0b23a7b1383eabce4c71c665a3ca4a943c8b6ee" score = 75 @@ -56240,8 +56240,8 @@ rule ELASTIC_Windows_Hacktool_Winpeas_Ng_861D3264 : FILE MEMORY date = "2022-12-21" modified = "2023-02-01" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L117-L145" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L117-L145" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "f3e1e5b6fd2d548dfe0af8730b15eb7ef40e128a0777855f569b2a99d6101195" logic_hash = "e6a0a0a24c70d69c0aa56063d2db0f5a0fedcda5b96d945ac14520524b1d00fd" score = 75 @@ -56279,8 +56279,8 @@ rule ELASTIC_Windows_Hacktool_Winpeas_Ng_57587F8C : FILE MEMORY date = "2022-12-21" modified = "2023-02-01" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L147-L175" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L147-L175" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "f3e1e5b6fd2d548dfe0af8730b15eb7ef40e128a0777855f569b2a99d6101195" logic_hash = "175b8b6f9fca189f2fc41f1029ad512db2c8b0e52ea04bfbc3d410d355928ab9" score = 75 @@ -56318,8 +56318,8 @@ rule ELASTIC_Windows_Hacktool_Winpeas_Ng_Cae025B1 : FILE MEMORY date = "2022-12-21" modified = "2023-02-01" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L177-L203" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L177-L203" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "f3e1e5b6fd2d548dfe0af8730b15eb7ef40e128a0777855f569b2a99d6101195" logic_hash = "9c34443cffed43513242321e2170484dbb0d41b251aee8ea640d44da76918122" score = 75 @@ -56355,8 +56355,8 @@ rule ELASTIC_Windows_Hacktool_Winpeas_Ng_4A9B9603 : FILE MEMORY date = "2022-12-21" modified = "2023-02-01" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L205-L231" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L205-L231" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "f3e1e5b6fd2d548dfe0af8730b15eb7ef40e128a0777855f569b2a99d6101195" logic_hash = "8d78483b54d3be6988b1f5df826b8709b7aa2045ff3a3e754c359365d053bb27" score = 75 @@ -56392,8 +56392,8 @@ rule ELASTIC_Windows_Hacktool_Winpeas_Ng_4Db2C852 : FILE MEMORY date = "2022-12-21" modified = "2023-02-01" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L233-L261" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L233-L261" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "f3e1e5b6fd2d548dfe0af8730b15eb7ef40e128a0777855f569b2a99d6101195" logic_hash = "88c88103a055d25ba97f08e2f47881001ad8a2200a33ac04246494963dfe6638" score = 75 @@ -56431,8 +56431,8 @@ rule ELASTIC_Windows_Hacktool_Winpeas_Ng_Bcedc8B2 : FILE MEMORY date = "2022-12-21" modified = "2023-02-01" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L263-L291" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L263-L291" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "f3e1e5b6fd2d548dfe0af8730b15eb7ef40e128a0777855f569b2a99d6101195" logic_hash = "7f0a6a9168b5ff7cc02ccadd211cc8096307651be65c2b3e7cc9fdbbde08ab9f" score = 75 @@ -56470,8 +56470,8 @@ rule ELASTIC_Windows_Hacktool_Winpeas_Ng_B6Bb3E7C : FILE MEMORY date = "2022-12-21" modified = "2023-02-01" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L293-L321" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L293-L321" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "f3e1e5b6fd2d548dfe0af8730b15eb7ef40e128a0777855f569b2a99d6101195" logic_hash = "e2eaf91b9c5d3616fb2f6f6bc4b44841b1efa3b4efe7ac72afe225728523af75" score = 75 @@ -56509,8 +56509,8 @@ rule ELASTIC_Windows_Hacktool_Winpeas_Ng_94474B0B : FILE MEMORY date = "2022-12-21" modified = "2023-02-01" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L323-L351" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Hacktool_WinPEAS_ng.yar#L323-L351" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "f3e1e5b6fd2d548dfe0af8730b15eb7ef40e128a0777855f569b2a99d6101195" logic_hash = "e209c9ce1f4b11c5fdeade3298329d62f5cf561403c87077d94b6921e81ffaea" score = 75 @@ -56548,8 +56548,8 @@ rule ELASTIC_Linux_Trojan_Pornoasset_927F314F : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Pornoasset.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Pornoasset.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "d653598df857535c354ba21d96358d4767d6ada137ee32ce5eb4972363b35f93" logic_hash = "7267375346c1628e04c8272c24bde04a5d6ae2b420f64dfe58657cfc3eecc0e7" score = 75 @@ -56577,8 +56577,8 @@ rule ELASTIC_Windows_Hacktool_Phant0M_2D6F9B57 : FILE MEMORY date = "2024-02-28" modified = "2024-03-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Hacktool_Phant0m.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Hacktool_Phant0m.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "30978aadd7d7bc86e735facb5046942792ad1beab6919754e6765e0ccbcf89d6" logic_hash = "a66f8779f77b216f7831617a34c008e4202f36e74f2866c9792cee34b804408d" score = 75 @@ -56611,8 +56611,8 @@ rule ELASTIC_Windows_Trojan_Parallax_D72Ec0E2 : FILE MEMORY date = "2022-09-05" modified = "2022-09-29" reference = "https://www.elastic.co/security-labs/exploring-the-ref2731-intrusion-set" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Parallax.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Parallax.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "6c2c84624912f3b612ae435cf3e8000192a1b168b30205ed4a93b7fab7e336ad" score = 75 quality = 75 @@ -56642,8 +56642,8 @@ rule ELASTIC_Windows_Trojan_Parallax_B4Ea4F1A : FILE MEMORY date = "2022-09-08" modified = "2022-09-29" reference = "https://www.elastic.co/security-labs/exploring-the-ref2731-intrusion-set" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Parallax.yar#L24-L55" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Parallax.yar#L24-L55" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "731fe7bd339ec6b0372b4809004a21f53537bd82f084960b8d018f994dcdc06a" score = 75 quality = 42 @@ -56683,8 +56683,8 @@ rule ELASTIC_Windows_Trojan_Systembc_5E883723 : FILE MEMORY date = "2022-03-22" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_SystemBC.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_SystemBC.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "b432805eb6b2b58dd957481aa8a973be58915c26c04630ce395753c6a5196b14" logic_hash = "fde2e0b5debd4d26838fb245fdf8e5103ab5aab9feff900cbba00c1950adc61a" score = 75 @@ -56717,8 +56717,8 @@ rule ELASTIC_Windows_Trojan_Systembc_C1B58C2F : FILE MEMORY date = "2024-05-02" modified = "2024-05-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_SystemBC.yar#L26-L49" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_SystemBC.yar#L26-L49" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "016fc1db90d9d18fe25ed380606346ef12b886e1db0d80fe58c22da23f6d677d" logic_hash = "16ed14dac0c30500c5e91759b0a1b321f3bd53ae6aab1389a685582eba72c222" score = 75 @@ -56751,8 +56751,8 @@ rule ELASTIC_Linux_Trojan_Ebury_7B13E9B6 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Ebury.yar#L1-L18" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Ebury.yar#L1-L18" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "30d126ffc5b782236663c23734f1eef21e1cc929d549a37bba8e1e7b41321111" score = 75 quality = 75 @@ -56779,8 +56779,8 @@ rule ELASTIC_Windows_Vulndriver_Mhyprot_26214176 : FILE date = "2022-08-25" modified = "2022-08-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_VulnDriver_Mhyprot.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_VulnDriver_Mhyprot.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "509628b6d16d2428031311d7bd2add8d5f5160e9ecc0cd909f1e82bbbb3234d6" logic_hash = "61d1713c689b9d663f2d3360d07735b07ca10365b5ce424b2df726bd6cc434d3" score = 75 @@ -56811,8 +56811,8 @@ rule ELASTIC_Linux_Cryptominer_Minertr_9901E275 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Minertr.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Minertr.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "f77246a93782fd8ee40f12659f41fccc5012a429a8600f332c67a7c2669e4e8f" logic_hash = "a18e0763fe9aec6d89b39cefb872b1751727e2d88ec4733b9c8b443b83219763" score = 75 @@ -56840,8 +56840,8 @@ rule ELASTIC_Macos_Trojan_Fplayer_1C1Fae37 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/MacOS_Trojan_Fplayer.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/MacOS_Trojan_Fplayer.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "f57e651088dee2236328d09705cef5e98461e97d1eb2150c372d00ca7c685725" logic_hash = "0d65717bdbac694ffb2535a1ff584f7ec2aa7b553a08d29113c6e2bd7b2ff1aa" score = 75 @@ -56869,8 +56869,8 @@ rule ELASTIC_Windows_Trojan_Sliver_46525B49 : FILE MEMORY date = "2023-05-09" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Sliver.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Sliver.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "ecce5071c28940a1098aca3124b3f82e0630c4453f4f32e1b91576aac357ac9c" logic_hash = "6e61d82b191a740882bcfeac2f2cf337e19ace7b05784ff041b6af2f79ed8809" score = 75 @@ -56899,8 +56899,8 @@ rule ELASTIC_Windows_Trojan_Sliver_C9Cae357 : FILE MEMORY date = "2023-05-10" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Sliver.yar#L22-L40" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Sliver.yar#L22-L40" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "27210d8d6e16c492c2ee61a59d39c461312f5563221ad4a0917d4e93b699418e" logic_hash = "fea862352981787055961b1171de9b69a9c13d246f434809c8f4416d5c49a0ff" score = 75 @@ -56928,8 +56928,8 @@ rule ELASTIC_Windows_Trojan_Sliver_1Dd6D9C2 : FILE MEMORY date = "2023-05-10" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Sliver.yar#L42-L61" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Sliver.yar#L42-L61" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "dc508a3e9ea093200acfc1ceebebb2b56686f4764fd8c94ab8c58eec7ee85c8b" logic_hash = "5ef70322a6ee3dec609d2881b7624d25bc0297a2e6f43ac60834745e6a258cf3" score = 75 @@ -56958,8 +56958,8 @@ rule ELASTIC_Windows_Trojan_Masslogger_511B001E : FILE MEMORY date = "2022-03-02" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_MassLogger.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_MassLogger.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "177875c756a494872c516000beb6011cec22bd9a73e58ba6b2371dba2ab8c337" logic_hash = "5abac5e32e55467710842e19c25cab5c7f1cdb0f8a68fb6808d54467c69ebdf6" score = 75 @@ -56992,8 +56992,8 @@ rule ELASTIC_Windows_Exploit_Eternalblue_Ead33Bf8 : FILE date = "2021-01-12" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Exploit_Eternalblue.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Exploit_Eternalblue.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "a1340e418c80be58fb6bbb48d4e363de8c6d62ea59730817d5eda6ba17b2c7a7" logic_hash = "4d0ab8bd7ef5b20e656110ac3c78b08803539387cb4fe1425a284d39c42aa199" score = 75 @@ -57021,8 +57021,8 @@ rule ELASTIC_Windows_Trojan_Latrodectus_841Ff697 : FILE MEMORY date = "2024-03-13" modified = "2024-05-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Latrodectus.yar#L1-L26" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Latrodectus.yar#L1-L26" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "aee22a35cbdac3f16c3ed742c0b1bfe9739a13469cf43b36fb2c63565111028c" logic_hash = "aa1a4813a18b4eb4f07e805ff9c87523ad74f59c0ed538212918335eaeee29d7" score = 75 @@ -57057,8 +57057,8 @@ rule ELASTIC_Linux_Trojan_Ladvix_Db41F9D2 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Ladvix.yar#L1-L18" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Ladvix.yar#L1-L18" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "81642b4ff1b6488098f019c5e992fc942916bc6eb593006cf91e878ac41509d6" score = 75 quality = 75 @@ -57085,8 +57085,8 @@ rule ELASTIC_Linux_Trojan_Ladvix_77D184Fd : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Ladvix.yar#L20-L38" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Ladvix.yar#L20-L38" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "1bb44b567b3c82f7ee0e08b16f7326d1af57efe77d608a96b2df43aab5faa9f7" logic_hash = "0ae9c41d3eb7964344f71b9708278a0e83776228e4455cf0ad7c08e288305203" score = 75 @@ -57114,8 +57114,8 @@ rule ELASTIC_Linux_Trojan_Ladvix_C9888Edb : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Ladvix.yar#L40-L58" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Ladvix.yar#L40-L58" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "1d798e9f15645de89d73e2c9d142189d2eaf81f94ecf247876b0b865be081dca" logic_hash = "608f2340b0ee4b843933d8137aa0908583a6de477e6c472fb4bd2e5bb62dfb80" score = 75 @@ -57143,8 +57143,8 @@ rule ELASTIC_Linux_Trojan_Ladvix_81Fccd74 : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "2a183f613fca5ec30dfd82c9abf72ab88a2c57d2dd6f6483375913f81aa1c5af" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Ladvix.yar#L60-L78" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Ladvix.yar#L60-L78" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "18f7ca953d22f02c1dbf03595a19b66ea582d2c1623f0042dcf15f86556ca41e" score = 75 quality = 75 @@ -57171,8 +57171,8 @@ rule ELASTIC_Windows_Vulndriver_Winio_C9Cc6D00 : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_VulnDriver_WinIo.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_VulnDriver_WinIo.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "e1980c6592e6d2d92c1a65acad8f1071b6a404097bb6fcce494f3c8ac31385cf" logic_hash = "4b6a78c2c807cf1f569ae9bc275d42d9c895efba7a2d64fec0652e3cb163d553" score = 75 @@ -57200,8 +57200,8 @@ rule ELASTIC_Windows_Vulndriver_Winio_B0F21A70 : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_VulnDriver_WinIo.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_VulnDriver_WinIo.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "9fc29480407e5179aa8ea41682409b4ea33f1a42026277613d6484e5419de374" logic_hash = "c82d95e805898f9a9a1ffccb483e506df0a53dc420068314e7c724e4947f3572" score = 75 @@ -57229,8 +57229,8 @@ rule ELASTIC_Windows_Vulndriver_Iobitunlocker_Defb90Fd : FILE date = "2023-07-25" modified = "2023-07-25" reference = "https://theevilbit.github.io/posts/iobit_unlocker_lpe/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_VulnDriver_IoBitUnlocker.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_VulnDriver_IoBitUnlocker.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "0aff83f28d70f425539fee3d6a780210d0406264f8a4eb124e32b074e8ffd556" hash = "5ce1a8eac73ef1d0741f34d9fb2661da322117a63bffe60ccad092da89664c42" logic_hash = "4b0f440c66b7c9a193f0d6675c2a4246036ebc5c0c83856f45ec40a041e9cd07" @@ -57263,8 +57263,8 @@ rule ELASTIC_Windows_Trojan_Bazar_711D59F6 : FILE MEMORY date = "2021-06-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Bazar.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Bazar.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "f29253139dab900b763ef436931213387dc92e860b9d3abb7dcd46040ac28a0e" logic_hash = "3bde62b468c44bdc18878fd369a7f0cf06f7be64149587a11524f725fa875f69" score = 75 @@ -57292,8 +57292,8 @@ rule ELASTIC_Windows_Trojan_Bazar_9Dddea36 : FILE MEMORY date = "2021-06-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Bazar.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Bazar.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "63df43daa61f9a0fbea2e5409b8f0063f7af3363b6bc8d6984ce7e90c264727d" logic_hash = "cf88e2e896fce742ad3325d53523167d6eb42188309ed4e66f73601bbb85574e" score = 75 @@ -57321,8 +57321,8 @@ rule ELASTIC_Windows_Trojan_Bazar_3A2Cc53B : FILE MEMORY date = "2021-06-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Bazar.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Bazar.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "b057eb94e711995fd5fd6c57aa38a243575521b11b98734359658a7a9829b417" logic_hash = "8cde37be646dbcf7e7f5e3f28f0fe8c95480861c62fa2ee8cdd990859313756c" score = 75 @@ -57350,8 +57350,8 @@ rule ELASTIC_Windows_Trojan_Bazar_De8D625A : FILE MEMORY date = "2022-01-14" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Bazar.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Bazar.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "1ad9ac4785b82c8bfa355c7343b9afc7b1f163471c41671ea2f9152a1b550f0c" logic_hash = "5fd7bb4ac818ec1b4bfcb7d236868a31b2f726182407c07c7f06c1d7e9c15d02" score = 75 @@ -57379,8 +57379,8 @@ rule ELASTIC_Windows_Generic_Threat_Bc6Ae28D : FILE MEMORY date = "2023-12-01" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "ce00873eb423c0259c18157a07bf7fd9b07333e528a5b9d48be79194310c9d97" logic_hash = "0ca5ec945858a5238eac048520dea4597f706ad2c96be322d341c84c4ddbce33" score = 75 @@ -57408,8 +57408,8 @@ rule ELASTIC_Windows_Generic_Threat_Ce98C4Bc : FILE MEMORY date = "2023-12-17" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L21-L40" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L21-L40" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "950e8a29f516ef3cf1a81501e97fbbbedb289ad9fb93352edb563f749378da35" logic_hash = "74914f41c03cb2dcb1dc3175cc76574a0d40b66a1a3854af8f50c9858704b66b" score = 75 @@ -57438,8 +57438,8 @@ rule ELASTIC_Windows_Generic_Threat_0Cc1481E : FILE MEMORY date = "2023-12-17" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L42-L60" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L42-L60" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "6ec7781e472a6827c1406a53ed4699407659bd57c33dd4ab51cabfe8ece6f23f" logic_hash = "1a094cf337cb85aa4b7d1d2025571ab0661a7be1fd03d53d8c7370a90385f38c" score = 75 @@ -57467,8 +57467,8 @@ rule ELASTIC_Windows_Generic_Threat_2507C37C : FILE MEMORY date = "2023-12-18" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L62-L80" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L62-L80" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "04296258f054a958f0fd013b3c6a3435280b28e9a27541463e6fc9afe30363cc" logic_hash = "8c5ea1290260993ea5140baa4645f3fd0ebb4d43fce0e9a25f8e8948e683aec1" score = 75 @@ -57496,8 +57496,8 @@ rule ELASTIC_Windows_Generic_Threat_E052D248 : FILE MEMORY date = "2023-12-18" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L82-L100" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L82-L100" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "ed2bbc0d120665044aacb089d8c99d7c946b54d1b08a078aebbb3b91f593da6e" logic_hash = "1a16ce6d1c6707560425156e625ad19a82315564b3f03adafbcc3e65b0e98a6d" score = 75 @@ -57525,8 +57525,8 @@ rule ELASTIC_Windows_Generic_Threat_2Bb7Fbe3 : FILE MEMORY date = "2023-12-18" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L102-L120" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L102-L120" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "65cc8704c0e431589d196eadb0ac8a19151631c8d4ab7375d7cb18f7b763ba7b" logic_hash = "36e1ab766e09e8d06b9179f67a1cb842ba257f140610964a941fb462ed3e803c" score = 75 @@ -57554,8 +57554,8 @@ rule ELASTIC_Windows_Generic_Threat_994F2330 : FILE MEMORY date = "2023-12-18" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L122-L140" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L122-L140" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "0a30cb09c480a2659b6f989ac9fe1bfba1802ae3aad98fa5db7cdd146fee3916" logic_hash = "ace99deae7f5faa22f273ec4fe45ef07f03acd1ae4d9c0f18687ef6cf5b560c2" score = 75 @@ -57583,8 +57583,8 @@ rule ELASTIC_Windows_Generic_Threat_Bf7Aae24 : FILE MEMORY date = "2023-12-18" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L142-L160" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L142-L160" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "6dfc63894f15fc137e27516f2d2a56514c51f25b41b00583123142cf50645e4e" logic_hash = "b6dfa6f4c46bddd643f2f89f6275404c19fd4ed1bbae561029fffa884e99e167" score = 75 @@ -57612,8 +57612,8 @@ rule ELASTIC_Windows_Generic_Threat_D542E5A5 : FILE MEMORY date = "2023-12-18" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L162-L180" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L162-L180" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "3fc4ae7115e0bfa3fc6b75dcff867e7bf9ade9c7f558f31916359d37d001901b" logic_hash = "3c16c02d4fc6e019f0ab0ff4daad61f59275afd8fb3ee263b1b59876233a686e" score = 75 @@ -57641,8 +57641,8 @@ rule ELASTIC_Windows_Generic_Threat_8D10790B : FILE MEMORY date = "2023-12-18" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L182-L200" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L182-L200" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "911535923a5451c10239e20e7130d371e8ee37172e0f14fc8cf224d41f7f4c0f" logic_hash = "84c017abbce1c8702efbe8657e5a857ae222721b0db2260dc814652f4528df26" score = 75 @@ -57670,8 +57670,8 @@ rule ELASTIC_Windows_Generic_Threat_347F9F54 : FILE MEMORY date = "2023-12-18" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L202-L220" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L202-L220" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "45a051651ce1edddd33ecef09bb0fbb978adec9044e64f786b13ed81cabf6a3f" logic_hash = "63df388393a45ffec68ba01ae6d7707b6d5277e0162ded6e631c1f76ad76b711" score = 75 @@ -57699,8 +57699,8 @@ rule ELASTIC_Windows_Generic_Threat_20469956 : FILE MEMORY date = "2023-12-18" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L222-L240" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L222-L240" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "a1f2923f68f5963499a64bfd0affe0a729f5e7bd6bcccfb9bed1d62831a93c47" logic_hash = "da351bec0039a32bb9de1d8623ab3dc26eb752d30a64e613de96f70e1b1c2463" score = 75 @@ -57728,8 +57728,8 @@ rule ELASTIC_Windows_Generic_Threat_742E8A70 : FILE MEMORY date = "2023-12-18" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L242-L260" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L242-L260" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "94f7678be47651aa457256375f3e4d362ae681a9524388c97dc9ed34ba881090" logic_hash = "2925eb8da80ef791b5cf7800a9bf9462203ab6aa743bc69f4fd2343e97eaab7c" score = 75 @@ -57757,8 +57757,8 @@ rule ELASTIC_Windows_Generic_Threat_79174B5C : FILE MEMORY date = "2023-12-18" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L262-L280" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L262-L280" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "c15118230059e85e7a6b65fe1c0ceee8997a3d4e9f1966c8340017a41e0c254c" logic_hash = "06a2f0613719f1273a6b3f62f248c22b1cab2fe6054904619e3720f3f6c55e2e" score = 75 @@ -57786,8 +57786,8 @@ rule ELASTIC_Windows_Generic_Threat_232B71A9 : FILE MEMORY date = "2023-12-20" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L282-L300" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L282-L300" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "1e8b34da2d675af96b34041d4e493e34139fc8779f806dbcf62a6c9c4d9980fe" logic_hash = "c3bef1509c0d0172dbbc7e0e2b5c69e5ec47dc22365d98a914002b53b0f7d918" score = 75 @@ -57815,8 +57815,8 @@ rule ELASTIC_Windows_Generic_Threat_D331D190 : FILE MEMORY date = "2023-12-20" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L302-L320" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L302-L320" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "6d869d320d977f83aa3f0e7719967c7e54c1bdae9ae3729668d755ee3397a96f" logic_hash = "901601c892d709fa596c44df1fbe7772a9f20576c71666570713bf96727a809b" score = 75 @@ -57844,8 +57844,8 @@ rule ELASTIC_Windows_Generic_Threat_24191082 : FILE MEMORY date = "2023-12-20" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L322-L340" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L322-L340" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "4d20878c16d2b401e76d8e7c288cf8ef5aa3c8d4865f440ee6b44d9f3d0cbf33" logic_hash = "a5ea76032a9c189f923d91cd03deb44bd61868e5ad6081afe63249156cbd8927" score = 75 @@ -57873,8 +57873,8 @@ rule ELASTIC_Windows_Generic_Threat_Efdb9E81 : FILE MEMORY date = "2024-01-01" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L342-L361" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L342-L361" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "1c3302b14324c9f4e07829f41cd767ec654db18ff330933c6544c46bd19e89dd" logic_hash = "eae78b07f6c31e3a30ae041a27c67553bb8ea915bc7724583d78832475021955" score = 75 @@ -57903,8 +57903,8 @@ rule ELASTIC_Windows_Generic_Threat_34622A35 : FILE MEMORY date = "2024-01-01" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L363-L381" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L363-L381" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "c021c6adca0ddf38563a13066a652e4d97726175983854674b8dae2f6e59c83f" logic_hash = "2b49bd5d3a18307a46f44d9dfeea858ddaa6084f86f96b83b874cee7603e1c11" score = 75 @@ -57932,8 +57932,8 @@ rule ELASTIC_Windows_Generic_Threat_0Ff403Df : FILE MEMORY date = "2024-01-01" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L383-L401" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L383-L401" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "b3119dc4cea05bef51d1f373b87d69bcff514f6575d4c92da4b1c557f8d8db8f" logic_hash = "38bdd9b6f61ab4bb13abc7af94e92151928df95ade061756611218104e7245fd" score = 75 @@ -57961,8 +57961,8 @@ rule ELASTIC_Windows_Generic_Threat_B1F6F662 : FILE MEMORY date = "2024-01-01" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L403-L423" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L403-L423" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "1b7eaef3cf1bb8021a00df092c829932cccac333990db1c5dac6558a5d906400" logic_hash = "e52ff1eaee00334e1a07367bf88f3907bb0b13035717683d9d98371b92bc45c0" score = 75 @@ -57992,8 +57992,8 @@ rule ELASTIC_Windows_Generic_Threat_2C80562D : FILE MEMORY date = "2024-01-01" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L425-L445" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L425-L445" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "ee8decf1e8e5a927e3a6c10e88093bb4b7708c3fd542d98d43f1a882c6b0198e" logic_hash = "07487ae646ac81b94f940c8d3493dbee023bce687297465fe09375f40dff0fb2" score = 75 @@ -58023,8 +58023,8 @@ rule ELASTIC_Windows_Generic_Threat_E96F9E97 : FILE MEMORY date = "2024-01-01" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L447-L465" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L447-L465" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "bfbab69e9fc517bc46ae88afd0603a498a4c77409e83466d05db2797234ea7fc" logic_hash = "1dcf81b8982425ff74107b899e85e2432f0464554e923f85a7555cda65293b54" score = 75 @@ -58052,8 +58052,8 @@ rule ELASTIC_Windows_Generic_Threat_005Fd471 : FILE MEMORY date = "2024-01-01" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L467-L487" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L467-L487" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "502814ed565a923da15626d46fde8cc7fd422790e32b3cad973ed8ec8602b228" logic_hash = "10493253a6b2ce3141ee980e0607bdbba72580bb4a076f2f4636e9665ffc6db8" score = 75 @@ -58083,8 +58083,8 @@ rule ELASTIC_Windows_Generic_Threat_54B0Ec47 : FILE MEMORY date = "2024-01-03" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L489-L508" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L489-L508" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "9c14203069ff6003e7f408bed71e75394de7a6c1451266c59c5639360bf5718c" logic_hash = "e3d74162a8874fe05042fec98d25b8db50e7f537566fd9f4e40f92bfe868259a" score = 75 @@ -58113,8 +58113,8 @@ rule ELASTIC_Windows_Generic_Threat_Acf6222B : FILE MEMORY date = "2024-01-03" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L510-L528" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L510-L528" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "ce0def96be08193ab96817ce1279e8406746a76cfcf4bf44e394920d7acbcaa6" logic_hash = "a284b6c163dbc022bd36f19fbc1d7ff70143bee566328ad23e7b8b79abd39e91" score = 75 @@ -58142,8 +58142,8 @@ rule ELASTIC_Windows_Generic_Threat_5E718A0C : FILE MEMORY date = "2024-01-03" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L530-L548" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L530-L548" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "430b9369b779208bd3976bd2adc3e63d3f71e5edfea30490e6e93040c1b3bac6" logic_hash = "45068afeda7abae0fe922a21f8f768b6c74a6e0f8e9e8b1f68c3ddf92940bf9a" score = 75 @@ -58171,8 +58171,8 @@ rule ELASTIC_Windows_Generic_Threat_Fac6D993 : FILE MEMORY date = "2024-01-03" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L550-L568" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L550-L568" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "f3e7c88e72cf0c1f4cbee588972fc1434065f7cc9bd95d52379bade1b8520278" logic_hash = "3486793324dbe43c908432e1956bbbdb870beb4641da46b3786581fd3e78811a" score = 75 @@ -58200,8 +58200,8 @@ rule ELASTIC_Windows_Generic_Threat_E7Eaa4Ca : FILE MEMORY date = "2024-01-04" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L570-L587" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L570-L587" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "600da0c88dc0606e05f60ecd3b9a90469eef8ac7a702ef800c833f7fd17eb13e" score = 75 quality = 75 @@ -58228,8 +58228,8 @@ rule ELASTIC_Windows_Generic_Threat_97703189 : FILE MEMORY date = "2024-01-04" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L589-L607" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L589-L607" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "968ba3112c54f3437b9abb6137f633d919d75137d790af074df40a346891cfb5" logic_hash = "318bc82d49e9a3467ec0e0086aaf1092d2aa7c589b5f16ce6fbb3778eda7ef0b" score = 75 @@ -58257,8 +58257,8 @@ rule ELASTIC_Windows_Generic_Threat_Ca0686E1 : FILE MEMORY date = "2024-01-05" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L609-L627" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L609-L627" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "15c7ce1bc55549efc86dea74a90f42fb4665fe15b14f760037897c772159a5b5" logic_hash = "12b2ff66d1be6e2d27f24489b389b5c84660921e8de41653b2b425077cc87669" score = 75 @@ -58286,8 +58286,8 @@ rule ELASTIC_Windows_Generic_Threat_97C1A260 : FILE MEMORY date = "2024-01-07" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L629-L647" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L629-L647" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "2cc85ebb1ef07948b1ddf1a793809b76ee61d78c07b8bf6e702c9b17346a20f1" logic_hash = "5bd84cbdd4ba699c9e9d87e684071342b23138538bd83ffea8c524fcee26a59b" score = 75 @@ -58315,8 +58315,8 @@ rule ELASTIC_Windows_Generic_Threat_A440F624 : FILE MEMORY date = "2024-01-07" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L649-L668" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L649-L668" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "3564fec3d47dfafc7e9c662654865aed74aedeac7371af8a77e573ea92cbd072" logic_hash = "23c759a0db5698b28a69232077a6b714f71e8eaa069d2f02a7d3efc48b178a2b" score = 75 @@ -58345,8 +58345,8 @@ rule ELASTIC_Windows_Generic_Threat_B577C086 : FILE MEMORY date = "2024-01-07" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L670-L688" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L670-L688" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "27dd61d4d9997738e63e813f8b8ea9d5cf1291eb02d20d1a2ad75ac8aa99459c" logic_hash = "a7684340171415ee01e855706192cdffcccd6c82362707229b2c1d096f87dfa8" score = 75 @@ -58374,8 +58374,8 @@ rule ELASTIC_Windows_Generic_Threat_62E1F5Fc : FILE MEMORY date = "2024-01-07" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L690-L710" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L690-L710" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "4a692e244a389af0339de8c2d429b541d6d763afb0a2b1bb20bee879330f2f42" logic_hash = "76e21746ee396f13073b3db1e876246f01cef547d312691dff3dc895ea3a2b82" score = 75 @@ -58405,8 +58405,8 @@ rule ELASTIC_Windows_Generic_Threat_55D6A1Ab : FILE MEMORY date = "2024-01-07" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L712-L731" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L712-L731" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "1ca6ed610479b5aaaf193a2afed8f2ca1e32c0c5550a195d88f689caab60c6fb" logic_hash = "4f3a0b2e45ae4e6a00f137798b700a0925fa6eb19ea6b871d7eeb565548888ba" score = 75 @@ -58435,8 +58435,8 @@ rule ELASTIC_Windows_Generic_Threat_F7D3Cdfd : FILE MEMORY date = "2024-01-07" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L733-L751" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L733-L751" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "f9df83d0b0e06884cdb4a02cd2091ee1fadeabb2ea16ca34cbfef4129ede251f" logic_hash = "23e1008f222eb94a4bd34372834924377e813dc76efa8544b0dcbe7d3e3addde" score = 75 @@ -58464,8 +58464,8 @@ rule ELASTIC_Windows_Generic_Threat_0350Ed31 : FILE MEMORY date = "2024-01-07" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L753-L771" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L753-L771" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "008f9352765d1b3360726363e3e179b527a566bc59acecea06bd16eb16b66c5d" logic_hash = "149dd26466f47b2e7f514bdcc9822470334490da2898840f35fe6b537ce104f6" score = 75 @@ -58493,8 +58493,8 @@ rule ELASTIC_Windows_Generic_Threat_A1Cef0Cd : FILE MEMORY date = "2024-01-08" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L773-L791" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L773-L791" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "71f519c6bd598e17e1298d247a4ad37b78685ca6fd423d560d397d34d16b7db8" logic_hash = "2772906e3a8a088e7c6ea1370af5e5bbe2cbae4f49de9b939524e317be8ddde4" score = 75 @@ -58522,8 +58522,8 @@ rule ELASTIC_Windows_Generic_Threat_E5F4703F : FILE MEMORY date = "2024-01-09" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L793-L811" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L793-L811" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "362bda1fad3fefce7d173617909d3c1a0a8e234e22caf3215ee7c6cef6b2743b" logic_hash = "f81476d5e5a9bcb42b32d6ec3d4b620165f2878c50691ecf59ef6f34b6ad9d1b" score = 75 @@ -58551,8 +58551,8 @@ rule ELASTIC_Windows_Generic_Threat_8B790Aba : FILE MEMORY date = "2024-01-09" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L813-L832" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L813-L832" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "ec98bfff01d384bdff6bbbc5e17620b31fa57c662516157fd476ef587b8d239e" logic_hash = "8a0b2af3d0c95466ca138dfcc3d6f6a702ec92f5cd4f791b1200c79ffd973840" score = 75 @@ -58581,8 +58581,8 @@ rule ELASTIC_Windows_Generic_Threat_76A7579F : FILE MEMORY date = "2024-01-09" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L834-L852" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L834-L852" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "76c73934bcff7e4ee08b068d1e02b8f5c22161262d127de2b4ac2e81d09d84f6" logic_hash = "08ed2d318e7154195911aaf3705626307b48a54aa195eaa054ec53766d3e198d" score = 75 @@ -58610,8 +58610,8 @@ rule ELASTIC_Windows_Generic_Threat_3F060B9C : FILE MEMORY date = "2024-01-10" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L854-L872" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L854-L872" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "32e7a40b13ddbf9fc73bd12c234336b1ae11e2f39476de99ebacd7bbfd22fba0" logic_hash = "193583f63f22452f96c8372fdc9ef04e2a684f847564a7fe75145ea30d426901" score = 75 @@ -58639,8 +58639,8 @@ rule ELASTIC_Windows_Generic_Threat_Dbae6542 : FILE MEMORY date = "2024-01-10" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L874-L892" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L874-L892" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "c73f533f96ed894b9ff717da195083a594673e218ee9a269e360353b9c9a0283" logic_hash = "673c6b4e6aaa127d45b21d0283437000fbc507a84ecd7a326448869d63759aee" score = 75 @@ -58668,8 +58668,8 @@ rule ELASTIC_Windows_Generic_Threat_808F680E : FILE MEMORY date = "2024-01-10" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L894-L912" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L894-L912" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "df6955522532e365239b94e9d834ff5eeeb354eec3e3672c48be88725849ac1c" logic_hash = "22d91a87c01b401d4a203fbabb93a9b45fd6d8819125c56d9c427449b06d2f84" score = 75 @@ -58697,8 +58697,8 @@ rule ELASTIC_Windows_Generic_Threat_073909Cf : FILE MEMORY date = "2024-01-10" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L914-L932" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L914-L932" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "89a6dc518c119b39252889632bd18d9dfdae687f7621310fb14b684d2f85dad8" logic_hash = "5b42a74010549c884ff85a67b9add6b82a8109a953473cc1439581976f8f545e" score = 75 @@ -58726,8 +58726,8 @@ rule ELASTIC_Windows_Generic_Threat_820Fe9C9 : FILE MEMORY date = "2024-01-11" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L934-L952" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L934-L952" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "1102a499b8a863bdbfd978a1d17270990e6b7fe60ce54b9dd17492234aad2f8c" logic_hash = "81a1359bd5781e1eefb6ae06c6b2ad9e94cc6318c1f81f84c06f0b236b6e84d1" score = 75 @@ -58755,8 +58755,8 @@ rule ELASTIC_Windows_Generic_Threat_89Efd1B4 : FILE MEMORY date = "2024-01-11" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L954-L972" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L954-L972" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "937c8bc3c89bb9c05b2cb859c4bf0f47020917a309bbadca36236434c8cdc8b9" logic_hash = "49a7875fd9c31c5c9b593aed75a28fadb586294422b75c7a8eeba2e8ff254753" score = 75 @@ -58784,8 +58784,8 @@ rule ELASTIC_Windows_Generic_Threat_61315534 : FILE MEMORY date = "2024-01-11" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L974-L992" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L974-L992" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "819447ca71080f083b1061ed6e333bd9ef816abd5b0dd0b5e6a58511ab1ce8b9" logic_hash = "0fdfe3bb6ebdaac4324a45dac8680f00684d0030419f26f3f72ed002bf5a2a34" score = 75 @@ -58813,8 +58813,8 @@ rule ELASTIC_Windows_Generic_Threat_Eab96Cf2 : FILE MEMORY date = "2024-01-11" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L994-L1012" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L994-L1012" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "2be8a2c524f1fb2acb2af92bc56eb9377c4e16923a06f5ac2373811041ea7982" logic_hash = "cc1dfc2c9c5e1fbc6282342dfbf3a6c834fa56fb6fc46569a24fa78535c5845f" score = 75 @@ -58842,8 +58842,8 @@ rule ELASTIC_Windows_Generic_Threat_11A56097 : FILE MEMORY date = "2024-01-12" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L1014-L1033" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L1014-L1033" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "98d538c8f074d831b7a91e549e78f6549db5d2c53a10dbe82209d15d1c2e9b56" logic_hash = "42f955c079752c787ac70682bc41fa31f3196d30051d7032276a0d4279d59d58" score = 75 @@ -58872,8 +58872,8 @@ rule ELASTIC_Windows_Generic_Threat_F3Bef434 : FILE MEMORY date = "2024-01-12" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L1035-L1053" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L1035-L1053" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "98d538c8f074d831b7a91e549e78f6549db5d2c53a10dbe82209d15d1c2e9b56" logic_hash = "efba0e1fbe6562a9aeaac23b851c31350e4ac6551e505be4986bddade92ca303" score = 75 @@ -58901,8 +58901,8 @@ rule ELASTIC_Windows_Generic_Threat_C6F131C5 : FILE MEMORY date = "2024-01-12" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L1055-L1073" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L1055-L1073" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "247314baaaa993b8db9de7ef0e2998030f13b99d6fd0e17ffd59e31a8d17747a" logic_hash = "5702a77fee0cd564916abdbfedf76d069bb7a5b6de0c4623150991d52dc02e42" score = 75 @@ -58930,8 +58930,8 @@ rule ELASTIC_Windows_Generic_Threat_B2A054F8 : FILE MEMORY date = "2024-01-12" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L1075-L1095" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L1075-L1095" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "63d2478a5db820731a48a7ad5a20d7a4deca35c6b865a17de86248bef7a64da7" logic_hash = "f64b1666f78646322a4c37dc887d8fcfdb275b0bca812e360579cefd9e323c02" score = 75 @@ -58961,8 +58961,8 @@ rule ELASTIC_Windows_Generic_Threat_Fcab7E76 : FILE MEMORY date = "2024-01-12" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L1097-L1115" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L1097-L1115" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "67d7e016e401bd5d435eecaa9e8ead341aed2f373a1179069f53b64bda3f1f56" logic_hash = "90f50d1227b8e462eaa393690dc2b25601444bf80f2108445a0413bff6bedae8" score = 75 @@ -58990,8 +58990,8 @@ rule ELASTIC_Windows_Generic_Threat_90E4F085 : FILE MEMORY date = "2024-01-12" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L1117-L1137" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L1117-L1137" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "1a6a290d98f5957d00756fc55187c78030de7031544a981fd2bb4cfeae732168" logic_hash = "2afeae6de965ae155914dcedbfe375327a9fca3b42733c23360dd4fddfcc8a3d" score = 75 @@ -59021,8 +59021,8 @@ rule ELASTIC_Windows_Generic_Threat_04A9C177 : FILE MEMORY date = "2024-01-12" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L1139-L1157" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L1139-L1157" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "0cccdde4dcc8916fb6399c181722eb0da2775d86146ce3cb3fc7f8cf6cd67c29" logic_hash = "ca7cf71228b1e13ec05c62cd9924ea5089fdf903d8ea4a5151866996ea81e01e" score = 75 @@ -59050,8 +59050,8 @@ rule ELASTIC_Windows_Generic_Threat_45D1E986 : FILE MEMORY date = "2024-01-12" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L1159-L1177" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L1159-L1177" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "fd159cf2f9bd48b0f6f5958eef8af8feede2bcbbea035a7e56ce1ff72d3f47eb" logic_hash = "d53a4d189b9a49f9b6477e12bce0d41e62827306d1df79e6494ab67669d84f35" score = 75 @@ -59079,8 +59079,8 @@ rule ELASTIC_Windows_Generic_Threat_83C38E63 : FILE MEMORY date = "2024-01-12" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L1179-L1198" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L1179-L1198" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "2121a0e5debcfeedf200d7473030062bc9f5fbd5edfdcd464dfedde272ff1ae7" logic_hash = "89d4036290a29b372918205bba85698d6343109503766cbb13999b5177fc3152" score = 75 @@ -59109,8 +59109,8 @@ rule ELASTIC_Windows_Generic_Threat_Bd24Be68 : FILE MEMORY date = "2024-01-12" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L1200-L1218" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L1200-L1218" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "fd159cf2f9bd48b0f6f5958eef8af8feede2bcbbea035a7e56ce1ff72d3f47eb" logic_hash = "8536593696930d03f1e62586886f0df5438d13fb796b4605df7ad67d9633d5f9" score = 75 @@ -59138,8 +59138,8 @@ rule ELASTIC_Windows_Generic_Threat_A0C7B402 : FILE MEMORY date = "2024-01-16" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L1220-L1238" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L1220-L1238" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "5814d7712304800d92487b8e1108d20ad7b44f48910b1fb0a99e9b36baa4333a" logic_hash = "d0aa75debbefb301b9fc46ceca4944ae8c4b009118214a9589440b59089b853e" score = 75 @@ -59167,8 +59167,8 @@ rule ELASTIC_Windows_Generic_Threat_42B3E0D7 : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L1240-L1258" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L1240-L1258" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "99ad416b155970fda383a63fe61de2e4d0254e9c9e09564e17938e8e2b49b5b7" logic_hash = "58b4c667b6d796f4525afeb706394f593d03393e3a48e2a0b7664f121e6a78fe" score = 75 @@ -59196,8 +59196,8 @@ rule ELASTIC_Windows_Generic_Threat_66142106 : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L1260-L1278" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L1260-L1278" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "cd164a65fb2a496ad7b54c782f25fbfca0540d46d2c0d6b098d7be516c4ce021" logic_hash = "bf5d8db3ed6d2abc3158b04e904351250bf17a6d766e31769b3c5a6e534165b0" score = 75 @@ -59225,8 +59225,8 @@ rule ELASTIC_Windows_Generic_Threat_51A1D82B : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L1280-L1298" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L1280-L1298" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "1a7adde856991fa25fac79048461102fba58cda9492d4f5203b817d767a81018" logic_hash = "2d6b0560e1980deb6aad8e0902d065eeda406506b70bb8bb27c7fa58be9842f8" score = 75 @@ -59254,8 +59254,8 @@ rule ELASTIC_Windows_Generic_Threat_Dee3B4Bf : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L1300-L1318" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L1300-L1318" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "c7f4b63fa5c7386d6444c0d0428a8fe328446efcef5fda93821f05e86efd2fba" logic_hash = "cfd7f9250ab44ffe12b62f84ae753032642d9aa2524d88a6d4d989a2afa043a3" score = 75 @@ -59283,8 +59283,8 @@ rule ELASTIC_Windows_Generic_Threat_Fdbcd3F2 : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L1320-L1338" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L1320-L1338" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "9258e4fe077be21ad7ae348868f1ac6226f6e9d404c664025006ab4b64222369" logic_hash = "ca9136ca44a61795cca44ac9bb0494fdc34c08d6578603ba3be3582956f4a98f" score = 75 @@ -59312,8 +59312,8 @@ rule ELASTIC_Windows_Generic_Threat_B7852Ccf : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L1340-L1360" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L1340-L1360" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "5ac70fa959be4ee37c0c56f0dd04061a5fed78fcbde21b8449fc93e44a8c133a" logic_hash = "4d5c29cceaacfda0c41bcd13cf95e90397b1b6c0c6beeb19b9184f435c8669b9" score = 75 @@ -59343,8 +59343,8 @@ rule ELASTIC_Windows_Generic_Threat_C3C8F21A : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L1362-L1380" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L1362-L1380" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "9a102873dd37d08f53dcf6b5dad2555598a954d18fb3090bbf842655c5fded35" logic_hash = "b4d2b28fb2c9d46884b0b34f7821151b88891a8d881885c704e0e192cf7fca70" score = 75 @@ -59372,8 +59372,8 @@ rule ELASTIC_Windows_Generic_Threat_A3D51E0C : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L1382-L1400" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L1382-L1400" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "18bd25df1025cd04b0642e507b0170bc1a2afba71b2dc4bd5e83cc487860db0d" logic_hash = "f128f6a037abb4af2c11605b182852146780be6451b3062a2914bedb5c286843" score = 75 @@ -59401,8 +59401,8 @@ rule ELASTIC_Windows_Generic_Threat_54Ccad4D : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L1402-L1422" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L1402-L1422" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "fe4aad002722d2173dd661b7b34cdb0e3d4d8cd600e4165975c48bf1b135763f" logic_hash = "b9fb525be22dd2f235c3ac68688ced5298da45194ad032423689f5a085df6e31" score = 75 @@ -59432,8 +59432,8 @@ rule ELASTIC_Windows_Generic_Threat_6Ee18020 : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L1424-L1442" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L1424-L1442" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "d58d8f5a7efcb02adac92362d8c608e6d056824641283497b2e1c1f0e2d19b0a" logic_hash = "8a08973ae2ddde275e007686fc6eca831c1fb398b7221d5022da10f90da0e44d" score = 75 @@ -59461,8 +59461,8 @@ rule ELASTIC_Windows_Generic_Threat_8Eb547Db : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L1444-L1462" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L1444-L1462" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "3fc821b63dfa653b86b11201073997fa4dc273124d050c2a7c267ac789d8a447" logic_hash = "73cabad0656c6b347def017b07138fdbdd5b41da5ccf7d701fea764669058f39" score = 75 @@ -59490,8 +59490,8 @@ rule ELASTIC_Windows_Generic_Threat_803Feff4 : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L1464-L1482" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L1464-L1482" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "8f150dfb13e4a2ff36231f873e4c0677b5db4aa235d8f0aeb41e02f7e31c1e05" logic_hash = "e22b8b208ff104e2843d897c425467f2f0ec0c586c4db578da90aeaef0209e1d" score = 75 @@ -59519,8 +59519,8 @@ rule ELASTIC_Windows_Generic_Threat_9C7D2333 : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L1484-L1502" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L1484-L1502" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "85219f1402c88ab1e69aa99fe4bed75b2ad1918f4e95c448cdc6a4b9d2f9a5d4" logic_hash = "561290ebf3ca2a01914f514d63121be930e7a8c06cfc90ff4b8f0c7cef3408fe" score = 75 @@ -59548,8 +59548,8 @@ rule ELASTIC_Windows_Generic_Threat_747B58Af : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L1504-L1524" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L1504-L1524" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "ee28e93412c59d63155fd79bc99979a5664c48dcb3c77e121d17fa985fcb0ebe" logic_hash = "fd6b36ca50c1017035474b491f716bfb0d53b181fce4b5478a57a1d1a6ddc3e7" score = 75 @@ -59579,8 +59579,8 @@ rule ELASTIC_Windows_Generic_Threat_C3C4E847 : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L1526-L1544" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L1526-L1544" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "86b37f0b2d9d7a810b5739776b4104f1ded3a1228c4ec2d104d26d8eb26aa7ba" logic_hash = "fa147abf7aa872f409e7684c4c60485fc58f57543062573526e56ff9866f8dfe" score = 75 @@ -59608,8 +59608,8 @@ rule ELASTIC_Windows_Generic_Threat_6542Ebda : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L1546-L1564" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L1546-L1564" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "2073e51c7db7040c6046e36585873a0addc2bcddeb6e944b46f96c607dd83595" logic_hash = "30263341bf51a001503dfda9be5771d401bc5b5423682c29a6d4ebc457415d3e" score = 75 @@ -59637,8 +59637,8 @@ rule ELASTIC_Windows_Generic_Threat_1417511B : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L1566-L1584" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L1566-L1584" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "2fc9bd91753ff3334ef7f9861dc1ae79cf5915d79fa50f7104cbb3262b7037da" logic_hash = "e6b53082fa447ac3cf56784771aca742696922e6f740a24d014e04250dc5020c" score = 75 @@ -59666,8 +59666,8 @@ rule ELASTIC_Windows_Generic_Threat_7526F106 : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L1586-L1605" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L1586-L1605" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "5a297c446c27a8d851c444b6b32a346a7f9f5b5e783564742d39e90cd583e0f0" logic_hash = "a0f9eb760be05196f0c5c3e3bf250929b48341a58a11c24722978fa19c4a9f57" score = 75 @@ -59696,8 +59696,8 @@ rule ELASTIC_Windows_Generic_Threat_Cbe3313A : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L1607-L1625" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L1607-L1625" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "1ca2a28c851070b9bfe1f7dd655f2ea10ececef49276c998a1d2a1b48f84cef3" logic_hash = "41a731cefe0c8ee95f1db598b68a8860ef7ff06137ce94d0dd0b5c60c4240e85" score = 75 @@ -59725,8 +59725,8 @@ rule ELASTIC_Windows_Generic_Threat_779Cf969 : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L1627-L1645" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L1627-L1645" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "ef281230c248442c804f1930caba48f0ae6cef110665020139f826ab99bbf274" logic_hash = "ad0f2d78386abf4c6dc6b5a4a88b4dcf8e5bf8086b08bac91e5e00be9936e908" score = 75 @@ -59754,8 +59754,8 @@ rule ELASTIC_Windows_Generic_Threat_D568682A : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L1647-L1665" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L1647-L1665" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "0d98bc52259e0625ec2f24078cf4ae3233e5be0ade8f97a80ca590a0f1418582" logic_hash = "97e172502037c7a5d66327fcc4a237e5548694fc7d73a535838ad56367f15d76" score = 75 @@ -59783,8 +59783,8 @@ rule ELASTIC_Windows_Generic_Threat_Ccb6A7A2 : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L1667-L1686" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L1667-L1686" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "60503212db3f27a4d68bbfc94048ffede04ad37c78a19c4fe428b50f27af7a0d" logic_hash = "312265bbc4330a463bbe7478c70233f5df3353bda3c450562f2414f3675ba91e" score = 75 @@ -59813,8 +59813,8 @@ rule ELASTIC_Windows_Generic_Threat_D62F1D01 : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L1688-L1706" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L1688-L1706" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "380892397b86f47ec5e6ed1845317bf3fd9c00d01f516cedfe032c0549eef239" logic_hash = "fd65eb56f3a48c37f83d3544c039d29c231cac1e2f8f07d176d709432a75a4c3" score = 75 @@ -59842,8 +59842,8 @@ rule ELASTIC_Windows_Generic_Threat_2Bb6F41D : FILE MEMORY date = "2024-01-17" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L1708-L1728" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L1708-L1728" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "afa060352346dda4807dffbcac75bf07e8800d87ff72971b65e9805fabef39c0" logic_hash = "7c4e62b69880eb8a901d7e94b7539786e8ac58808df07cb1cbe9ff45efce518e" score = 75 @@ -59873,8 +59873,8 @@ rule ELASTIC_Windows_Generic_Threat_C54Ed0Ed : FILE MEMORY date = "2024-01-21" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L1730-L1747" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L1730-L1747" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "f0f4878cb003371522ed1419984f15fd5049f1adeb8e051b8b51b31b0d620e96" score = 75 quality = 75 @@ -59901,8 +59901,8 @@ rule ELASTIC_Windows_Generic_Threat_Dbe41439 : FILE MEMORY date = "2024-01-21" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L1749-L1767" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L1749-L1767" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "64afd2bc6cec17402473a29b94325ae2e26989caf5a8b916dc21952149d71b00" logic_hash = "288cdc285d024f2b69847e0d49bd4dc1c86a2a6a24a7b4fb248071855ba39a38" score = 75 @@ -59930,8 +59930,8 @@ rule ELASTIC_Windows_Generic_Threat_51A52B44 : FILE MEMORY date = "2024-01-21" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L1769-L1787" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L1769-L1787" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "303aafcc660baa803344bed6a3a7a5b150668f88a222c28182db588fc1e744e0" logic_hash = "aad1c350f43cf2e0512e085e1a04db6099c568e375423afb9518b1fb89801c21" score = 75 @@ -59959,8 +59959,8 @@ rule ELASTIC_Windows_Generic_Threat_5C18A7F9 : FILE MEMORY date = "2024-01-21" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L1789-L1807" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L1789-L1807" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "fd272678098eae8f5ec8428cf25d2f1d8b65566c59e363d42c7ce9ffab90faaa" logic_hash = "05cea396567ed3e23907dec4e6e3a6629cd1044d9123cde0575a04b73bae6c20" score = 75 @@ -59988,8 +59988,8 @@ rule ELASTIC_Windows_Generic_Threat_Ab01Ba9E : FILE MEMORY date = "2024-01-21" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L1809-L1829" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L1809-L1829" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "2b237716d0c0c9877f54b3fa03823068728dfe0710c5b05e9808eab365a1408e" logic_hash = "cc8d79950e21270938d2ea7e501c7c8fdbebe92767b48b46bb03c08c377e095b" score = 75 @@ -60019,8 +60019,8 @@ rule ELASTIC_Windows_Generic_Threat_917D7645 : FILE MEMORY date = "2024-01-21" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L1831-L1849" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L1831-L1849" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "19b54a20cfa74cbb0f4724155244b52ca854054a205be6d148f826fa008d6c55" logic_hash = "65748ff2e4448f305b9541ea9864cc6bda054d37be5ed34110a2f64c8fef30c7" score = 75 @@ -60048,8 +60048,8 @@ rule ELASTIC_Windows_Generic_Threat_7A09E97D : FILE MEMORY date = "2024-01-21" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L1851-L1869" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L1851-L1869" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "c0c1e333e60547a90ec9d9dac3fc6698b088769bc0f5ec25883b2c4d1fd680a9" logic_hash = "b65b2d12901953c137687a7b466c78e0537a2830c37a4cb13dd0eda457bba937" score = 75 @@ -60077,8 +60077,8 @@ rule ELASTIC_Windows_Generic_Threat_Dc4Ede3B : FILE MEMORY date = "2024-01-21" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L1871-L1889" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L1871-L1889" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "c49f20c5b42c6d813e6364b1fcb68c1b63a2f7def85a3ddfc4e664c4e90f8798" logic_hash = "c402d5f16f2be32912d7a054b51ab6dafc6173bb5a267a7846b3ac9df1c4c19f" score = 75 @@ -60106,8 +60106,8 @@ rule ELASTIC_Windows_Generic_Threat_Bb480769 : FILE MEMORY date = "2024-01-21" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L1891-L1909" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L1891-L1909" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "010e3aeb26533d418bb7d2fdcfb5ec21b36603b6abb63511be25a37f99635bce" logic_hash = "1087e0befceac2606ce5dc5f2b42b45ebad888e7d3e451c3fb89de7e932a31f5" score = 75 @@ -60135,8 +60135,8 @@ rule ELASTIC_Windows_Generic_Threat_5Fbf5680 : FILE MEMORY date = "2024-01-21" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L1911-L1929" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L1911-L1929" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "1b0553a9873d4cda213f5464b5e98904163e347a49282db679394f70d4571e77" logic_hash = "ec5399f6fb29125cb4c096851b9194fa35fb1e5ddd1f4d4f07b155471ae5c619" score = 75 @@ -60164,8 +60164,8 @@ rule ELASTIC_Windows_Generic_Threat_Aa30A738 : FILE MEMORY date = "2024-01-21" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L1931-L1949" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L1931-L1949" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "7726a691bd6c1ee51a9682e0087403a2c5a798ad172c1402acf2209c34092d18" logic_hash = "64967fbc0e74435452752731a8b9385345cc771d27ee33cd018cccdeb26bb75e" score = 75 @@ -60193,8 +60193,8 @@ rule ELASTIC_Windows_Generic_Threat_9A8Dc290 : FILE MEMORY date = "2024-01-21" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L1951-L1969" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L1951-L1969" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "d951562a841f3706005d7696052d45397e3b4296d4cd96bf187920175fbb1676" logic_hash = "0097a13187b953ebe97809dda2be818cfcd94991c03e75f344e34a3d2c4fe902" score = 75 @@ -60222,8 +60222,8 @@ rule ELASTIC_Windows_Generic_Threat_Bbf2A354 : FILE MEMORY date = "2024-01-22" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L1971-L1989" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L1971-L1989" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "b4e6c748ad88070e39b53a9373946e9e404623326f710814bed439e5ea61fc3e" logic_hash = "6be2fae41199daea6b9d0394c9af7713543333a50620ef417bb8439d5a07f336" score = 75 @@ -60251,8 +60251,8 @@ rule ELASTIC_Windows_Generic_Threat_Da0F3Cbb : FILE MEMORY date = "2024-01-22" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L1991-L2009" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L1991-L2009" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "b2c456d0051ffe1ca7e9de1e944692b10ed466eabb38242ea88e663a23157c58" logic_hash = "262d0bbb69adde8c4c8645813b048f3aaa2dbcc83996606e7ca21c3edea2b5d8" score = 75 @@ -60280,8 +60280,8 @@ rule ELASTIC_Windows_Generic_Threat_7D555B55 : FILE MEMORY date = "2024-01-22" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L2011-L2029" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L2011-L2029" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "7efa5c8fd55a20fbc3a270cf2329d4a38f10ca372f3428bee4c42279fbe6f9c3" logic_hash = "dc3a3622abbc7d0a02d8d9ed4446d0a72a603ecfd6594ecfa615e5418a9c9970" score = 75 @@ -60309,8 +60309,8 @@ rule ELASTIC_Windows_Generic_Threat_0A38C7D0 : FILE MEMORY date = "2024-01-22" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L2031-L2049" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L2031-L2049" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "69ea7d2ea3ed6826ddcefb3c1daa63d8ab53dc6e66c59cf5c2506a8af1c62ef4" logic_hash = "e3fde76825772683c57f830759168fc9a3b3f3387f091828fd971e9ebba06d8a" score = 75 @@ -60338,8 +60338,8 @@ rule ELASTIC_Windows_Generic_Threat_98527D90 : FILE MEMORY date = "2024-01-24" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L2051-L2069" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L2051-L2069" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "fa24e7c6777e89928afa2a0afb2fab4db854ed3887056b5a76aef42ae38c3c82" logic_hash = "5a93f0a372f3a51233c6b2334539017df922f35a0d5f7d1749e0dd79268cb836" score = 75 @@ -60367,8 +60367,8 @@ rule ELASTIC_Windows_Generic_Threat_Baba80Fb : FILE MEMORY date = "2024-01-24" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L2071-L2089" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L2071-L2089" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "dd22cb2318d66fa30702368a7f06e445fba4b69daf9c45f8e83562d2c170a073" logic_hash = "ba0da35bc00b776ae9b427e3a4b312b1b75bdc9b972fb52f26a5df6737f1ddc9" score = 75 @@ -60396,8 +60396,8 @@ rule ELASTIC_Windows_Generic_Threat_9F4A80B2 : FILE MEMORY date = "2024-01-24" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L2091-L2109" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L2091-L2109" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "47d57d00e2de43f33cd56ff653adb59b804e4dbe37304a5fa6a202ee20b50c24" logic_hash = "1df3b8245bc0e995443d598feb5fe2605e05df64b863d4f47c17ecbe8d28c3ea" score = 75 @@ -60425,8 +60425,8 @@ rule ELASTIC_Windows_Generic_Threat_39E1Eb4C : FILE MEMORY date = "2024-01-24" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L2111-L2129" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L2111-L2129" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "a733258bf04ffa058db95c8c908a79650400ebd92600b96dd28ceecac311f94a" logic_hash = "d7791ae7513bc5645bcfa93a2d7bf9f7ef47a6727ea2ba5eb85f3c8528761429" score = 75 @@ -60454,8 +60454,8 @@ rule ELASTIC_Windows_Generic_Threat_D51Dd31B : FILE MEMORY date = "2024-01-24" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L2131-L2150" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L2131-L2150" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "2a61c0305d82b6b4180c3d817c28286ab8ee56de44e171522bd07a60a1d8492d" logic_hash = "85fc7aa81489b304c348ead2d7042bb5518ff4579b1d3e837290032c4b144e47" score = 75 @@ -60484,8 +60484,8 @@ rule ELASTIC_Windows_Generic_Threat_3A321F0A : FILE MEMORY date = "2024-01-29" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L2152-L2170" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L2152-L2170" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "91056e8c53dc1e97c7feafab31f0943f150d89a0b0026bcfb3664d2e93ccfe2b" logic_hash = "83834dd7d4df5de4b6a032f1896f52c1ebdf16ca8ad9766e8872243f1a6da67e" score = 75 @@ -60513,8 +60513,8 @@ rule ELASTIC_Windows_Generic_Threat_A82F45A8 : FILE MEMORY date = "2024-01-29" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L2172-L2190" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L2172-L2190" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "ad07428104d3aa7abec2fd86562eaa8600d3e4b0f8d78ba1446f340d10008b53" logic_hash = "70ebab6b03af38ef8c81664cf49ab07066a9672666599d99c91291a9d2e3af0b" score = 75 @@ -60542,8 +60542,8 @@ rule ELASTIC_Windows_Generic_Threat_D6625Ad7 : FILE MEMORY date = "2024-01-29" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L2192-L2210" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L2192-L2210" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "878c9745320593573597d62c8f3adb3bef0b554cd51b18216f6d9f5d1a32a931" logic_hash = "e90aff7c35f60cc3446f9eeb2131edb7125bfa04eb8f90c5671d06e9ff269755" score = 75 @@ -60571,8 +60571,8 @@ rule ELASTIC_Windows_Generic_Threat_61Bbb571 : FILE MEMORY date = "2024-01-29" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L2212-L2230" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L2212-L2230" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "41e2a6cecb1735e8f09b1ba5dccff3c08afe395b6214396e545347927d1815a8" logic_hash = "6b1ec666f3689638b9db9f041b0a89660b27c32590b747c5da3f4a02f01c7112" score = 75 @@ -60600,8 +60600,8 @@ rule ELASTIC_Windows_Generic_Threat_4A605E93 : FILE MEMORY date = "2024-01-29" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L2232-L2250" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L2232-L2250" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "1a84e25505a54e8e308714b53123396df74df1bde223bb306c0dc6220c1f0bbb" logic_hash = "6ad7afa5bd03916917e2bbf4d736331f4319b20bfde296d7e62315584813699f" score = 75 @@ -60629,8 +60629,8 @@ rule ELASTIC_Windows_Generic_Threat_B509Dfc8 : FILE MEMORY date = "2024-01-29" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L2252-L2270" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L2252-L2270" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "9b5124e5e1be30d3f2ad1020bbdb93e2ceeada4c4d36f71b2abbd728bd5292b8" logic_hash = "90b00caf612f56a898b24c28ae6febda3fd11f382ab1deba522bdd2e2ba254b4" score = 75 @@ -60658,8 +60658,8 @@ rule ELASTIC_Windows_Generic_Threat_7A49053E : FILE MEMORY date = "2024-01-29" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L2272-L2292" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L2272-L2292" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "29fb2b18cfd72a2966640ff59e67c89f93f83fc17afad2dfcacf9f53e9ea3446" logic_hash = "6db95f20a2bcdfd7cb37cb33dae6351dd19f51a8c3cae54b1bb034af17378094" score = 75 @@ -60689,8 +60689,8 @@ rule ELASTIC_Windows_Generic_Threat_Fca7F863 : FILE MEMORY date = "2024-01-29" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L2294-L2312" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L2294-L2312" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "9d0e786dd8f1dc05eae910c6bcf15b5d05b4b6b0543618ca0c2ff3c4bb657af3" logic_hash = "ad45fe6e8257d012824b36aaee1beccb82c1b78031de86c1f1dd26d5be88aa6f" score = 75 @@ -60718,8 +60718,8 @@ rule ELASTIC_Windows_Generic_Threat_Cafbd6A3 : FILE MEMORY date = "2024-01-29" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L2314-L2333" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L2314-L2333" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "97081a51aa016d0e6c9ecadc09ff858bf43364265a006db9d7cc133f8429bc46" logic_hash = "28813fc8a49b6ec3fe7675409fde923f0f30851429a526c142e0a228b4e0efa6" score = 75 @@ -60748,8 +60748,8 @@ rule ELASTIC_Windows_Generic_Threat_D8F834A9 : FILE MEMORY date = "2024-01-29" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L2335-L2353" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L2335-L2353" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "c118c2064a5839ebd57a67a7be731fffe89669a8f17c1fe678432d4ff85e7929" logic_hash = "9fa1a65f3290867e4c59f14242f7261741e792b8be48c053ac320a315f2c1beb" score = 75 @@ -60777,8 +60777,8 @@ rule ELASTIC_Windows_Generic_Threat_De3F91C6 : FILE MEMORY date = "2024-01-31" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L2355-L2373" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L2355-L2373" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "e2cd4a8ccbf4a3a93c1387c66d94e9506b5981357004929ce5a41fcedfffb20f" logic_hash = "032ac2adb11782d823f50bfedf4e4decb731dbe7d3abbb3b05ccff598ba7edb8" score = 75 @@ -60806,8 +60806,8 @@ rule ELASTIC_Windows_Generic_Threat_F0516E98 : FILE MEMORY date = "2024-01-31" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L2375-L2394" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L2375-L2394" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "21d01bd53f43aa54f22786d7776c7bc90320ec6f7a6501b168790be46ff69632" logic_hash = "28f5b1a05d90745f432aee6bb9da3855d70b18d556153059794c5e53bbd5117c" score = 75 @@ -60836,8 +60836,8 @@ rule ELASTIC_Windows_Generic_Threat_3C4D9Cbe : FILE MEMORY date = "2024-01-31" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L2396-L2414" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L2396-L2414" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "21d01bd53f43aa54f22786d7776c7bc90320ec6f7a6501b168790be46ff69632" logic_hash = "b32f9a3b86c60d4d69c59250ac59e93aee70ede890b059b13be999adbe043d2c" score = 75 @@ -60865,8 +60865,8 @@ rule ELASTIC_Windows_Generic_Threat_Deb82E8C : FILE MEMORY date = "2024-01-31" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L2416-L2435" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L2416-L2435" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "0f5791588a9898a3db29326785d31b52b524c3097370f6aa28564473d353cd38" logic_hash = "c24baecab39c72f6bb30713022297cb9fb41ef5339a353702f3f780a630d5b27" score = 75 @@ -60895,8 +60895,8 @@ rule ELASTIC_Windows_Generic_Threat_278C589E : FILE MEMORY date = "2024-01-31" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L2437-L2455" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L2437-L2455" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "cccc6c1bf15a7d5725981de950475e272c277bc3b9d266c5debf0fc698770355" logic_hash = "59bbbecd73541750f7221b12895ccf51e1a6863ceca62e23f541df904ad23587" score = 75 @@ -60924,8 +60924,8 @@ rule ELASTIC_Windows_Generic_Threat_6B621667 : FILE MEMORY date = "2024-01-31" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L2457-L2475" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L2457-L2475" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "b50b39e460ecd7633a42f0856359088de20512c932fc35af6531ff48c9fa638a" logic_hash = "3574b7ef24c4387a9919ed9831af7657047b26d8922ab78788619bbd3d0edd56" score = 75 @@ -60953,8 +60953,8 @@ rule ELASTIC_Windows_Generic_Threat_C374Cd85 : FILE MEMORY date = "2024-01-31" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L2477-L2495" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L2477-L2495" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "1c677585a8b724332849c411ffe2563b2b753fd6699c210f0720352f52a6ab72" logic_hash = "8e183f780400f3bf9840798d53b431a4bf28bc43e07d69a3d614217e02f5dd79" score = 75 @@ -60982,8 +60982,8 @@ rule ELASTIC_Windows_Generic_Threat_7693D7Fd : FILE MEMORY date = "2024-02-13" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L2497-L2515" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L2497-L2515" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "fc40cc5d0bd3722126302f74ace414e6934eca3a8a5c63a11feada2130b34b89" logic_hash = "886ad084f33faf8baae8a650a88095757c2cff9e18c8f5c50ff36120b43ec082" score = 75 @@ -61011,8 +61011,8 @@ rule ELASTIC_Windows_Generic_Threat_Df5De012 : FILE MEMORY date = "2024-02-14" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L2517-L2535" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L2517-L2535" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "13c06d7b030a46c6bb6351f40184af9fafaf4c67b6a2627a45925dd17501d659" logic_hash = "1a1ce3644c33a4591ab6582525366d47e07bdc2350aa6066ec5b5fedc605b037" score = 75 @@ -61040,8 +61040,8 @@ rule ELASTIC_Windows_Generic_Threat_0E8530F5 : FILE MEMORY date = "2024-02-14" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L2537-L2556" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L2537-L2556" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "9f44d9acf79ed4450195223a9da185c0b0e8a8ea661d365a3ddea38f2732e2b8" logic_hash = "f4a010366625c059151d3e704f6ece1808f367401729feaf6cc423cf4d5c5c60" score = 75 @@ -61070,8 +61070,8 @@ rule ELASTIC_Windows_Generic_Threat_Ba807E3E : FILE MEMORY date = "2024-02-14" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L2558-L2576" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L2558-L2576" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "cabd0633b37e6465ece334195ff4cc5c3f44cfe46211165efc07f4073aed1049" logic_hash = "896eedb949eec6dff3e867ae3179b741382dd25ba06c6db452ac1ae5bc6bc757" score = 75 @@ -61099,8 +61099,8 @@ rule ELASTIC_Windows_Generic_Threat_4578Ee8C : FILE MEMORY date = "2024-02-14" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L2578-L2596" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L2578-L2596" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "699fecdb0bf27994d67492dc480f4ba1320acdd75e5881afbc5f73c982453fed" logic_hash = "1a519bb84aae29057536ea09e53ff97cfe34a70c84ac6fa7d1ec173de3754f03" score = 75 @@ -61128,8 +61128,8 @@ rule ELASTIC_Windows_Generic_Threat_Ebf62328 : FILE MEMORY date = "2024-02-14" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L2598-L2618" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L2598-L2618" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "dfce19aa2e1a3e983c3bfb2e4bbd7617b96d57602d7a6da6fee7b282e354c9e1" logic_hash = "e99b56dde761c5efad14f935befa4d1dbb31cd305b5d6af05a90d44dc3cd0098" score = 75 @@ -61159,8 +61159,8 @@ rule ELASTIC_Windows_Generic_Threat_Dcc622A4 : FILE MEMORY date = "2024-02-14" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L2620-L2638" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L2620-L2638" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "94a3f10396c07783586070119becf0924de9a7caf449d6e07065837d54e6222d" logic_hash = "9254226918f39389ccc347de1c5064552a8500ccef1884b8e27b6e98c651f45b" score = 75 @@ -61188,8 +61188,8 @@ rule ELASTIC_Windows_Generic_Threat_046Aa1Ec : FILE MEMORY date = "2024-02-20" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L2640-L2658" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L2640-L2658" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "c74cf499fb9298d43a6e64930addb1f8a8d8336c796b9bc02ffc260684ec60a2" logic_hash = "da6552da3db4851806f5a0ce3c324a79acf4ee4b2690cb02cc8d8c88a2ba28f8" score = 75 @@ -61217,8 +61217,8 @@ rule ELASTIC_Windows_Generic_Threat_85C73807 : FILE MEMORY date = "2024-02-20" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L2660-L2678" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L2660-L2678" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "7f560a22c1f7511518656ac30350229f7a6847d26e1b3857e283f7dcee2604a0" logic_hash = "90aa64f17b91ccdf367e1976cd1f5e89e15c7369a58b2d19187143e70939d756" score = 75 @@ -61246,8 +61246,8 @@ rule ELASTIC_Windows_Generic_Threat_642Df623 : FILE MEMORY date = "2024-02-20" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L2680-L2698" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L2680-L2698" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "e5ba85d1a6a54df38b5fa655703c3457783f4a4f71e178f83d8aac878d4847da" logic_hash = "555eb66f117312fa4ff3a49c0c40f89caddec3eb4b93d11bda2cce40529d46a0" score = 75 @@ -61275,8 +61275,8 @@ rule ELASTIC_Windows_Generic_Threat_27A2994F : FILE MEMORY date = "2024-02-20" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L2700-L2718" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L2700-L2718" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "e534914e06d90e119ce87f5abb446c57ec3473a29a7a9e7dc066fdc00dc68adc" logic_hash = "66f34ba3052e2369528aeaf076f10d58f8f3dca420666246e02191fecb057f8c" score = 75 @@ -61304,8 +61304,8 @@ rule ELASTIC_Windows_Generic_Threat_Dbceec58 : FILE MEMORY date = "2024-02-20" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L2720-L2738" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L2720-L2738" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "fbec30528e6f261aebf0d41f3cd6d35fcc937f1e20e1070f99b1b327f02b91e0" logic_hash = "2a99fb7b342b43e3a4f0136d7d618625ca5708ae32e6fcabb11420bd8c89915b" score = 75 @@ -61333,8 +61333,8 @@ rule ELASTIC_Windows_Generic_Threat_7407Eb79 : FILE MEMORY date = "2024-02-20" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L2740-L2758" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L2740-L2758" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "9ae0f053c8e2c4f4381eac8265170b79301d4a22ec1fdb86e5eb212c51a75d14" logic_hash = "a60c3e54493f9dab71584ba301c41c43f30d554df8c0b05674995faaf407ee48" score = 75 @@ -61362,8 +61362,8 @@ rule ELASTIC_Windows_Generic_Threat_3613Fa12 : FILE MEMORY date = "2024-02-20" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L2760-L2778" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L2760-L2778" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "1403ec99f262c964e3de133a10815e34d2f104b113b0197ab43c6b7b40b536c0" logic_hash = "77b23aaf384de138214e64342e170f3dce667ee41c3063c999286da9af6fff42" score = 75 @@ -61391,8 +61391,8 @@ rule ELASTIC_Windows_Generic_Threat_B125Fff2 : FILE MEMORY date = "2024-02-20" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L2780-L2798" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L2780-L2798" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "9c641c0c8c2fd8831ee4e3b29a2a65f070b54775e64821c50b8ccd387e602097" logic_hash = "054f3f36c688e1f5c3116e7a926df12df90f79dc1d42bee2616b5251f6ad2c24" score = 75 @@ -61420,8 +61420,8 @@ rule ELASTIC_Windows_Generic_Threat_D7E5Ec2D : FILE MEMORY date = "2024-02-20" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L2800-L2818" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L2800-L2818" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "fe711664a565566cbc710d5e678a9a30063a2db151ebec226e2abcd24c0a7e68" logic_hash = "4edb8cc1da81e0b9b3a8facc9a9a7d1e27dff0d2db7851d06a209beec3ccb463" score = 75 @@ -61449,8 +61449,8 @@ rule ELASTIC_Windows_Generic_Threat_1636C2Bf : FILE MEMORY date = "2024-03-04" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L2820-L2838" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L2820-L2838" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "6e43916db43d8217214bbe4eb32ed3d82d0ac423cffc91d053a317a3dbe6dafb" logic_hash = "c8b198cd5f9277ff3808ee2a313ab979d544b9e609d6623876d2e3c3c5668e38" score = 75 @@ -61478,8 +61478,8 @@ rule ELASTIC_Windows_Generic_Threat_0A640296 : FILE MEMORY date = "2024-03-04" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L2840-L2858" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L2840-L2858" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "3682eff62caaf2c90adef447d3ff48a3f9c34c571046f379d2eaf121976f1d07" logic_hash = "743c47c7a58e7d65261818b4b444aaf8015b9b55d3e54526b1d63a8770a6c5aa" score = 75 @@ -61507,8 +61507,8 @@ rule ELASTIC_Windows_Generic_Threat_B1Ef4828 : FILE MEMORY date = "2024-03-04" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L2860-L2879" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L2860-L2879" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "29b20ff8ebad05e4a33c925251d08824ca155f5d9fa72d6f9e359e6ec6c61279" logic_hash = "d5d63f38308c6f8e5ca54567c7c8b93fcde69601fbcc28d56d5231edd28163cf" score = 75 @@ -61537,8 +61537,8 @@ rule ELASTIC_Windows_Generic_Threat_48Cbdc20 : FILE MEMORY date = "2024-03-04" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L2881-L2900" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L2881-L2900" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "7a7704c64e64d3a1f76fc718d5b5a5e3d46beeeb62f0493f22e50865ddf66594" logic_hash = "687d0f3dc85a7e4b23019deec59ee77c211101d40ed6622a952e69ebc4151483" score = 75 @@ -61567,8 +61567,8 @@ rule ELASTIC_Windows_Generic_Threat_420E1Cdc : FILE MEMORY date = "2024-03-04" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L2902-L2920" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L2902-L2920" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "b20254e03f7f1e79fec51d614ee0cfe0cb87432f3a53cf98cf8c047c13e2d774" logic_hash = "6bd8a7bd4392e04d64f2e0b93d80978f59f9af634a0c971ca61cb9cb593743e0" score = 75 @@ -61596,8 +61596,8 @@ rule ELASTIC_Windows_Generic_Threat_4C37E16E : FILE MEMORY date = "2024-03-04" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L2922-L2941" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L2922-L2941" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "d83a8ed5e192b3fe9d74f3a9966fa094d23676c7e6586c9240d97c252b8e4e74" logic_hash = "dabac8aa6a3f4d4bd726161fc6573ca9de4088e7d818c3cf33cafc91f680e7aa" score = 75 @@ -61626,8 +61626,8 @@ rule ELASTIC_Windows_Generic_Threat_5Be3A474 : FILE MEMORY date = "2024-03-04" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L2943-L2961" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L2943-L2961" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "b902954d634307260d5bd8fb6248271f933c1cbc649aa2073bf05e79c1aedb66" logic_hash = "0f0f46e3bdebb47a4f43ccb64d65ab1e15d68d38c117cb25e5723ec16e7e0758" score = 75 @@ -61655,8 +61655,8 @@ rule ELASTIC_Windows_Generic_Threat_B191061E : FILE MEMORY date = "2024-03-04" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L2963-L2981" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L2963-L2981" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "bd4ef6fae7f29def8e5894bf05057653248f009422de85c1e425d04a0b2df258" logic_hash = "cbee10eab984249ceb9f8a82dc06aa014d6a249321f3d4f0d1e5657aab205ec8" score = 75 @@ -61684,8 +61684,8 @@ rule ELASTIC_Windows_Generic_Threat_05F52E4D : FILE MEMORY date = "2024-03-04" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L2983-L3001" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L2983-L3001" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "e578b795f8ed77c1057d8e6b827f7426fd4881f02949bfc83bcad11fa7eb2403" logic_hash = "79898b59b6d3564aad85d823a1450600faff5b1d2dbfbe0cee4cc59971e4f542" score = 75 @@ -61713,8 +61713,8 @@ rule ELASTIC_Windows_Generic_Threat_C34E19E9 : FILE MEMORY date = "2024-03-04" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L3003-L3021" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L3003-L3021" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "f9048348a59d9f824b45b16b1fdba9bfeda513aa9fbe671442f84b81679232db" logic_hash = "87999b6f2cf359b6436ee7e57691ac73fc41f3947bf8fef3f6b98148e17f180d" score = 75 @@ -61742,8 +61742,8 @@ rule ELASTIC_Windows_Generic_Threat_E691Eaa1 : FILE MEMORY date = "2024-03-04" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L3023-L3041" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L3023-L3041" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "afa5f36860e69b9134b93e9ad32fed0a5923772e701437e1054ea98e76f28a77" logic_hash = "0ac310e3f7cf99b77c2dcfea582752e2f1414caf43965c25d2f3f03cf27586cc" score = 75 @@ -61771,8 +61771,8 @@ rule ELASTIC_Windows_Generic_Threat_5E33Bb4B : FILE MEMORY date = "2024-03-04" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L3043-L3061" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L3043-L3061" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "13c06d7b030a46c6bb6351f40184af9fafaf4c67b6a2627a45925dd17501d659" logic_hash = "7e2002c3917ccab7d9f56a7aa20ea75be71aa7fdc64b7c3f87edb68be38e74b2" score = 75 @@ -61800,8 +61800,8 @@ rule ELASTIC_Windows_Generic_Threat_Be64Ba10 : FILE MEMORY date = "2024-03-04" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L3063-L3082" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L3063-L3082" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "24bb4fc117aa57fd170e878263973a392d094c94d3a5f651fad7528d5d73b58a" logic_hash = "c6acce53610baf119a0e2d55fc698a976463bbd21b739d4ac39a75383fa5fed2" score = 75 @@ -61830,8 +61830,8 @@ rule ELASTIC_Windows_Generic_Threat_7Bb75582 : FILE MEMORY date = "2024-03-04" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L3084-L3102" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L3084-L3102" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "35f9698e9b9f611b3dd92466f18f97f4a8b4506ed6f10d4ac84303177f43522d" logic_hash = "d959f755d28782b332248085034950a8d4cad3cde13b22254c90ca3952919e1b" score = 75 @@ -61859,8 +61859,8 @@ rule ELASTIC_Windows_Generic_Threat_59698796 : FILE MEMORY date = "2024-03-04" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L3104-L3122" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L3104-L3122" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "35f9698e9b9f611b3dd92466f18f97f4a8b4506ed6f10d4ac84303177f43522d" logic_hash = "59569049dbb09b7e15110fb8de1a146eb7fd606f116b4dd6c75ca973fb62296e" score = 75 @@ -61888,8 +61888,8 @@ rule ELASTIC_Windows_Generic_Threat_2Ae9B09E : FILE MEMORY date = "2024-03-05" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L3124-L3142" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L3124-L3142" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "dc8f4784c368676cd411b7d618407c416d9e56d116dd3cd17c3f750e6cb60c40" logic_hash = "183249214e5f8143eb91caf20778b870d17d7a52b6d71ad603827e8716e7e447" score = 75 @@ -61917,8 +61917,8 @@ rule ELASTIC_Windows_Generic_Threat_604A8763 : FILE MEMORY date = "2024-03-05" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L3144-L3162" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L3144-L3162" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "2a51fb11032ec011448184a4f2837d05638a7673d16dcf5dcf4005de3f87883a" logic_hash = "cf88c0d102680fc7c16d49b6e8dc49c16b27d5940edf078e667a45e70ebe3883" score = 75 @@ -61946,8 +61946,8 @@ rule ELASTIC_Windows_Generic_Threat_F45B3F09 : FILE MEMORY date = "2024-03-05" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L3164-L3182" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L3164-L3182" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "577f1dbd76030c7e44ed28c748551691d446e268189af94e1fa1545f06395178" logic_hash = "9b01ad1271cc5052a793e5a885aa7289cbaea4a928f60d64194477c3036496ed" score = 75 @@ -61975,8 +61975,8 @@ rule ELASTIC_Windows_Generic_Threat_3F390999 : FILE MEMORY date = "2024-03-05" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L3184-L3202" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L3184-L3202" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "1b6fc4eaef3515058f85551e7e5dffb68b9a0550cd7f9ebcbac158dac9ababf1" logic_hash = "462a7a38ebbb39515ac2c0a10353660d0cadcfb99360adcd200edc1db5a716ba" score = 75 @@ -62004,8 +62004,8 @@ rule ELASTIC_Windows_Generic_Threat_Abd1C09D : FILE MEMORY date = "2024-03-05" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L3204-L3222" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L3204-L3222" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "3ff09d2352c2163465d8c86f94baa25ba85c35698a5e3fbc52bc95afc06b7e85" logic_hash = "80e6f317e5cd91cb3819e9251efc8c96218071bec577a38c8784826dd4a657cb" score = 75 @@ -62033,8 +62033,8 @@ rule ELASTIC_Windows_Generic_Threat_B7870213 : FILE MEMORY date = "2024-03-05" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L3224-L3242" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L3224-L3242" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "04cb0d5eecea673acc575e54439398cc00e78cc54d8f43c4b9bc353e4fc4430d" logic_hash = "79b8385543def42259cd9c09d4d7059ff6bb02a9e87cff1bc0a8861e3b333c5f" score = 75 @@ -62062,8 +62062,8 @@ rule ELASTIC_Windows_Generic_Threat_2Bba6Bae : FILE MEMORY date = "2024-03-05" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L3244-L3262" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L3244-L3262" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "d9955c716371422750b77d64256dade6fbd028c8d965db05c0d889d953480373" logic_hash = "59e4b173c21b0ab161adf8d89f253f21403bca706b6bf40b3da00697f87dd509" score = 75 @@ -62082,35 +62082,6 @@ rule ELASTIC_Windows_Generic_Threat_2Bba6Bae : FILE MEMORY condition: all of them } -rule ELASTIC_Windows_Generic_Threat_5D3F297C : FILE MEMORY -{ - meta: - description = "Detects Windows Generic Threat (Windows.Generic.Threat)" - author = "Elastic Security" - id = "5d3f297c-b812-401a-8671-2e00369cd6f2" - date = "2024-03-05" - modified = "2024-06-12" - reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L3264-L3282" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" - hash = "885c8cd8f7ad93f0fd43ba4fb7f14d94dfdee3d223715da34a6e2fbb4d25b9f4" - logic_hash = "556d3bc9374a5ec23faa410900dfc94b5534434c9733165355d281976444a42b" - score = 75 - quality = 75 - tags = "FILE, MEMORY" - fingerprint = "ff90bfcb28bb3164fb11da5f35f289af679805f7e4047e48d97ae89e5b820dcd" - severity = 50 - arch_context = "x86" - scan_context = "file, memory" - license = "Elastic License v2" - os = "windows" - - strings: - $a1 = { 83 EC 08 C7 45 F8 00 00 00 00 83 7D 08 00 74 4A 83 7D 0C 00 74 44 8B 45 0C 83 C0 01 50 6A 40 ?? ?? ?? ?? ?? ?? 89 45 F8 83 7D F8 00 74 2C C7 45 FC 00 00 00 00 EB 09 8B 4D FC 83 C1 01 } - - condition: - all of them -} rule ELASTIC_Windows_Generic_Threat_4Db75701 : FILE MEMORY { meta: @@ -62120,8 +62091,8 @@ rule ELASTIC_Windows_Generic_Threat_4Db75701 : FILE MEMORY date = "2024-03-05" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L3284-L3302" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L3264-L3282" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "fa7847d21d5a350cf96d7ecbcf13dce63e6a0937971cfb479700c5b31850bba9" logic_hash = "65f7d15ed551e069b30ce6c0a5f15d01d24b8b29727950269c9956fcf6dc799d" score = 75 @@ -62149,8 +62120,8 @@ rule ELASTIC_Windows_Generic_Threat_54A914C9 : FILE MEMORY date = "2024-03-25" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L3304-L3322" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L3284-L3302" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "c418c5ad8030985bb5067cda61caba3b7a0d24cb8d3f93fc09d452fbdf4174ec" logic_hash = "0cc3797564b4c722423f915493e07b0e0fec3085e7a535f9914f82d73c797bed" score = 75 @@ -62178,8 +62149,8 @@ rule ELASTIC_Windows_Generic_Threat_38A88967 : FILE MEMORY date = "2024-03-25" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L3324-L3342" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L3304-L3322" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "6e425eb1a27c4337f05d12992e33fe0047e30259380002797639d51ef9509739" logic_hash = "ddbdb1c39a07141d83173504214c889aff75487570d906413ebc6f262fedf9ae" score = 75 @@ -62207,8 +62178,8 @@ rule ELASTIC_Windows_Generic_Threat_E8Abb835 : FILE MEMORY date = "2024-03-26" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L3344-L3362" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L3324-L3342" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "e42262671325bec300afa722cefb584e477c3f2782c8d4c6402d6863df348cac" logic_hash = "0ad56b8c741a79a600a0d5588c4e8760a6d19fef72ff7814a00cfb84a90f23aa" score = 75 @@ -62236,8 +62207,8 @@ rule ELASTIC_Windows_Generic_Threat_492D7223 : FILE MEMORY date = "2024-03-26" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L3364-L3382" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L3344-L3362" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "c0d9c9297836aceb4400bcb0877d1df90ca387f18f735de195852a909c67b7ef" logic_hash = "9fb2a00def86ed8476d906514a0bc630e28093ac37d757541d8801d2c8e0efc3" score = 75 @@ -62265,8 +62236,8 @@ rule ELASTIC_Windows_Generic_Threat_Ea296356 : FILE MEMORY date = "2024-05-22" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L3384-L3402" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L3364-L3382" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "4c48a0fe90f3da7bfdd32961da7771a0124b77e1ac1910168020babe8143e959" logic_hash = "73ffd16f0047cd57311853aa9083fc21427f2eb21646c6edc7b8def86da90f90" score = 75 @@ -62294,8 +62265,8 @@ rule ELASTIC_Windows_Generic_Threat_Aeaeb5Cf : FILE MEMORY date = "2024-05-22" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L3404-L3422" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L3384-L3402" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "f57d955d485904f0c729acff9db1de9cb42f32af993393d58538f07fa273b431" logic_hash = "640966296bad70234e0fe7b6f87b92fcf4fc111189d307d44f32e926785f76cb" score = 75 @@ -62323,8 +62294,8 @@ rule ELASTIC_Windows_Generic_Threat_C8424507 : FILE MEMORY date = "2024-05-22" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L3424-L3443" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L3404-L3423" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "d556b02733385b823cfe4db7e562e90aa520e2e6fb00fceb76cc0a6a1ff47692" logic_hash = "78d56257cb6e1d67f9343ee30b844fe20138e27ca3b6312a07112e5dbb797851" score = 75 @@ -62353,8 +62324,8 @@ rule ELASTIC_Windows_Generic_Threat_9Af87Ddb : FILE MEMORY date = "2024-05-23" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L3445-L3463" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L3425-L3443" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "b1fbc11744e21dc08599412887a3a966572614ce25ccd3c8c98f04bcbdda3898" logic_hash = "99174c5740324d7704a5c6ae924254f9b5f241c97901dfdb771fc176a76e4a30" score = 75 @@ -62382,8 +62353,8 @@ rule ELASTIC_Windows_Generic_Threat_D7B57912 : FILE MEMORY date = "2024-05-23" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L3465-L3483" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L3445-L3463" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "0906599be152dd598c7f540498c44cc38efe9ea976731da05137ee6520288fe4" logic_hash = "a774e3030d81e29805a9784cfbbc0b69c4fedebe0daa25e403777e1f46f9094f" score = 75 @@ -62411,8 +62382,8 @@ rule ELASTIC_Windows_Generic_Threat_23D33B48 : FILE MEMORY date = "2024-06-05" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L3485-L3503" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L3465-L3483" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "acbc22df07888498ae6f52f5458e3fb8e0682e443a8c2bc97177a0320b4e2098" logic_hash = "c9fb93bb74e4d45197d0da5b641860738a42a583b15cc098e86ea79bb8690bf7" score = 75 @@ -62440,8 +62411,8 @@ rule ELASTIC_Windows_Generic_Threat_4B0B73Ce : FILE MEMORY date = "2024-06-05" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L3505-L3523" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L3485-L3503" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "236fc00cd7c75f70904239935ab90f51b03ff347798f56cec1bdd73a286b24c1" logic_hash = "d53923df612dd7fe0b1b2c94c1c5d747b08723df129089326ec27c5049769cef" score = 75 @@ -62469,8 +62440,8 @@ rule ELASTIC_Windows_Generic_Threat_1F2E969C : FILE MEMORY date = "2024-06-05" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Generic_Threat.yar#L3525-L3543" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Generic_Threat.yar#L3505-L3523" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "7def75df729ed66511fbe91eadf15bc69a03618e78c48e27c35497db2a6a97ae" logic_hash = "7d984a902f9bf40c9b49da89aba9249f80b41b24ca1cdb6189f541b40ef41742" score = 75 @@ -62498,8 +62469,8 @@ rule ELASTIC_Windows_Ransomware_Doppelpaymer_6660D29F : BETA FILE MEMORY date = "2020-06-28" modified = "2021-08-23" reference = "https://www.crowdstrike.com/blog/doppelpaymer-ransomware-and-dridex-2/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Doppelpaymer.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Doppelpaymer.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "4c12eaa44f82c6f729e51242c9c1836eb1856959c682e2d2e21b975104c197b6" score = 75 quality = 75 @@ -62528,8 +62499,8 @@ rule ELASTIC_Windows_Ransomware_Doppelpaymer_6Ab188Da : BETA FILE MEMORY date = "2020-06-28" modified = "2021-08-23" reference = "https://www.crowdstrike.com/blog/doppelpaymer-ransomware-and-dridex-2/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Doppelpaymer.yar#L23-L42" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Doppelpaymer.yar#L23-L42" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "429c87d293b7f517a594e8be020cbe7f8302a8b6eb8337f090ca18973aafbde4" score = 75 quality = 75 @@ -62557,8 +62528,8 @@ rule ELASTIC_Windows_Ransomware_Doppelpaymer_4Fb1A155 : BETA FILE MEMORY date = "2020-06-28" modified = "2021-08-23" reference = "https://www.crowdstrike.com/blog/doppelpaymer-ransomware-and-dridex-2/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Doppelpaymer.yar#L44-L63" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Doppelpaymer.yar#L44-L63" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "eb041a836b2bc73312a2f87523d817d5274f3d43d3e5fe6aacfad1399c61a9de" score = 75 quality = 75 @@ -62586,8 +62557,8 @@ rule ELASTIC_Windows_Trojan_Bumblebee_35F50Bea : FILE MEMORY date = "2022-04-28" modified = "2022-06-09" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Bumblebee.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Bumblebee.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "9fff05a5aa9cbbf7d37bc302d8411cbd63fb3a28dc6f5163798ae899b9edcda6" logic_hash = "9f22b1b7f9e2d7858738d02730ef5477f8d430ad3606ebf4ac8b01314fdc9c46" score = 75 @@ -62616,8 +62587,8 @@ rule ELASTIC_Windows_Trojan_Bumblebee_70Bed4F3 : FILE MEMORY date = "2022-04-28" modified = "2022-06-09" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Bumblebee.yar#L22-L46" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Bumblebee.yar#L22-L46" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "9fff05a5aa9cbbf7d37bc302d8411cbd63fb3a28dc6f5163798ae899b9edcda6" logic_hash = "3ff97986bfd8df812c4ef94395b3ac7f9ead4d059c398f8984ee217a1bcee4af" score = 75 @@ -62651,8 +62622,8 @@ rule ELASTIC_Windows_Trojan_Doubleback_D2246A35 : FILE MEMORY date = "2022-05-29" modified = "2022-07-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_DoubleBack.yar#L1-L31" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_DoubleBack.yar#L1-L31" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "03d2a0747d06458ccddf65ff5847a511a105e0ad4dcb5134082623af6f705012" logic_hash = "2241d2c6e5b5896fe6f3b02cb1786c39fa620ee503c4585bd75c8763b6d3c06a" score = 75 @@ -62692,8 +62663,8 @@ rule ELASTIC_Windows_Trojan_Hazelcobra_6A9Fe48A : FILE MEMORY date = "2023-11-01" modified = "2023-11-01" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_HazelCobra.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_HazelCobra.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "b5acf14cdac40be590318dee95425d0746e85b1b7b1cbd14da66f21f2522bf4d" logic_hash = "dc4d561497c2e3da270d305ceaf3194b48d64c0d8e212ee6f03a2d89c8e006e8" score = 75 @@ -62724,8 +62695,8 @@ rule ELASTIC_Linux_Ransomware_Blacksuit_9F53E7E5 : FILE MEMORY date = "2023-07-27" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Ransomware_BlackSuit.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Ransomware_BlackSuit.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "1c849adcccad4643303297fb66bfe81c5536be39a87601d67664af1d14e02b9e" logic_hash = "121e0139385cfef5dff394c4ea36d950314b00c6d7021cf2ca667ee942e74763" score = 75 @@ -62755,8 +62726,8 @@ rule ELASTIC_Linux_Ransomware_Quantum_8513Fb8B : FILE MEMORY date = "2023-07-28" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Ransomware_Quantum.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Ransomware_Quantum.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "3bcb9ad92fdca53195f390fc4d8d721b504b38deeda25c1189a909a7011406c9" logic_hash = "7e24be541bafc2427ecd8f76b7774fb65d7421bc300503eeb068b8104e168c70" score = 75 @@ -62785,8 +62756,8 @@ rule ELASTIC_Windows_Trojan_Hancitor_6738D84A : FILE MEMORY date = "2021-06-17" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Hancitor.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Hancitor.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "a674898f39377e538f9ec54197689c6fa15f00f51aa0b5cc75c2bafd86384a40" logic_hash = "448243b6925c4e419b1fd492ac5e8d43a7baa4492ba7a5a0b44bc8e036c77ec2" score = 75 @@ -62816,8 +62787,8 @@ rule ELASTIC_Windows_Exploit_Rpcjunction_0405253B : FILE date = "2024-02-28" modified = "2024-03-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Exploit_RpcJunction.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Exploit_RpcJunction.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "05588fe3d2aae1273e9d0b0ac00c867d92bcdea41c33661760dcbe84439e7949" logic_hash = "c663285d81e00bf6b028cdb043da3c6d5033a0c100d9c626acfa26d67bc1c093" score = 75 @@ -62847,8 +62818,8 @@ rule ELASTIC_Macos_Trojan_Rustbucket_E64F7A92 : FILE MEMORY date = "2023-06-26" modified = "2023-06-29" reference = "https://www.elastic.co/security-labs/DPRK-strikes-using-a-new-variant-of-rustbucket" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/MacOS_Trojan_RustBucket.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/MacOS_Trojan_RustBucket.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "9ca914b1cfa8c0ba021b9e00bda71f36cad132f27cf16bda6d937badee66c747" logic_hash = "bd6005d72faba6aaeebdcbd8c771995cbfc667faf01eb93825afe985954a47fc" score = 75 @@ -62878,8 +62849,8 @@ rule ELASTIC_Linux_Cryptominer_Ksmdbot_Ebeedb3C : FILE MEMORY date = "2022-12-14" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Ksmdbot.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Ksmdbot.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "b927e0fe58219305d86df8b3e44493a7c854a6ea4f76d1ebe531a7bfd4365b54" logic_hash = "67f97cc4f2886ed296b5b3827dc1d1792136ba8d9d27c20b677c9467618c879d" score = 75 @@ -62911,8 +62882,8 @@ rule ELASTIC_Windows_Trojan_Flawedgrace_8C5Eb04B : FILE MEMORY date = "2023-11-01" modified = "2023-11-02" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_FlawedGrace.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_FlawedGrace.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "966112f3143d751a95c000a990709572ac8b49b23c0e57b2691955d6fda1016e" logic_hash = "dc07197cb9a02ff8d271f78756c2784c74d09e530af20377a584dbfe77e973aa" score = 75 @@ -62944,8 +62915,8 @@ rule ELASTIC_Windows_Vulndriver_Xtier_48Bb4B2C : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_VulnDriver_XTier.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_VulnDriver_XTier.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "0f726d8ce21c0c9e01ebe6b55913c519ad6086bcaec1a89f8308f3effacd435f" logic_hash = "fd6ae610a4d2cbf02aae2302d181d07780e723ac7e61b5aa3fd18ba834160729" score = 75 @@ -62975,8 +62946,8 @@ rule ELASTIC_Windows_Vulndriver_Xtier_8A2F6Dc1 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_VulnDriver_XTier.yar#L23-L43" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_VulnDriver_XTier.yar#L23-L43" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "95d50c69cdbf10c9c9d61e64fe864ac91e6f6caa637d128eb20e1d3510e776d3" logic_hash = "90e1efd9d918f15459dd3fabb4737cbdeded66da1d556becca051bdda5867c11" score = 75 @@ -63006,8 +62977,8 @@ rule ELASTIC_Windows_Vulndriver_Xtier_F4760D4A : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_VulnDriver_XTier.yar#L45-L65" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_VulnDriver_XTier.yar#L45-L65" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "0e14a4401011a9f4e444028ac5b1595da34bbbf9af04a00670f15ff839734003" logic_hash = "dc83771e08b8530bf138782ba8c7724e7ecff40c973407a7f654346302a284d5" score = 75 @@ -63037,8 +63008,8 @@ rule ELASTIC_Windows_Vulndriver_Xtier_6A7De49F : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_VulnDriver_XTier.yar#L67-L87" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_VulnDriver_XTier.yar#L67-L87" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "26c86227d3f387897c1efd77dc711eef748eb90be84149cb306e3d4c45cc71c7" logic_hash = "de0d25377103d50b33a95a804b9c3eb9ef221d56fa1dfda0a32f14dcd95ee4b1" score = 75 @@ -63068,8 +63039,8 @@ rule ELASTIC_Windows_Infostealer_Strela_0Dc3E4A1 : MEMORY date = "2024-03-25" modified = "2024-05-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Infostealer_Strela.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Infostealer_Strela.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "e6991b12e86629b38e178fef129dfda1d454391ffbb236703f8c026d6d55b9a1" logic_hash = "3e4756f817970a5373183b4d0f893edf0b08fe146c79ed83f86d191199c25095" score = 75 @@ -63101,8 +63072,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrig_57C0C6D7 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Xmrig.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Xmrig.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "100dc1ede4c0832a729d77725784d9deb358b3a768dfaf7ff9e96535f5b5a361" logic_hash = "d3a272d488cebe4f774c994001a14d825372a27f16267bc0339b7e3b22ada8db" score = 75 @@ -63130,8 +63101,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrig_7E42Bf80 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Xmrig.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Xmrig.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "551b6e6617fa3f438ec1b3bd558b3cbc981141904cab261c0ac082a697e5b07d" logic_hash = "ad8c8f0081d07f7e2a5400de6af2c6b311f77ff336d7576f7fb0bfe2593a9062" score = 75 @@ -63159,8 +63130,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrig_271121Fb : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Xmrig.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Xmrig.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "19aeafb63430b5ac98e93dfd6469c20b9c1145e6b5b86202553bd7bd9e118842" logic_hash = "f43b1527ad4bbd07023126def89c1af47698cc832f71f4a1381ed0d621d79ed5" score = 75 @@ -63188,8 +63159,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrig_E7E64Fb7 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Xmrig.yar#L61-L78" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Xmrig.yar#L61-L78" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "e325ac02c51526c5a36bdd6c2bcb3bee51f1214d78eff8048c8a1ae88334a9e8" score = 75 quality = 75 @@ -63216,8 +63187,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrig_79B42B21 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Xmrig.yar#L80-L97" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Xmrig.yar#L80-L97" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "db42871193960ea4c2cbe5f5040cbc1097d57d9e4dc291bcc77ed72b588311ab" score = 75 quality = 75 @@ -63244,8 +63215,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrig_77Fbc695 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Xmrig.yar#L99-L117" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Xmrig.yar#L99-L117" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "e723a2b976adddb01abb1101f2d3407b783067bec042a135b21b14d63bc18a68" logic_hash = "af8e09cd5d6b7532af0c06273aa465cf6c40ad6c919a679fd09191a1c2a302f5" score = 75 @@ -63273,8 +63244,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrig_403B0A12 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Xmrig.yar#L119-L137" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Xmrig.yar#L119-L137" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "54d806b3060404ccde80d9f3153eebe8fdda49b6e8cdba197df0659c6724a52d" logic_hash = "5b7662124eb980b11f88a50665292e7a405595f7ad85c5c448dd087ea096689a" score = 75 @@ -63302,8 +63273,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrig_Bffa106B : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Xmrig.yar#L139-L156" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Xmrig.yar#L139-L156" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "d7214ad9c4291205b50567d142d99b8a19a9cfa69d3cd0a644774c3a1adb6b49" score = 75 quality = 75 @@ -63330,8 +63301,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrig_73Faf972 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Xmrig.yar#L158-L176" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Xmrig.yar#L158-L176" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "00e29303b66cb39a8bc23fe91379c087376ea26baa21f6b7f7817289ba89f655" logic_hash = "a6a9d304d215302bf399c90ed0dd77a681796254c51a2a20e4a316dba43b387f" score = 75 @@ -63359,8 +63330,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrig_Af809Eea : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Xmrig.yar#L178-L196" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Xmrig.yar#L178-L196" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "00e29303b66cb39a8bc23fe91379c087376ea26baa21f6b7f7817289ba89f655" logic_hash = "4ae4b119a3eecfdb47a88fe5a89a4f79ae96eecf5d08eef08997357de7e6538a" score = 75 @@ -63388,8 +63359,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrig_9F6Ac00F : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Xmrig.yar#L198-L216" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Xmrig.yar#L198-L216" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "9cd58c1759056c0c5bbd78248b9192c4f8c568ed89894aff3724fdb2be44ca43" logic_hash = "9fa8e7be5c35c9a649c42613d0d5d5cecff3d9c3e9a572e4be1ca661876748a5" score = 75 @@ -63417,8 +63388,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrig_Dbcc9D87 : FILE MEMORY date = "2021-12-13" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Xmrig.yar#L218-L236" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Xmrig.yar#L218-L236" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "da9b8fb5c26e81fb3aed3b0bc95d855339fced303aae2af281daf0f1a873e585" logic_hash = "b7fa60e32cb53484d8b76b13066eda1f2275ee2660ac2dc02b0078b921998e79" score = 75 @@ -63446,8 +63417,8 @@ rule ELASTIC_Windows_Trojan_Plugx_5F3844Ff : FILE MEMORY date = "2023-08-28" modified = "2023-09-20" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_PlugX.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_PlugX.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "a823380e46878dfa8deb3ca0dc394db1db23bb2544e2d6e49c0eceeffb595875" logic_hash = "a1a484f4cf00ec0775a3f322bae66ce5f9cc52f08306b38f079445233c49bf52" score = 75 @@ -63479,8 +63450,8 @@ rule ELASTIC_Windows_Trojan_Plugx_F338Dab5 : FILE MEMORY date = "2024-06-05" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_PlugX.yar#L25-L45" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_PlugX.yar#L25-L45" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "8af3fc1f8bd13519d78ee83af43daaa8c5e2c3f184c09f5c41941e0c6f68f0f7" logic_hash = "0482305a73bc500aa7c266536cb8286ea796f6b1eaba39547bed22313bbb4457" score = 75 @@ -63510,8 +63481,8 @@ rule ELASTIC_Windows_Trojan_Behinder_B9A49F4B : FILE MEMORY date = "2023-03-02" modified = "2023-06-13" reference = "https://www.elastic.co/security-labs/ref2924-howto-maintain-persistence-as-an-advanced-threat" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Behinder.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Behinder.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "a50ca8df4181918fe0636272f31e19815f1b97cce6d871e15e03b0ee0e3da17b" logic_hash = "2303ef82e4dc5e8be87ddc4563dcd06963d17e1fbf25cf246a6c81e4e74adbcb" score = 75 @@ -63541,8 +63512,8 @@ rule ELASTIC_Macos_Cryptominer_Xmrig_241780A1 : FILE MEMORY date = "2021-09-30" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/MacOS_Cryptominer_Xmrig.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/MacOS_Cryptominer_Xmrig.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f" logic_hash = "9e091f6881a96abdc6592db385eb9026806befdda6bda4489470b4e16e1d4d87" score = 75 @@ -63573,8 +63544,8 @@ rule ELASTIC_Windows_Vulndriver_Mtcbsv_7F6D642E : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_VulnDriver_MtcBsv.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_VulnDriver_MtcBsv.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "ff803017d1acafde6149fe7d463aee23b1c4f6f3b97c698c05f3ca6f07e4df6c" logic_hash = "dfd53a2b97ad722307561fc5f109dcba372bf600113786bb351ed1262fdc8556" score = 75 @@ -63604,8 +63575,8 @@ rule ELASTIC_Windows_Trojan_Suddenicon_99487621 : FILE MEMORY date = "2023-03-29" modified = "2023-03-30" reference = "https://www.elastic.co/security-labs/elastic-users-protected-from-suddenicon-supply-chain-attack" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_SuddenIcon.yar#L1-L26" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_SuddenIcon.yar#L1-L26" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "aa4e398b3bd8645016d8090ffc77d15f926a8e69258642191deb4e68688ff973" logic_hash = "9a441c47e8b95d8aaec6f495d6ddfec2ed6b0762637ea48e64c9ea01b0945019" score = 75 @@ -63639,8 +63610,8 @@ rule ELASTIC_Windows_Trojan_Suddenicon_8B07C275 : FILE MEMORY date = "2023-03-29" modified = "2023-03-30" reference = "https://www.elastic.co/security-labs/elastic-users-protected-from-suddenicon-supply-chain-attack" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_SuddenIcon.yar#L28-L48" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_SuddenIcon.yar#L28-L48" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "aa4e398b3bd8645016d8090ffc77d15f926a8e69258642191deb4e68688ff973" logic_hash = "64e8bd8929c9fb8cae16f772e3266b02b4ddec770ff8d5379a93a483eb8ff660" score = 75 @@ -63669,8 +63640,8 @@ rule ELASTIC_Windows_Trojan_Suddenicon_Ac021Ae0 : FILE MEMORY date = "2023-03-30" modified = "2023-03-30" reference = "https://www.elastic.co/security-labs/elastic-users-protected-from-suddenicon-supply-chain-attack" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_SuddenIcon.yar#L50-L76" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_SuddenIcon.yar#L50-L76" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "033eabdd8ce8ecc4e1a657161c1f298c7dfe536ee2dbf9375cfda894638a7bee" score = 75 quality = 75 @@ -63705,8 +63676,8 @@ rule ELASTIC_Windows_Vulndriver_Vbox_3315863F : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_VulnDriver_VBox.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_VulnDriver_VBox.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "42d926cfb3794f9b1e3cb397498696cb687f505e15feb9df11b419c49c9af498" logic_hash = "ba4e6a94516e36dcd6140b6732d959703e2c58a79add705b9260001ea26db738" score = 75 @@ -63735,8 +63706,8 @@ rule ELASTIC_Windows_Vulndriver_Vbox_1B1C5Cd5 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_VulnDriver_VBox.yar#L22-L42" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_VulnDriver_VBox.yar#L22-L42" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "1684e24dae20ab83ab5462aa1ff6473110ec53f52a32cfb8c1fe95a2642c6d22" logic_hash = "5fcfffea021aee8d18172383df0e65f8c618fab545c800f1a7b659e8112c6c0f" score = 75 @@ -63766,8 +63737,8 @@ rule ELASTIC_Windows_Vulndriver_Winflash_881758Da : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_VulnDriver_WinFlash.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_VulnDriver_WinFlash.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "8596ea3952d84eeef8f5dc5b0b83014feb101ec295b2d80910f21508a95aa026" logic_hash = "a46ac1f19ba5d9543c88434575870b61fbb935cd4c4e28cb80a077502af7d2db" score = 75 @@ -63795,8 +63766,8 @@ rule ELASTIC_Linux_Virus_Staffcounter_D2D608A8 : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "06e562b54b7ee2ffee229c2410c9e2c42090e77f6211ce4b9fa26459ff310315" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Virus_Staffcounter.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Virus_Staffcounter.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "e30f1312eb1cbbc4faba3f67527a4e0e955b5684a1ba58cdd82a7a0f1ce3d2b9" score = 75 quality = 75 @@ -63823,8 +63794,8 @@ rule ELASTIC_Windows_Trojan_Metastealer_F94E2464 : FILE MEMORY date = "2024-03-27" modified = "2024-05-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_MetaStealer.yar#L1-L34" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_MetaStealer.yar#L1-L34" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "14ca15c0751207103c38f1a2f8fdc73e5dd3d58772f6e5641e54e0c790ecd132" logic_hash = "bf374bda2ca7c7bcec1ff092bbc9c3fd95c33faa78a6ea105a7b12b8e80a2e23" score = 75 @@ -63867,8 +63838,8 @@ rule ELASTIC_Windows_Trojan_Bloodalchemy_3793364E : FILE MEMORY date = "2023-09-25" modified = "2023-09-25" reference = "https://www.elastic.co/security-labs/disclosing-the-bloodalchemy-backdoor" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_BloodAlchemy.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_BloodAlchemy.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "c9f03767b92bb2c44f6b386e1f0a521f1a7a063cf73799844cc3423d4a7de7be" score = 75 quality = 75 @@ -63896,8 +63867,8 @@ rule ELASTIC_Windows_Trojan_Bloodalchemy_E510798D : FILE MEMORY date = "2023-09-25" modified = "2023-09-25" reference = "https://www.elastic.co/security-labs/disclosing-the-bloodalchemy-backdoor" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_BloodAlchemy.yar#L22-L41" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_BloodAlchemy.yar#L22-L41" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "7919bb5f19745a1620e6be91622c40083cbd2ddb02905215736a2ed11e9af5c4" score = 75 quality = 75 @@ -63925,8 +63896,8 @@ rule ELASTIC_Windows_Trojan_Bloodalchemy_63084Eea : FILE MEMORY date = "2023-09-25" modified = "2023-09-25" reference = "https://www.elastic.co/security-labs/disclosing-the-bloodalchemy-backdoor" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_BloodAlchemy.yar#L43-L61" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_BloodAlchemy.yar#L43-L61" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "3fe64502992281511e942b8f4541d61b33e900dbe23ea9f976c7eb9522ce4cbd" score = 75 quality = 75 @@ -63953,8 +63924,8 @@ rule ELASTIC_Windows_Trojan_Bloodalchemy_C2D80609 : FILE MEMORY date = "2023-09-25" modified = "2023-09-25" reference = "https://www.elastic.co/security-labs/disclosing-the-bloodalchemy-backdoor" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_BloodAlchemy.yar#L63-L81" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_BloodAlchemy.yar#L63-L81" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "694a0f917f106fbdde4c8e5dd8f9cdce56e9423ce5a7c3a5bf30bf43308d42e9" score = 75 quality = 75 @@ -63981,8 +63952,8 @@ rule ELASTIC_Windows_Trojan_Bloodalchemy_De591C5A : FILE MEMORY date = "2023-09-25" modified = "2023-11-02" reference = "https://www.elastic.co/security-labs/disclosing-the-bloodalchemy-backdoor" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_BloodAlchemy.yar#L83-L106" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_BloodAlchemy.yar#L83-L106" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "fd5cfe2558a7c02a617003140cdcf477ec451ecea4adf2808bef8f93673c28f1" score = 75 quality = 75 @@ -64005,6 +63976,140 @@ rule ELASTIC_Windows_Trojan_Bloodalchemy_De591C5A : FILE MEMORY condition: any of ($crypto_*) and all of ($com_tm_*) } +rule ELASTIC_Windows_Hacktool_Edrrecon_69453Aff : FILE MEMORY +{ + meta: + description = "Detects Windows Hacktool Edrrecon (Windows.Hacktool.EDRrecon)" + author = "Elastic Security" + id = "69453aff-1427-4aae-b1f3-7cce9c93342c" + date = "2024-03-07" + modified = "2024-06-10" + reference = "https://github.com/elastic/protections-artifacts/" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Hacktool_EDRrecon.yar#L1-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" + hash = "f62e51b2405c0d42c53ff1f560376ef0530ba2eea1c97e18f2a3cf148346bcd1" + logic_hash = "3d0f6dc5d47a3c0957a7aa8d2918fee113d079d7d74f37a1c17c5429034ba41f" + score = 75 + quality = 50 + tags = "FILE, MEMORY" + fingerprint = "f10758ed032a0f7da0d983839beb12f79fba764aa4ffa0f3716dbfc2e8a3ea82" + severity = 100 + arch_context = "x86" + scan_context = "file, memory" + license = "Elastic License v2" + os = "windows" + + strings: + $s01 = "WdFilter.sys" ascii wide fullword + $s02 = "mpFilter.sys" ascii wide fullword + $s03 = "SRTSP.sys" ascii wide fullword + $s04 = "eeCtrl.sys" ascii wide fullword + $s05 = "360AvFlt.sys" ascii wide fullword + $s06 = "360fsflt.sys" ascii wide fullword + $s07 = "esensor.sys" ascii wide fullword + $s09 = "klflt.sys" ascii wide fullword + $s10 = "klam.sys" ascii wide fullword + $s11 = "SysmonDrv.sys" ascii wide fullword + $s12 = "CarbonBlackK.sys" ascii wide fullword + $s13 = "edrsensor.sys" ascii wide fullword + $s14 = "naswSP.sys" ascii wide fullword + $s15 = "symevnt.sys" ascii wide fullword + $s16 = "symevnt32.sys" ascii wide fullword + $s17 = "CyProtectDrv" ascii wide fullword + $s18 = "mfeaskm.sys" ascii wide fullword + $s19 = "SentinelMonitor.sys" ascii wide fullword + $s20 = "sentinelelam.sys" ascii wide fullword + $s21 = "SophosSupport.sys" ascii wide fullword + $s22 = "CSDeviceControl.sys" ascii wide fullword + $s23 = "csagent.sys" ascii wide fullword + $s24 = "avgntflt.sys" ascii wide fullword + $s25 = "bddevflt.sys" ascii wide fullword + $s26 = "CiscoAMPHeurDriver.sys" ascii wide fullword + $s27 = "DeepInsFS.sys" ascii wide fullword + $s28 = "eamonm.sys" ascii wide fullword + $s29 = "fortirmon.sys" ascii wide fullword + $s30 = "FlightRecorder.sys" ascii wide fullword + $s31 = "TmKmSnsr.sys" ascii wide fullword + $s32 = "cpepmon.sys" ascii wide fullword + $s33 = "cposfw.sys" ascii wide fullword + $s34 = "cyvrmtgn.sys" ascii wide fullword + $s35 = "elastic-endpoint-driver.sys" ascii wide fullword + $s36 = "elasticelam.sys" ascii wide fullword + $37 = "mbamwatchdog.sys" ascii wide fullword + $38 = "FortiEDRWinDriver" ascii wide fullword + $39 = "QaxNfDrv.sys" ascii wide fullword + $40 = "qmnetmonw64.sys" ascii wide fullword + $s41 = "TFsFlt.sys" ascii wide fullword + $s42 = "DsArk64.sys" ascii wide fullword + + condition: + 14 of them +} +rule ELASTIC_Windows_Hacktool_Edrrecon_Ca314Aa1 : FILE MEMORY +{ + meta: + description = "Detects Windows Hacktool Edrrecon (Windows.Hacktool.EDRrecon)" + author = "Elastic Security" + id = "ca314aa1-3bbe-489c-a77a-fb7a0eca1f67" + date = "2024-03-07" + modified = "2024-06-10" + reference = "https://github.com/elastic/protections-artifacts/" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Hacktool_EDRrecon.yar#L61-L115" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" + hash = "f62e51b2405c0d42c53ff1f560376ef0530ba2eea1c97e18f2a3cf148346bcd1" + logic_hash = "04b8681b0b6f8fa51eb90488edf35638da3334886c7db5fc22218712b0d23007" + score = 75 + quality = 73 + tags = "FILE, MEMORY" + fingerprint = "58c6c2cbb92262098af27f8434863d1ea91c31f02727c5dde72d6ac07b3b872d" + severity = 100 + arch_context = "x86" + scan_context = "file, memory" + license = "Elastic License v2" + os = "windows" + + strings: + $s01 = "SentinelAgent.exe" ascii wide fullword + $s02 = "SentinelUI.exe" ascii wide fullword + $s03 = "MsMpEng.exe" ascii wide fullword + $s04 = "SenseIR.exe" ascii wide fullword + $s05 = "elastic-endpoint.exe" ascii wide fullword + $s06 = "elastic-agent.exe" ascii wide fullword + $s07 = "CylanceSvc.exe" ascii wide fullword + $s09 = "CybereasonAV.exe" ascii wide fullword + $s10 = "Traps.exe" ascii wide fullword + $s11 = "CyvrFsFlt.exe" ascii wide fullword + $s12 = "EIConnector.exe" ascii wide fullword + $s13 = "ekrn.exe" ascii wide fullword + $s14 = "fortiedr.exe" ascii wide fullword + $s15 = "RepMgr.exe" ascii wide fullword + $s16 = "TaniumDetectEngine.exe" ascii wide fullword + $s17 = "CSFalconService.exe" ascii wide fullword + $s18 = "CSFalconContainer.exe" ascii wide fullword + $s19 = "EndpointBasecamp.exe" ascii wide fullword + $s20 = "hmpalert.exe" ascii wide fullword + $s21 = "xagt.exe" ascii wide fullword + $s22 = "TMBMSRV.exe" ascii wide fullword + $s23 = "EIConnector.exe" ascii wide fullword + $s25 = "mcsclient.exe" ascii wide fullword + $s26 = "sophososquery.exe" ascii wide fullword + $s27 = "TaniumClient.exe" ascii wide fullword + $s28 = "asdsvc.exe" ascii wide fullword + $s29 = "avp.exe" ascii wide fullword + $s30 = "avpui.exe" ascii wide fullword + $s31 = "mbae-svc.exe" ascii wide fullword + $s32 = "mbae.exe" ascii wide fullword + $s33 = "ccSvcHst.exe" ascii wide fullword + $s35 = "bdagent.exe" ascii wide fullword + $s36 = "ir_agent.exe" ascii wide fullword + $s37 = "eguiproxy.exe" ascii wide fullword + $s38 = "ekrn.exe" ascii wide fullword + $s39 = "Sysmon64.exe" ascii wide fullword + $s40 = "Sysmon.exe" ascii wide fullword + + condition: + 14 of them +} rule ELASTIC_Windows_Trojan_Arkeistealer_84C7086A : FILE MEMORY { meta: @@ -64014,8 +64119,8 @@ rule ELASTIC_Windows_Trojan_Arkeistealer_84C7086A : FILE MEMORY date = "2022-02-17" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_ArkeiStealer.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_ArkeiStealer.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "708d9fb40f49192d4bf6eff62e0140c920a7eca01b9f78aeaf558bef0115dbe2" logic_hash = "b7129094389f789f0b43f0da54645c24a6d1149f53d6536c14714e3ff44f935b" score = 75 @@ -64043,8 +64148,8 @@ rule ELASTIC_Macos_Trojan_Aobokeylogger_Bd960F34 : FILE MEMORY date = "2021-10-18" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/MacOS_Trojan_Aobokeylogger.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/MacOS_Trojan_Aobokeylogger.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "2b50146c20621741642d039f1e3218ff68e5dbfde8bb9edaa0a560ca890f0970" logic_hash = "f89fbf1d6bf041de0ce32f7920818c34ce0eeb6779bb7fac6f223bbea1c6f6fa" score = 75 @@ -64072,8 +64177,8 @@ rule ELASTIC_Windows_Trojan_Stormkitty_6256031A : FILE MEMORY date = "2022-03-21" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_StormKitty.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_StormKitty.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "0c69015f534d1da3770dbc14183474a643c4332de6a599278832abd2b15ba027" logic_hash = "a797e87eaf5b173da9dd43fcff03b3d26198dcafa29c3f2ca369773c73001234" score = 75 @@ -64106,8 +64211,8 @@ rule ELASTIC_Linux_Cryptominer_Camelot_9Ac1654B : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Camelot.yar#L1-L18" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Camelot.yar#L1-L18" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "5de1f43803f3d3b94149ea39ed961e7b9a1ad86c15c5085e2e0a5f9c314e98ff" score = 75 quality = 75 @@ -64134,8 +64239,8 @@ rule ELASTIC_Linux_Cryptominer_Camelot_Dd167Aa0 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Camelot.yar#L20-L37" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Camelot.yar#L20-L37" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "88be4fbb337fa866e126021b40a01d86a33029071af7efc289a8c5490d21ea8a" score = 75 quality = 75 @@ -64162,8 +64267,8 @@ rule ELASTIC_Linux_Cryptominer_Camelot_B25398Dd : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Camelot.yar#L39-L57" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Camelot.yar#L39-L57" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "6fb3b77be0a66a10124a82f9ec6ad22247d7865a4d26aa49c5d602320318ce3c" logic_hash = "e7fdb3c573909e8f197417278a6d333cc3743b05257d81fed46769b185354183" score = 75 @@ -64191,8 +64296,8 @@ rule ELASTIC_Linux_Cryptominer_Camelot_6A279F19 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Camelot.yar#L59-L77" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Camelot.yar#L59-L77" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "5b01f72b2c53db9b8f253bb98c6584581ebd1af1b1aaee62659f54193c269fca" logic_hash = "91e3c0d96fe5ab9c61b38f01d39639020ec459bec6348b1f87a2c5b1a874e24a" score = 75 @@ -64220,8 +64325,8 @@ rule ELASTIC_Linux_Cryptominer_Camelot_4E7945A4 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Camelot.yar#L79-L97" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Camelot.yar#L79-L97" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "b7504ce57787956e486d951b4ff78d73807fcc2a7958b172febc6d914e7a23a7" logic_hash = "aebc544076954fcce917e026467a8828b18446ce7c690b4c748562e311b7d491" score = 75 @@ -64249,8 +64354,8 @@ rule ELASTIC_Linux_Cryptominer_Camelot_29C1C386 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Camelot.yar#L99-L117" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Camelot.yar#L99-L117" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "fc73bbfb12c64d2f20efa22a6d8d8c5782ef57cb0ca6d844669b262e80db2444" logic_hash = "1a3a9065cbb59658c06dfbfc622ccd2e577e988370ffe47848a5859f96db4e24" score = 75 @@ -64278,8 +64383,8 @@ rule ELASTIC_Linux_Cryptominer_Camelot_25B63F54 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Camelot.yar#L119-L136" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Camelot.yar#L119-L136" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "640ffe2040e382ad536c1b6947e05f8c25ff82897ef7ac673a7676815856a346" score = 75 quality = 75 @@ -64306,8 +64411,8 @@ rule ELASTIC_Linux_Cryptominer_Camelot_73E2373E : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Camelot.yar#L138-L156" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Camelot.yar#L138-L156" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "fc73bbfb12c64d2f20efa22a6d8d8c5782ef57cb0ca6d844669b262e80db2444" logic_hash = "2377da6667860dc7204760ee64213cba95909c9181bd1a3ea96c3ad29988c9f7" score = 75 @@ -64335,8 +64440,8 @@ rule ELASTIC_Linux_Cryptominer_Camelot_B8552Fff : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Camelot.yar#L158-L176" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Camelot.yar#L158-L176" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "cdd3d567fbcbdd6799afad241ae29acbe4ab549445e5c4fc0678d16e75b40dfa" logic_hash = "476b800422b6d98405d8bde727bb589c5cae36723436b269beaa65381b3d0abe" score = 75 @@ -64364,8 +64469,8 @@ rule ELASTIC_Linux_Cryptominer_Camelot_83550472 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Camelot.yar#L178-L196" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Camelot.yar#L178-L196" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "d2d8421ffdcebb7fed00edcf306ec5e86fc30ad3e87d55e85b05bea5dc1f7d63" logic_hash = "f62d4a2a7dfb312b2e362844bfa29bd4453a05f31b4f72550ef29ff40ed6fb9d" score = 75 @@ -64393,8 +64498,8 @@ rule ELASTIC_Linux_Cryptominer_Camelot_8799D8D6 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Camelot.yar#L198-L216" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Camelot.yar#L198-L216" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "4a6d98eae8951e5b9e0a226f1197732d6d14ed45c1b1534d3cdb4413261eb352" logic_hash = "4bcd7931aeed09069d5dd248a66f119a2bdf628e03b9abed9ee2de59a149c2bc" score = 75 @@ -64422,8 +64527,8 @@ rule ELASTIC_Linux_Cryptominer_Camelot_0F7C5375 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Camelot.yar#L218-L236" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Camelot.yar#L218-L236" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "e75be5377ad65abdc69e6c7f9fe17429a98188a217d0ca3a6f40e75c4f0c07e8" logic_hash = "05f4b16a7e4c7ffbc6b8a2f60050a4ac1d05d9efbe948e2da689055f6383cf82" score = 75 @@ -64451,8 +64556,8 @@ rule ELASTIC_Linux_Cryptominer_Camelot_87639Dbd : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Camelot.yar#L238-L256" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Camelot.yar#L238-L256" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "d2d8421ffdcebb7fed00edcf306ec5e86fc30ad3e87d55e85b05bea5dc1f7d63" logic_hash = "b81af8c9baee999b91e63f97d5a46451d9960487b25b04079df5539f857be466" score = 75 @@ -64480,8 +64585,8 @@ rule ELASTIC_Linux_Cryptominer_Camelot_Cdd631C1 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Camelot.yar#L258-L276" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Camelot.yar#L258-L276" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "91549c171ae7f43c1a85a303be30169932a071b5c2b6cf3f4913f20073c97897" logic_hash = "5e4b26a74fc3737c068917c7c1228048f885ac30fc326a2844611f7e707d1300" score = 75 @@ -64509,8 +64614,8 @@ rule ELASTIC_Linux_Cryptominer_Camelot_209B02Dd : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Camelot.yar#L278-L296" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Camelot.yar#L278-L296" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "60d33d1fdabc6b10f7bb304f4937051a53d63f39613853836e6c4d095343092e" logic_hash = "5cadc955242d4b7d5fd4365a0b425051d89c905e3d49ea03967150de0020225c" score = 75 @@ -64538,8 +64643,8 @@ rule ELASTIC_Windows_Trojan_Oskistealer_A158B1E3 : FILE MEMORY date = "2022-03-21" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_OskiStealer.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_OskiStealer.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "568cd515c9a3bce7ef21520761b02cbfc95d8884d5b2dc38fc352af92356c694" logic_hash = "0ddbe0b234ed60f5a3fc537cdaebf39f639ee24fd66143c9036a9f4786d4c51b" score = 75 @@ -64571,8 +64676,8 @@ rule ELASTIC_Windows_Trojan_Smokeloader_4E31426E : FILE MEMORY date = "2021-07-21" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Smokeloader.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Smokeloader.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174" logic_hash = "44ac7659964519ae72f83076bcd1b3e5244eb9cadd9a3b123dda78b0e9e07424" score = 75 @@ -64600,8 +64705,8 @@ rule ELASTIC_Windows_Trojan_Smokeloader_4Ee15B92 : FILE MEMORY date = "2022-02-17" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Smokeloader.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Smokeloader.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "09b9283286463b35ea2d5abfa869110eb124eb8c1788eb2630480d058e82abf2" logic_hash = "7d5ba6a4cc1f1b87f7ea1963b41749f5488197ea28b31f20a235091236250463" score = 75 @@ -64629,8 +64734,8 @@ rule ELASTIC_Windows_Trojan_Smokeloader_Ea14B2A5 : FILE MEMORY date = "2023-05-03" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Smokeloader.yar#L41-L60" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Smokeloader.yar#L41-L60" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "15fe237276b9c2c6ceae405c0739479d165b406321891c8a31883023e7b15d54" logic_hash = "8a96985902f82979f1512d4d30cfa41fd23562b8f86bf2f722351ef2adf4365f" score = 75 @@ -64659,8 +64764,8 @@ rule ELASTIC_Windows_Trojan_Smokeloader_De52Ed44 : FILE MEMORY date = "2023-05-04" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Smokeloader.yar#L62-L81" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Smokeloader.yar#L62-L81" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "c689a384f626616005d37a94e6a5a713b9eead1b819a238e4e586452871f6718" logic_hash = "95a60079a316016ca3f78f18e7920b962f5770bef4211dd70e37f45bbe069406" score = 75 @@ -64689,8 +64794,8 @@ rule ELASTIC_Linux_Trojan_Sambashell_F423755D : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Sambashell.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Sambashell.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "bd8a3728a59afbf433799578ef597b9a7211c8d62e87a25209398814851a77ea" logic_hash = "b93c671fae87cd635679142d248cb2b754389ba3b416f3370ea331640eb906ab" score = 75 @@ -64718,8 +64823,8 @@ rule ELASTIC_Windows_Trojan_Danabot_6F3Dadb2 : FILE MEMORY date = "2021-08-15" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Danabot.yar#L1-L26" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Danabot.yar#L1-L26" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "716e5a3d29ff525aed30c18061daff4b496f3f828ba2ac763efd857062a42e96" logic_hash = "b9c895be9eab775726abd2c13256d598c5b79bceb2d652c30b1df4cfc37e4b93" score = 75 @@ -64754,8 +64859,8 @@ rule ELASTIC_Windows_Attacksimulation_Hovercraft_F5C7178F : FILE MEMORY date = "2022-05-23" modified = "2022-07-18" reference = "046645b2a646c83b4434a893a0876ea9bd51ae05e70d4e72f2ccc648b0f18cb6" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_AttackSimulation_Hovercraft.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_AttackSimulation_Hovercraft.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "e707e89904a5fa4d30f94bfc625b736a411df6bb055c0e40df18ae65025a3740" score = 75 quality = 75 @@ -64783,8 +64888,8 @@ rule ELASTIC_Windows_Vulndriver_Directio_7Bea6C8F : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_VulnDriver_DirectIo.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_VulnDriver_DirectIo.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "1dadd707c55413a16320dc70d2ca7784b94c6658331a753b3424ae696c5d93ea" logic_hash = "bc87ede24c688565258859287141ddffb3bcfb0cc6d4fcbc08827c48bb897580" score = 75 @@ -64812,8 +64917,8 @@ rule ELASTIC_Windows_Vulndriver_Directio_Abe8Bfa6 : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_VulnDriver_DirectIo.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_VulnDriver_DirectIo.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "d84e3e250a86227c64a96f6d5ac2b447674ba93d399160850acb2339da43eae5" logic_hash = "8548e64e091c0e9e53316662d3dd91eca605c260f391d752ad40253f225571ed" score = 75 @@ -64841,8 +64946,8 @@ rule ELASTIC_Linux_Webshell_Generic_E80Ff633 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Webshell_Generic.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Webshell_Generic.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "7640ba6f2417931ef901044152d5bfe1b266219d13b5983d92ddbdf644de5818" logic_hash = "d345e6ce3e51ed55064aafb1709e9bee7ef2ce87ec80165ac1b58eebd83cefee" score = 75 @@ -64870,8 +64975,8 @@ rule ELASTIC_Linux_Webshell_Generic_41A5Fa40 : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "18ac7fbc3d8d3bb8581139a20a7fee8ea5b7fcfea4a9373e3d22c71bae3c9de0" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Webshell_Generic.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Webshell_Generic.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "574148bc58626aac00add1989c65ad56315c7e2a8d27c7b96be404d831a7a576" score = 75 quality = 73 @@ -64898,8 +65003,8 @@ rule ELASTIC_Windows_Trojan_M0Yv_92F66467 : FILE MEMORY date = "2023-05-03" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_M0yv.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_M0yv.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "0004d22dd18c0239b722c085101c0a32b967159e2066a0b7b9104bb43f5cdea0" logic_hash = "a47b20679aee9559213de22783cfbc55c6091785e4dc288349963e863b78cf41" score = 75 @@ -64929,8 +65034,8 @@ rule ELASTIC_Windows_Trojan_Modpipe_12Bc2604 : FILE MEMORY date = "2023-07-27" modified = "2023-09-20" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_ModPipe.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_ModPipe.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "0a26de1b2fb48d65cde61b60c0eba478da73a3eeaeb785d1b2d6095eccbe34e2" score = 75 quality = 75 @@ -64960,8 +65065,8 @@ rule ELASTIC_Linux_Ransomware_Itssoeasy_30Bd68E0 : FILE MEMORY date = "2023-07-28" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Ransomware_ItsSoEasy.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Ransomware_ItsSoEasy.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "efb1024654e86c0c30d2ac5f97d27f5f27b4dd3f7f6ada65d58691f0d703461c" logic_hash = "a8838af442d1106bc9a7df93d6d8335ff0275bf5928acbb605e9bad58ce6bbd4" score = 75 @@ -64990,8 +65095,8 @@ rule ELASTIC_Linux_Cryptominer_Bulz_2Aa8Fbb5 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Bulz.yar#L1-L18" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Bulz.yar#L1-L18" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "21d8bec73476783e01d2a51a99233f186d7c72b49c9292c42e19e1aa6397d415" score = 75 quality = 75 @@ -65018,8 +65123,8 @@ rule ELASTIC_Linux_Cryptominer_Bulz_0998F811 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Bulz.yar#L20-L37" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Bulz.yar#L20-L37" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "178f6c42582dd99cc5418388d020d4d76f2a9204297a673359fe0a300121c35b" score = 75 quality = 75 @@ -65046,8 +65151,8 @@ rule ELASTIC_Linux_Trojan_Bedevil_A1A72C39 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Bedevil.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Bedevil.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "017a9d7290cf327444d23227518ab612111ca148da7225e64a9f6ebd253449ab" logic_hash = "227adcc340c38cebf56ea2f39b483c965dd46827d83afe5f866ca844c932da76" score = 75 @@ -65075,8 +65180,8 @@ rule ELASTIC_Macos_Trojan_Kandykorn_A7Bb6944 : FILE MEMORY date = "2023-10-23" modified = "2023-10-23" reference = "https://www.elastic.co/security-labs/elastic-catches-dprk-passing-out-kandykorn" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/MacOS_Trojan_KandyKorn.yar#L1-L29" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/MacOS_Trojan_KandyKorn.yar#L1-L29" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "51dd4efcf714e64b4ad472ea556bf1a017f40a193a647b9e28bf356979651077" logic_hash = "65decd519dee947894dd684c52d91202ebe5587acfecc0b8b56cd73f2981e387" score = 75 @@ -65113,8 +65218,8 @@ rule ELASTIC_Linux_Rootkit_Fontonlake_8Fa41F5E : FILE MEMORY date = "2021-10-12" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Rootkit_Fontonlake.yar#L1-L26" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Rootkit_Fontonlake.yar#L1-L26" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "826222d399e2fb17ae6bc6a4e1493003881b1406154c4b817f0216249d04a234" logic_hash = "e90ace26dd74ae948d2469c6f532af5ec3070a21092f8b2c4d47c4f5b9d04c09" score = 75 @@ -65149,8 +65254,8 @@ rule ELASTIC_Linux_Trojan_Meterpreter_A82F5D21 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Meterpreter.yar#L1-L18" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Meterpreter.yar#L1-L18" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "d76886222de7292e8a76717f6d49452f52aaffb957bb0326bcfc7a35c3fdfc6a" score = 75 quality = 75 @@ -65177,8 +65282,8 @@ rule ELASTIC_Linux_Trojan_Meterpreter_383C6708 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Meterpreter.yar#L20-L38" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Meterpreter.yar#L20-L38" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "d9d607f0bbc101f7f6dc0f16328bdd8f6ddb8ae83107b7eee34e1cc02072cb15" logic_hash = "b0fd479722ab0808a4709cbacbb874282c48a425f4dbdaec9f74bc7f839c82e4" score = 75 @@ -65206,8 +65311,8 @@ rule ELASTIC_Linux_Trojan_Meterpreter_621054Fe : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Meterpreter.yar#L40-L57" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Meterpreter.yar#L40-L57" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "18f22bb0aa66ec2ecdaa9ca0e0d00ee59a2c9a3f231bd71915140e4464a4ea78" score = 75 quality = 75 @@ -65234,8 +65339,8 @@ rule ELASTIC_Linux_Trojan_Meterpreter_1Bda891E : FILE MEMORY date = "2021-12-13" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Meterpreter.yar#L59-L76" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Meterpreter.yar#L59-L76" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "74e7547472117de20159f5b158cee0ccacc02a9aba5e5ad64a52c552c966d539" score = 75 quality = 75 @@ -65262,8 +65367,8 @@ rule ELASTIC_Windows_Ransomware_Pandora_Bca8Ce23 : FILE MEMORY date = "2022-03-14" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Pandora.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Pandora.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "2c940a35025dd3847f7c954a282f65e9c2312d2ada28686f9d1dc73d1c500224" logic_hash = "52203c1af994667ba6833defe547e886dd02167e4d76c57711080e3be0473bfc" score = 75 @@ -65293,8 +65398,8 @@ rule ELASTIC_Linux_Ransomware_Blackbasta_96Eb3F20 : FILE MEMORY date = "2022-08-06" modified = "2022-08-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Ransomware_BlackBasta.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Ransomware_BlackBasta.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "96339a7e87ffce6ced247feb9b4cb7c05b83ca315976a9522155bad726b8e5be" logic_hash = "a5e0b60ba51490f70af53c9fba91e3349c712bebb10574eb4bed028ab961ae74" score = 75 @@ -65328,8 +65433,8 @@ rule ELASTIC_Windows_Trojan_Pizzapotion_D334C613 : FILE MEMORY date = "2023-09-13" modified = "2023-09-20" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_PizzaPotion.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_PizzaPotion.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "37bee101cf34a84cba49adb67a555c6ebd3b8ac7c25d50247b0a014c82630003" logic_hash = "de7d395c8a993abf9858858e56ba0ec4acbf0fa1c8bfe4a34ae95be2205967fc" score = 75 @@ -65362,8 +65467,8 @@ rule ELASTIC_Linux_Trojan_Iroffer_53692410 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Iroffer.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Iroffer.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "e76508141970efb3e4709bcff83772da9b10169c599e13e58432257a7bb2defa" logic_hash = "b8aa25fbde4d9ca36656f583e7601118a06e57703862c8b28b273881eef504fe" score = 60 @@ -65391,8 +65496,8 @@ rule ELASTIC_Linux_Trojan_Iroffer_013E07De : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Iroffer.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Iroffer.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "e76508141970efb3e4709bcff83772da9b10169c599e13e58432257a7bb2defa" logic_hash = "ce21de61f94d41aa3abb73b9391a4d9c8ddeea75f1a2b36be58111b70a9590fe" score = 60 @@ -65420,8 +65525,8 @@ rule ELASTIC_Linux_Trojan_Iroffer_0De95Cab : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Iroffer.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Iroffer.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "717bea3902109d1b1d57e57c26b81442c0705af774139cd73105b2994ab89514" logic_hash = "adec3e1d3110bcc22262d5f1f2ad14a347616f4a809f29170a9fbb5d1669a4c3" score = 75 @@ -65449,8 +65554,8 @@ rule ELASTIC_Linux_Trojan_Iroffer_711259E4 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Iroffer.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Iroffer.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "e76508141970efb3e4709bcff83772da9b10169c599e13e58432257a7bb2defa" logic_hash = "a71dbb979bc1f7671ab9958b6aa502e6ded4ee1c1b026080fd377eb772ebb1d5" score = 75 @@ -65478,8 +65583,8 @@ rule ELASTIC_Linux_Trojan_Iroffer_7478Ddd9 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Iroffer.yar#L81-L99" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Iroffer.yar#L81-L99" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "20e1509c23d7ef14b15823e4c56b9a590e70c5b7960a04e94b662fc34152266c" logic_hash = "e650ee830b735a11088b628e865cd40a15054437ca05849f2eaa7838eac152e3" score = 75 @@ -65507,8 +65612,8 @@ rule ELASTIC_Windows_Trojan_Nighthawk_9F3A5Abb : FILE MEMORY date = "2022-11-24" modified = "2023-06-20" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Nighthawk.yar#L1-L26" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Nighthawk.yar#L1-L26" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "b775a8f7629966592cc7727e2081924a7d7cf83edd7447aa60627a2b67d87c94" logic_hash = "27a34e48141fe260c16c12a2652e440d2540ca5f0c84b41c9c4762dcab44ffd4" score = 75 @@ -65543,8 +65648,8 @@ rule ELASTIC_Windows_Trojan_Nighthawk_2A2E3B9D : FILE MEMORY date = "2022-11-24" modified = "2023-06-20" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Nighthawk.yar#L28-L47" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Nighthawk.yar#L28-L47" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "38881b87826f184cc91559555a3456ecf00128e01986a9df36a72d60fb179ccf" logic_hash = "c42605ebba900fafb4ec2d34d93bb7adb69e731ce151b82a95889dd0d738da00" score = 75 @@ -65573,8 +65678,8 @@ rule ELASTIC_Windows_Trojan_Nighthawk_23489175 : FILE MEMORY date = "2023-06-14" modified = "2023-07-10" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Nighthawk.yar#L49-L74" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Nighthawk.yar#L49-L74" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "697742d5dd071add40b700022fd30424cb231ffde223d21bd83a44890e06762f" logic_hash = "be41fc53f7098ca3cf718e8066a488196423ede993466c9a24ad2af387e03b24" score = 75 @@ -65609,8 +65714,8 @@ rule ELASTIC_Linux_Trojan_Xpmmap_7Dcc3534 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Xpmmap.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Xpmmap.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "765546a981921187a4a2bed9904fbc2ccb2a5876e0d45c72e79f04a517c1bda3" logic_hash = "f88cc0f02797651e8cdf8e25b67a92f7825ec616b79df21daae798b613baf334" score = 75 @@ -65638,8 +65743,8 @@ rule ELASTIC_Macos_Virus_Maxofferdeal_53Df500F : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/MacOS_Virus_Maxofferdeal.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/MacOS_Virus_Maxofferdeal.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "ecd62ef880da057726ca55c6826ce4e1584ec6fc3afaabed7f66154fc39ffef8" logic_hash = "ed63c14e31c200f906b525c7ef1cd671511a89c8833cfa1a605fc9870fe91043" score = 75 @@ -65667,8 +65772,8 @@ rule ELASTIC_Macos_Virus_Maxofferdeal_F4681Eba : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/MacOS_Virus_Maxofferdeal.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/MacOS_Virus_Maxofferdeal.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "ecd62ef880da057726ca55c6826ce4e1584ec6fc3afaabed7f66154fc39ffef8" logic_hash = "cf478ec5313b40d74d110e4d6e97da5f671d5af331adc3ab059a69616e78c76c" score = 75 @@ -65696,8 +65801,8 @@ rule ELASTIC_Macos_Virus_Maxofferdeal_4091E373 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/MacOS_Virus_Maxofferdeal.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/MacOS_Virus_Maxofferdeal.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "c38c4bdd3c1fa16fd32db06d44d0db1b25bb099462f8d2936dbdd42af325b37c" logic_hash = "ce82f6d3a2e4b7ffe7010629bf91a9144a94e50513682a6c0622603d28248d51" score = 75 @@ -65725,8 +65830,8 @@ rule ELASTIC_Macos_Virus_Maxofferdeal_20A0091E : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/MacOS_Virus_Maxofferdeal.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/MacOS_Virus_Maxofferdeal.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "b00a61c908cd06dbc26bee059ba290e7ce2ad6b66c453ea272c7287ffa29c5ab" logic_hash = "bb90b7e1637fd86e91763b4801a0b3bb8a1b956f328d07e96cf1b26e42b1931b" score = 75 @@ -65754,8 +65859,8 @@ rule ELASTIC_Linux_Exploit_CVE_2010_3301_79D52Efd : FILE MEMORY CVE_2010_3301 date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_CVE_2010_3301.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_CVE_2010_3301.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "53a2163ad17a414d9db95f5287d9981c9410e7eaeea096610ba622eb763a6970" logic_hash = "1d4eb14042f552aa1577d0fe452e92c25bda66d0ad1a66e824677bee65908578" score = 75 @@ -65783,8 +65888,8 @@ rule ELASTIC_Linux_Exploit_CVE_2010_3301_D0Eb0924 : FILE MEMORY CVE_2010_3301 date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_CVE_2010_3301.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_CVE_2010_3301.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "907995e90a80d3ace862f2ffdf13fd361762b5acc5397e14135d85ca6a61619b" logic_hash = "5229be3d1997ee4d05846d6804ffafd36c088dd8607a1fba39a0a43950e448c1" score = 75 @@ -65812,8 +65917,8 @@ rule ELASTIC_Linux_Exploit_CVE_2010_3301_A5828970 : FILE MEMORY CVE_2010_3301 date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_CVE_2010_3301.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_CVE_2010_3301.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "4fc781f765a65b714ec27080f25c03f20e06830216506e06325240068ba62d83" logic_hash = "61b0cb38a6e14efee157547e811450d2ed4674f79ac86656a8d984084f71a665" score = 75 @@ -65841,8 +65946,8 @@ rule ELASTIC_Windows_Trojan_Lurker_0Ee51802 : FILE date = "2022-04-04" modified = "2022-06-09" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Lurker.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Lurker.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "5718fd4f807e29e48a8b6a6f4484426ba96c61ec8630dc78677686e0c9ba2b87" logic_hash = "782926c927dce82b95e51634d5607c474937e1edc0f7f739acefa0f4c03aa753" score = 75 @@ -65870,8 +65975,8 @@ rule ELASTIC_Macos_Trojan_Getshell_F339D74C : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/MacOS_Trojan_Getshell.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/MacOS_Trojan_Getshell.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "b2199c15500728a522c04320aee000938f7eb69d751a55d7e51a2806d8cd0fe7" logic_hash = "77a409f1a0ab5f87a77a6b2ffa2d4ff7bd6d86c0f685c524e2083585bb3fb764" score = 75 @@ -65899,8 +66004,8 @@ rule ELASTIC_Windows_Vulndriver_Sandra_5D112Feb : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_VulnDriver_Sandra.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_VulnDriver_Sandra.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "3a364a7a3f6c0f2f925a060e84fb18b16c118125165b5ea6c94363221dc1b6de" logic_hash = "d234a1e74234400f51c2aa7a9fb1549be1bc422bdf585db7d2ec9ad1ec75e490" score = 75 @@ -65930,8 +66035,8 @@ rule ELASTIC_Windows_Vulndriver_Sandra_612A7A16 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_VulnDriver_Sandra.yar#L23-L42" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_VulnDriver_Sandra.yar#L23-L42" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "8fda0e1775d903b73836d4103f6e8b0e2f052026b3acdb07bd345b9ddb3c873a" score = 75 quality = 75 @@ -65960,8 +66065,8 @@ rule ELASTIC_Windows_Trojan_Poshc2_E2D3881E : FILE MEMORY date = "2023-03-29" modified = "2023-04-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_PoshC2.yar#L1-L26" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_PoshC2.yar#L1-L26" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "7a718a4f74656346bd9a2e29e008705fc2b1c4d167a52bd4f6ff10b3f2cd9395" logic_hash = "4f3e2a9f22826a155a3007193a0f75a5fde6e423734a60f30628ea3bb33d3457" score = 75 @@ -65996,8 +66101,8 @@ rule ELASTIC_Windows_Exploit_Ioring_1E4A8F47 : FILE MEMORY date = "2024-02-28" modified = "2024-03-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Exploit_IoRing.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Exploit_IoRing.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "ba2bd270bf3f312dfa3f77f0716edb634c90506c87f82c04aee09445d18738eb" logic_hash = "cbbea9a60bde13356ce88cd96aacaa02a3c99f4ae0b48c4ba84b72528a3d6b91" score = 75 @@ -66028,8 +66133,8 @@ rule ELASTIC_Linux_Ransomware_Monti_9C64F016 : FILE MEMORY date = "2023-07-27" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Ransomware_Monti.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Ransomware_Monti.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "ad8d1b28405d9aebae6f42db1a09daec471bf342e9e0a10ab4e0a258a7fa8713" logic_hash = "c22a4efaaf97d68deaf1978e637dd7f790541e5007c6323629bcc9e3d4eecd06" score = 75 @@ -66060,8 +66165,8 @@ rule ELASTIC_Macos_Backdoor_Keyboardrecord_832F7Bac : FILE date = "2021-11-11" modified = "2022-07-22" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/MacOS_Backdoor_Keyboardrecord.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/MacOS_Backdoor_Keyboardrecord.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "570cd76bf49cf52e0cb347a68bdcf0590b2eaece134e1b1eba7e8d66261bdbe6" logic_hash = "5719681d50134edacb5341034314c33ed27e9325de0ae26b2a01d350429c533b" score = 75 @@ -66093,8 +66198,8 @@ rule ELASTIC_Linux_Trojan_Rooter_C8D08D3A : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Rooter.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Rooter.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "f55e3aa4d875d8322cdd7caa17aa56e620473fe73c9b5ae0e18da5fbc602a6ba" logic_hash = "c91f3112cc61acec08ab3cd59bab2ae833ba0d8ac565ffb26a46982f38af0e71" score = 75 @@ -66122,8 +66227,8 @@ rule ELASTIC_Windows_Vulndriver_Rtkio_13B3C88B : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_VulnDriver_Rtkio.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_VulnDriver_Rtkio.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "478917514be37b32d5ccf76e4009f6f952f39f5553953544f1b0688befd95e82" logic_hash = "1e37650292884e28dcc51c42bc1b1d1e8efc13b0727f7865ff1dc7b8e1a72380" score = 75 @@ -66152,8 +66257,8 @@ rule ELASTIC_Windows_Vulndriver_Rtkio_D595781E : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_VulnDriver_Rtkio.yar#L22-L41" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_VulnDriver_Rtkio.yar#L22-L41" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "4ed2d2c1b00e87b926fb58b4ea43d2db35e5912975f4400aa7bd9f8c239d08b7" logic_hash = "289eb17025d989cc74e109b1c03378e9760817a84f1a759153ff6ff6b6401e6d" score = 75 @@ -66182,8 +66287,8 @@ rule ELASTIC_Windows_Vulndriver_Rtkio_B09Af431 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_VulnDriver_Rtkio.yar#L43-L62" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_VulnDriver_Rtkio.yar#L43-L62" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "b205835b818d8a50903cf76936fcf8160060762725bd74a523320cfbd091c038" logic_hash = "916a6e63dc4c7ee0bfdf4a455ee467a1d03c1042db60806511aa7cbf3b096190" score = 75 @@ -66212,8 +66317,8 @@ rule ELASTIC_Windows_Vulndriver_Rtkio_5693E967 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_VulnDriver_Rtkio.yar#L64-L83" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_VulnDriver_Rtkio.yar#L64-L83" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "ab8f2217e59319b88080e052782e559a706fa4fb7b8b708f709ff3617124da89" logic_hash = "4cbc7a52de7f610cdb12bf40a9099bcfae818dcb5e4119a8c34499433aeebd7e" score = 75 @@ -66242,8 +66347,8 @@ rule ELASTIC_Windows_Vulndriver_Procexp_Aeb4E5C0 : FILE date = "2022-04-04" modified = "2022-10-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_VulnDriver_ProcExp.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_VulnDriver_ProcExp.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "440883cd9d6a76db5e53517d0ec7fe13d5a50d2f6a7f91ecfc863bc3490e4f5c" logic_hash = "827bb2efb6d3442233f81e87a42a3f5ee5caaeadc459070c6d347c6515866c93" score = 75 @@ -66273,8 +66378,8 @@ rule ELASTIC_Windows_Ransomware_Nightsky_A7F19411 : FILE MEMORY date = "2022-01-11" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Nightsky.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Nightsky.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "1fca1cd04992e0fcaa714d9dfa97323d81d7e3d43a024ec37d1c7a2767a17577" logic_hash = "defc7ab43035c663302edfda60a4b57cb301b3d61662afe3ce1de2ac93cfc3e2" score = 75 @@ -66305,8 +66410,8 @@ rule ELASTIC_Windows_Ransomware_Nightsky_253C4D0D : FILE MEMORY date = "2022-03-14" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Nightsky.yar#L24-L42" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Nightsky.yar#L24-L42" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "2c940a35025dd3847f7c954a282f65e9c2312d2ada28686f9d1dc73d1c500224" logic_hash = "ba9e6dab664e464e0fdc65bd8bdccc661846d85e7fd8fbf089e72e9e5b71fb17" score = 75 @@ -66334,8 +66439,8 @@ rule ELASTIC_Windows_Ransomware_Sodinokibi_83F05Fbe : BETA FILE MEMORY date = "2020-06-18" modified = "2021-08-23" reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.revil" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Sodinokibi.yar#L1-L34" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Sodinokibi.yar#L1-L34" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "c88fc2690deae3700e605b2affb5ecac3d1ffc92435f33209f31897d28715b8c" score = 75 quality = 73 @@ -66376,8 +66481,8 @@ rule ELASTIC_Windows_Ransomware_Sodinokibi_182B2Cea : BETA FILE MEMORY date = "2020-06-18" modified = "2021-10-04" reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.revil" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Sodinokibi.yar#L36-L62" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Sodinokibi.yar#L36-L62" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "1c23effe5f8b35c5e03ebd5e57664c8937259d464f92dda0a9df344b982e8f8c" score = 75 quality = 75 @@ -66411,8 +66516,8 @@ rule ELASTIC_Windows_Ransomware_Sodinokibi_A282Ba44 : BETA FILE MEMORY date = "2020-06-18" modified = "2021-08-23" reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.revil" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Sodinokibi.yar#L64-L91" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Sodinokibi.yar#L64-L91" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "3a583069c9ab851a90f3a61c9c4fa67f8b918b8d168fcf7f25b2a3ae3465c596" score = 75 quality = 75 @@ -66447,8 +66552,8 @@ rule ELASTIC_Windows_Hacktool_Sharprdp_80895Fcb : FILE MEMORY date = "2022-11-20" modified = "2023-01-11" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Hacktool_SharpRDP.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Hacktool_SharpRDP.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "6e909861781a8812ee01bc59435fd73fd34da23fa9ad6d699eefbf9f84629876" logic_hash = "ef9a92f2ed29f508dca591e9c65a6ce0013ccdfd0c62770e8840be2f3ee5982e" score = 75 @@ -66480,8 +66585,8 @@ rule ELASTIC_Windows_Hacktool_Sharpsccm_9Bef8Dab : FILE MEMORY date = "2024-03-25" modified = "2024-05-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Hacktool_SharpSCCM.yar#L1-L31" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Hacktool_SharpSCCM.yar#L1-L31" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "2e169c4fd16627029445bb0365a2f9ee61ab6b3757b8ad02fd210ce85dc9c97f" logic_hash = "560c780934a63b3c857a09841c09cbc350205868c696fac958e249e1379cc865" score = 75 @@ -66521,8 +66626,8 @@ rule ELASTIC_Windows_Trojan_Redlinestealer_17Ee6A17 : FILE MEMORY date = "2021-06-12" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_RedLineStealer.yar#L1-L27" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_RedLineStealer.yar#L1-L27" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "497bc53c1c75003fe4ae3199b0ff656c085f21dffa71d00d7a3a33abce1a3382" logic_hash = "0c868d0673c01e2c115d6822c34c877db77265251167f3a890a448a1de5c6a2d" score = 75 @@ -66558,8 +66663,8 @@ rule ELASTIC_Windows_Trojan_Redlinestealer_F54632Eb : FILE MEMORY date = "2021-06-12" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_RedLineStealer.yar#L29-L56" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_RedLineStealer.yar#L29-L56" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25" logic_hash = "1779919556ee5c9a78342aabafb8408e035cb39632b25c54da6bf195894901dc" score = 75 @@ -66596,8 +66701,8 @@ rule ELASTIC_Windows_Trojan_Redlinestealer_3D9371Fd : FILE MEMORY date = "2022-02-17" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_RedLineStealer.yar#L58-L82" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_RedLineStealer.yar#L58-L82" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "0ec522dfd9307772bf8b600a8b91fd6facd0bf4090c2b386afd20e955b25206a" logic_hash = "1c8a64ce7615f502602ab960638dd55f4deaeea3b49d894274d64d4d0b6a1d10" score = 75 @@ -66631,8 +66736,8 @@ rule ELASTIC_Windows_Trojan_Redlinestealer_63E7E006 : FILE MEMORY date = "2023-05-01" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_RedLineStealer.yar#L84-L104" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_RedLineStealer.yar#L84-L104" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "e062c99dc9f3fa780ea9c6249fa4ef96bbe17fd1df38dbe11c664a10a92deece" logic_hash = "2085eaf622b52372124e9b23d19e3e4a7fdb7a4559ad9a09216c1cbae96ca5b6" score = 75 @@ -66662,8 +66767,8 @@ rule ELASTIC_Windows_Trojan_Redlinestealer_F07B3Cb4 : FILE MEMORY date = "2023-05-03" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_RedLineStealer.yar#L106-L125" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_RedLineStealer.yar#L106-L125" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "5e491625475fc25c465fc7f6db98def189c15a133af7d0ac1ecbc8d887c4feb6" logic_hash = "64536e3b340254554154ac1b33adfb4f3c72a2c6c0d1ef27827621b905d431c5" score = 75 @@ -66692,8 +66797,8 @@ rule ELASTIC_Windows_Trojan_Redlinestealer_4Df4Bcb6 : FILE MEMORY date = "2023-05-04" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_RedLineStealer.yar#L127-L145" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_RedLineStealer.yar#L127-L145" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "9389475bd26c1d3fd04a083557f2797d0ee89dfdd1f7de67775fcd19e61dfbb3" logic_hash = "d9027fa9c8d9c938159a734431bb2be67fd7cca1f898c2208f7b909157524da4" score = 75 @@ -66721,8 +66826,8 @@ rule ELASTIC_Windows_Trojan_Redlinestealer_15Ee6903 : FILE MEMORY date = "2023-05-04" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_RedLineStealer.yar#L147-L166" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_RedLineStealer.yar#L147-L166" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "46b506cafb2460ca2969f69bcb0ee0af63b6d65e6b2a6249ef7faa21bde1a6bd" logic_hash = "22c8a1f4b5b94261cfabdbcc00e45b9437a0132d4e9d4543b734d4f303336696" score = 75 @@ -66751,8 +66856,8 @@ rule ELASTIC_Windows_Trojan_Redlinestealer_6Dfafd7B : FILE MEMORY date = "2024-01-05" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_RedLineStealer.yar#L168-L186" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_RedLineStealer.yar#L168-L186" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "809e303ba26b894f006b8f2d3983ff697aef13b67c36957d98c56aae9afd8852" logic_hash = "888bc2fdfae8673cd6bce56fc9894b3cab6d7e3c384d854d6bc8aef47fdecf1c" score = 75 @@ -66780,8 +66885,8 @@ rule ELASTIC_Windows_Trojan_Redlinestealer_983Cd7A7 : FILE MEMORY date = "2024-03-27" modified = "2024-05-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_RedLineStealer.yar#L188-L208" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_RedLineStealer.yar#L188-L208" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "7aa20c57b8815dd63c8ae951e1819c75b5d2deec5aae0597feec878272772f35" logic_hash = "2104bad5ec42bc72ec611607a53086a85359bdb4bf084d7377e9a8e234b0e928" score = 75 @@ -66811,8 +66916,8 @@ rule ELASTIC_Windows_Trojan_Caesarkbd_32Bb198B : FILE date = "2022-04-04" modified = "2022-06-09" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_CaesarKbd.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_CaesarKbd.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "d4335f4189240a3bcafa05fab01f0707cc8e3dd7a2998af734c24916d9e37ca8" logic_hash = "f708706524515f98ebf612ac98318ee7172347096251d9ccd723f439070521de" score = 75 @@ -66840,8 +66945,8 @@ rule ELASTIC_Linux_Exploit_Vmsplice_Cfa94001 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_Vmsplice.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_Vmsplice.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "0a26e67692605253819c489cd4793a57e86089d50150124394c30a8801bf33e6" logic_hash = "b5a86a79384997f977d353371ccaa8c736f5c24af40b85a24076d4c4fb79a237" score = 75 @@ -66869,8 +66974,8 @@ rule ELASTIC_Linux_Exploit_Vmsplice_A000F267 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_Vmsplice.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_Vmsplice.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "c85cc6768a28fb7de16f1cad8d3c69d8f0b4aa01e00c8e48759d27092747ca6f" logic_hash = "2a8cb11bb21f2ce620a6fa1f0fb932bef60a479fac836058ec4e8c760b5d60f9" score = 75 @@ -66898,8 +67003,8 @@ rule ELASTIC_Linux_Exploit_Vmsplice_8B9E4F9F : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_Vmsplice.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_Vmsplice.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "0230c81ba747e588cd9b6113df6e1867dcabf9d8ada0c1921d1bffa9c1b9c75d" logic_hash = "6979a900a2532a8da36711f3ffe13f71ec4efa7771aa2feec9391bd031aaa023" score = 75 @@ -66927,8 +67032,8 @@ rule ELASTIC_Linux_Exploit_Vmsplice_055F88B8 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_Vmsplice.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_Vmsplice.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "607c8c5edc8cbbd79a40ce4a0eccf46e01447985d9415d1eff6a91bf64074507" logic_hash = "29e59bb372f0b37b507c72e5b5bcb27ba0fa2aaac71ea77f0cab85af31708c8a" score = 75 @@ -66956,8 +67061,8 @@ rule ELASTIC_Linux_Exploit_Vmsplice_431E689D : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "1cbb09223f16af4cd13545d72dbeeb996900535b1e279e4bcf447670728de1e1" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_Vmsplice.yar#L81-L99" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_Vmsplice.yar#L81-L99" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "5b9a7ffcd6fc6893a8224fd2b9ca59f4cff6086669a73190114db510a1ad9ff2" score = 75 quality = 75 @@ -66984,8 +67089,8 @@ rule ELASTIC_Linux_Cryptominer_Presenoker_3Bb5533D : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Presenoker.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Presenoker.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "bbc155c610c7aa439f98e32f97895d7eeaef06dab7cca05a5179b0eb3ba3cc00" logic_hash = "13bf69ea6bc7df5ba9ebffe67234657f2ecab99e28fd76d0bbedceaf9706a4dd" score = 75 @@ -67013,8 +67118,8 @@ rule ELASTIC_Linux_Trojan_Swrort_5Ad1A4F9 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Swrort.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Swrort.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "fa5695c355a6dc1f368a4b36a45e8f18958dacdbe0eac80c618fbec976bac8fe" logic_hash = "3a1fa978e0c8ab0dd4e7965a3f91306d6123c19f21b86d3f8088979bf58c3a07" score = 75 @@ -67042,8 +67147,8 @@ rule ELASTIC_Linux_Trojan_Swrort_4Cb5B116 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Swrort.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Swrort.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "703c16d4fcc6f815f540d50d8408ea00b4cf8060cc5f6f3ba21be047e32758e0" logic_hash = "9404856fc3290f3a8f9bf891fde9a614fc4484719eb3b51ce7ab601a41e0c3a5" score = 75 @@ -67071,8 +67176,8 @@ rule ELASTIC_Linux_Trojan_Swrort_22C2D6B6 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Swrort.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Swrort.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "6df073767f48dd79f98e60aa1079f3ab0b89e4f13eedc1af3c2c073e5e235bbc" logic_hash = "f661544d267a55feec786ab3d4fc4f002afa8e2b58833461f56b745ec65acfd4" score = 75 @@ -67100,8 +67205,8 @@ rule ELASTIC_Windows_Ransomware_Hellokitty_8859E8E8 : FILE MEMORY date = "2021-05-03" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Hellokitty.yar#L1-L32" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Hellokitty.yar#L1-L32" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "3ae7bedf236d4e53a33f3a3e1e80eae2d93e91b1988da2f7fcb8fde5dcc3a0e9" logic_hash = "72cc718724d9d9a391a9f7a0932ebf397c2ab79558437533bef6e380b06baff9" score = 75 @@ -67142,8 +67247,8 @@ rule ELASTIC_Windows_Ransomware_Hellokitty_4B668121 : FILE MEMORY date = "2021-05-03" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Hellokitty.yar#L34-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Hellokitty.yar#L34-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "9a7daafc56300bd94ceef23eac56a0735b63ec6b9a7a409fb5a9b63efe1aa0b0" logic_hash = "00c7a492c304f12b9909e35cf069618a1103311a69e3e8951ca196c3c663b12a" score = 75 @@ -67178,8 +67283,8 @@ rule ELASTIC_Windows_Ransomware_Hellokitty_D9391A1A : FILE MEMORY date = "2021-05-03" modified = "2023-01-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Hellokitty.yar#L61-L80" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Hellokitty.yar#L61-L80" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "10887d13dba1f83ef34e047455a04416d25a83079a7f3798ce3483e0526e3768" logic_hash = "074ca47c0526d9828f3c07c7d6dbdd1cec609670d70340b022ae2c712ad80305" score = 75 @@ -67208,8 +67313,8 @@ rule ELASTIC_Windows_Vulndriver_Segwin_04A3962E : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_VulnDriver_Segwin.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_VulnDriver_Segwin.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "65329dad28e92f4bcc64de15c552b6ef424494028b18875b7dba840053bc0cdd" logic_hash = "1e9ba5fc78f2b4eeee56314c9e8cf3071817d726b44cb8510f8d7069e85ab7bf" score = 75 @@ -67239,8 +67344,8 @@ rule ELASTIC_Windows_Trojan_Cybergate_517Aac7D : FILE MEMORY date = "2022-02-28" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_CyberGate.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_CyberGate.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "07b8f25e7b536f5b6f686c12d04edc37e11347c8acd5c53f98a174723078c365" logic_hash = "50e061d0c358655c03b95ccbe2d05e252501c3e6afd21dd20513019cd67e6147" score = 75 @@ -67272,8 +67377,8 @@ rule ELASTIC_Windows_Trojan_Cybergate_9996D800 : FILE MEMORY date = "2022-02-28" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_CyberGate.yar#L25-L43" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_CyberGate.yar#L25-L43" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "07b8f25e7b536f5b6f686c12d04edc37e11347c8acd5c53f98a174723078c365" logic_hash = "efefc171b6390c9792145973708358f62b18b8d0180feacaf5b9267563c3f7cc" score = 75 @@ -67301,8 +67406,8 @@ rule ELASTIC_Windows_Trojan_Cybergate_C219A2F3 : FILE MEMORY date = "2023-05-04" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_CyberGate.yar#L45-L64" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_CyberGate.yar#L45-L64" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "b7204f8caf6ace6ae1aed267de0ad6b39660d0e636d8ee0ecf88135f8a58dc42" logic_hash = "8075892728c610c1ceacd0df54615d2a3e833d728d631a9bf81311e8c6485f6e" score = 75 @@ -67331,8 +67436,8 @@ rule ELASTIC_Windows_Vulndriver_Ryzen_7Df5A747 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_VulnDriver_Ryzen.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_VulnDriver_Ryzen.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "a13054f349b7baa8c8a3fcbd31789807a493cc52224bbff5e412eb2bd52a6433" logic_hash = "192b51f0bbd2cab4c1d3da6f82fbee7129a53abaa6e8769d3681821112017824" score = 75 @@ -67362,8 +67467,8 @@ rule ELASTIC_Windows_Vulndriver_Ryzen_9B01C718 : FILE date = "2023-01-22" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_VulnDriver_Ryzen.yar#L23-L43" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_VulnDriver_Ryzen.yar#L23-L43" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "bb82d8c29127955d58dff58978605a9daa718425c74c4bce5ae3e53712909148" logic_hash = "5734f6a249656f22a2a363b42ae77b5e6b7673bc96bad34b04b1be7f2b584b08" score = 75 @@ -67393,8 +67498,8 @@ rule ELASTIC_Macos_Backdoor_Useragent_1A02Fc3A : FILE MEMORY date = "2021-11-11" modified = "2022-07-22" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/MacOS_Backdoor_Useragent.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/MacOS_Backdoor_Useragent.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "623f99cbe20af8b79cbfea7f485d47d3462d927153d24cac4745d7043c15619a" logic_hash = "90debdfc24ef100952302808a2e418bca2a46be3e505add9a0ccf4c49aff5102" score = 75 @@ -67426,8 +67531,8 @@ rule ELASTIC_Linux_Cryptominer_Pgminer_Ccf88A37 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Pgminer.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Pgminer.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "3afc8d2d85aca61108d21f82355ad813eba7a189e81dde263d318988c5ea50bd" logic_hash = "77833cdb319bc8e22db2503478677d5992774105f659fe7520177a691c83aa91" score = 75 @@ -67455,8 +67560,8 @@ rule ELASTIC_Linux_Cryptominer_Pgminer_5Fb2Efd5 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Pgminer.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Pgminer.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "6d296648fdbc693e604f6375eaf7e28b87a73b8405dc8cd3147663b5e8b96ff0" logic_hash = "4c247f40c9781332f04f82a244f6e8e22c9c744963f736937eddecf769b40a54" score = 75 @@ -67484,8 +67589,8 @@ rule ELASTIC_Windows_Vulndriver_Biostar_D6Cc23Af : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_VulnDriver_Biostar.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_VulnDriver_Biostar.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "1d0397c263d51e9fc95bcc8baf98d1a853e1c0401cd0e27c7bf5da3fba1c93a8" logic_hash = "6a1f5de3a0daf446ceb812a9f5749410a3a7752dce44e935adc288c95816f59d" score = 75 @@ -67515,8 +67620,8 @@ rule ELASTIC_Windows_Vulndriver_Biostar_68682378 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_VulnDriver_Biostar.yar#L23-L43" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_VulnDriver_Biostar.yar#L23-L43" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "55fee54c0d0d873724864dc0b2a10b38b7f40300ee9cae4d9baaf8a202c4049a" logic_hash = "8510de6fc33bde153f3bd4d1bb8b0d98ce69aae479d242c6043ac8c712dbb888" score = 75 @@ -67546,8 +67651,8 @@ rule ELASTIC_Windows_Vulndriver_Biostar_684A5123 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_VulnDriver_Biostar.yar#L45-L65" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_VulnDriver_Biostar.yar#L45-L65" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "d205286bffdf09bc033c09e95c519c1c267b40c2ee8bab703c6a2d86741ccd3e" logic_hash = "7c0c7e14f9b5085a87e5dbe27feb8e49bdb4d2fdcfbcbc643999d7969d118240" score = 75 @@ -67577,8 +67682,8 @@ rule ELASTIC_Windows_Vulndriver_Biostar_E0B6Cf55 : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_VulnDriver_Biostar.yar#L67-L85" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_VulnDriver_Biostar.yar#L67-L85" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "73327429c505d8c5fd690a8ec019ed4fd5a726b607cabe71509111c7bfe9fc7e" logic_hash = "dccbf6fa46de1a8bc6438578b651055e2d02d15bd04461be74059e6fde40fca3" score = 75 @@ -67606,8 +67711,8 @@ rule ELASTIC_Windows_Hacktool_Blackbone_2Ff5Ec38 : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Hacktool_BlackBone.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Hacktool_BlackBone.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "4e3887f950bff034efedd40f1e949579854a24140128246fa6141f2c34de6017" logic_hash = "0c32bd04460cdf7a56664253992a684c2c684b15ac9ca853b27ab24f07f71607" score = 75 @@ -67635,8 +67740,8 @@ rule ELASTIC_Windows_Trojan_Deimos_F53Aee03 : FILE MEMORY date = "2021-09-18" modified = "2022-01-13" reference = "https://www.elastic.co/security-labs/going-coast-to-coast-climbing-the-pyramid-with-the-deimos-implant" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Deimos.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Deimos.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "2c1941847f660a99bbc6de16b00e563f70d900f9dbc40c6734871993961d3d3e" logic_hash = "07675844a8790f8485b6545e7466cdef8ac4f92dec4cd8289aeaad2a0a448691" score = 75 @@ -67666,8 +67771,8 @@ rule ELASTIC_Windows_Trojan_Deimos_C70677B4 : FILE MEMORY date = "2021-09-18" modified = "2022-01-13" reference = "https://www.elastic.co/security-labs/going-coast-to-coast-climbing-the-pyramid-with-the-deimos-implant" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Deimos.yar#L24-L44" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Deimos.yar#L24-L44" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "2c1941847f660a99bbc6de16b00e563f70d900f9dbc40c6734871993961d3d3e" logic_hash = "c969221f025b114b9d5738d43b6021ab9481dbc6b35eb129ea4f806160b1adc3" score = 75 @@ -67696,8 +67801,8 @@ rule ELASTIC_Windows_Trojan_Twistedtinsel_Aa56E527 : FILE MEMORY date = "2023-12-06" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_TwistedTinsel.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_TwistedTinsel.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "ef1cbdf9a23ae028a858e1d09529982eaeda61197ae029e091918690d3a86e2e" logic_hash = "de31d0a5560baf6b37897eba3a637b00b539f542a2620983c3407a6898e003c7" score = 75 @@ -67726,8 +67831,8 @@ rule ELASTIC_Linux_Cryptominer_Ursu_3C05F8Ab : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Ursu.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Ursu.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "d72361010184f5a48386860918052dbb8726d40e860ea0287994936702577956" logic_hash = "8261e4ee40131cd7df61914cd7bdf154e8a2b5fa3abd9d301436f9371253f510" score = 75 @@ -67755,8 +67860,8 @@ rule ELASTIC_Windows_Trojan_Blackshades_9D095C44 : FILE MEMORY date = "2022-02-28" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_BlackShades.yar#L1-L26" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_BlackShades.yar#L1-L26" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "e58e352edaa8ae7f95ab840c53fcaf7f14eb640df9223475304788533713c722" logic_hash = "2a2e6325d3de9289cc8bc26e1fe89a8fa81d9aae50b92ba2cf21c4cc6556ac9e" score = 75 @@ -67791,8 +67896,8 @@ rule ELASTIC_Windows_Trojan_Blackshades_Be382Dac : FILE MEMORY date = "2022-02-28" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_BlackShades.yar#L28-L46" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_BlackShades.yar#L28-L46" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "e58e352edaa8ae7f95ab840c53fcaf7f14eb640df9223475304788533713c722" logic_hash = "a13e37e7930d2d1ed1aa4fdeb282f11bfeb7fe008625589e2bfeab0beea43580" score = 75 @@ -67820,8 +67925,8 @@ rule ELASTIC_Windows_Trojan_Babylonrat_0F66E73B : FILE MEMORY date = "2021-09-02" modified = "2022-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Babylonrat.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Babylonrat.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "4278064ec50f87bb0471053c068b13955ed9d599434e687a64bf2060438a7511" logic_hash = "66223dc9e2ef7330e26c91f0c82c555e96e4c794a637ab2cbe36410f3eca202a" score = 75 @@ -67852,8 +67957,8 @@ rule ELASTIC_Multi_Ransomware_Luna_8614D3D7 : FILE MEMORY date = "2022-08-02" modified = "2022-08-16" reference = "https://www.elastic.co/security-labs/luna-ransomware-attack-pattern" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Multi_Ransomware_Luna.yar#L1-L27" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Multi_Ransomware_Luna.yar#L1-L27" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "1cbbf108f44c8f4babde546d26425ca5340dccf878d306b90eb0fbec2f83ab51" logic_hash = "14e40c5b1a21ba31664ed31b04bfc4a8646b3e31f96d39e0928a3d6a50d79307" score = 75 @@ -67888,8 +67993,8 @@ rule ELASTIC_Windows_Ransomware_Mountlocker_126A76E2 : FILE MEMORY date = "2021-06-10" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Mountlocker.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Mountlocker.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "4a5ac3c6f8383cc33c795804ba5f7f5553c029bbb4a6d28f1e4d8fb5107902c1" logic_hash = "5a5e157a245a75033abbe6bc7aa66fe6af6d91dc30abe1fdadce85f8f3905b1e" score = 75 @@ -67921,8 +68026,8 @@ rule ELASTIC_Windows_Ransomware_Generic_99F5A632 : FILE MEMORY date = "2022-02-24" modified = "2022-02-24" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Generic.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Generic.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "4dc13bb83a16d4ff9865a51b3e4d24112327c526c1392e14d56f20d6f4eaf382" logic_hash = "2284cfc91d17816f1733e8fe319af52bc66af467364d27f84e213082c216ae8b" score = 75 @@ -67953,8 +68058,8 @@ rule ELASTIC_Multi_Trojan_Coreimpact_37703Dc3 : FILE MEMORY date = "2022-08-10" modified = "2022-09-29" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Multi_Trojan_Coreimpact.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Multi_Trojan_Coreimpact.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "2d954908da9f63cd3942c0df2e8bb5fe861ac5a336ddef2bd0a977cebe030ad7" logic_hash = "0695f22d6eb8c1b335c43213087539db419562bebd6f5b948cbb168c454bd37c" score = 75 @@ -67986,8 +68091,8 @@ rule ELASTIC_Windows_Trojan_Sysjoker_1Ef19A12 : FILE MEMORY date = "2022-02-17" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_SysJoker.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_SysJoker.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "61df74731fbe1eafb2eb987f20e5226962eeceef010164e41ea6c4494a4010fc" logic_hash = "25bd58d546549d208f9f95f4c27d1e58f86f87750dae1e293544cc92b25f8b32" score = 75 @@ -68018,8 +68123,8 @@ rule ELASTIC_Windows_Trojan_Sysjoker_34559Bcd : FILE MEMORY date = "2022-02-21" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_SysJoker.yar#L24-L48" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_SysJoker.yar#L24-L48" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "1ffd6559d21470c40dcf9236da51e5823d7ad58c93502279871c3fe7718c901c" logic_hash = "ebe7f6037f14e37b6efe81614c06c6d26fe0cc17d0475b8b19715f80d0d9aad3" score = 75 @@ -68053,8 +68158,8 @@ rule ELASTIC_Linux_Exploit_CVE_2009_2908_406C2Fef : FILE MEMORY CVE_2009_2908 date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_CVE_2009_2908.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_CVE_2009_2908.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "1e05a23f5b3b9cfde183aec26b723147e1816b95dc0fb7f9ac57376efcb22fcd" logic_hash = "ae379ca7564eb97f141f6ad71ca12973bf1a38cda4bc03e3f4dca1939a9b6b38" score = 75 @@ -68082,8 +68187,8 @@ rule ELASTIC_Windows_Trojan_Nanocore_D8C4E3C5 : FILE MEMORY date = "2021-06-13" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Nanocore.yar#L1-L29" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Nanocore.yar#L1-L29" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "b2262126a955e306dc68487333394dc08c4fbd708a19afeb531f58916ddb1cfd" logic_hash = "fcc13e834cd8a1f86b453fe3c0333cd358e129d6838a339a824f1a095d85552d" score = 75 @@ -68121,8 +68226,8 @@ rule ELASTIC_Macos_Backdoor_Applejeus_31872Ae2 : FILE MEMORY date = "2021-10-18" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/MacOS_Backdoor_Applejeus.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/MacOS_Backdoor_Applejeus.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "e352d6ea4da596abfdf51f617584611fc9321d5a6d1c22aff243aecdef8e7e55" logic_hash = "1d6f06668a7d048a93e53b294c5ab8ffe4cd610f3bef3fd80f14425ef8a85a29" score = 75 @@ -68150,8 +68255,8 @@ rule ELASTIC_Linux_Ransomware_Echoraix_Ea9532Df : FILE MEMORY date = "2023-07-27" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Ransomware_EchoRaix.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Ransomware_EchoRaix.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "dfe32d97eb48fb2afc295eecfda3196cba5d27ced6217532d119a764071c6297" logic_hash = "4944f5a2632bfe0abebfa6f658ed3f71e4d97efcb428ed0987e2071dfd66e6a9" score = 75 @@ -68179,8 +68284,8 @@ rule ELASTIC_Linux_Ransomware_Echoraix_Ee0C719A : FILE MEMORY date = "2023-07-29" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Ransomware_EchoRaix.yar#L21-L40" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Ransomware_EchoRaix.yar#L21-L40" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "e711b2d9323582aa390cf34846a2064457ae065c7d2ee1a78f5ed0859b40f9c0" logic_hash = "3ca12ea0f1794935ea570dda83f33d04ffb19b6664cc1c8b1cbeed59ac04a01a" score = 75 @@ -68209,8 +68314,8 @@ rule ELASTIC_Windows_Trojan_Microbackdoor_903E33C3 : FILE MEMORY date = "2022-03-07" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_MicroBackdoor.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_MicroBackdoor.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "fbbfcc81a976b57739ef13c1545ea4409a1c69720469c05ba249a42d532f9c21" logic_hash = "5f96f68df442eb1da21d87c3ae954c4e36cf87db583cbef1775f8ca9e76b776e" score = 75 @@ -68238,8 +68343,8 @@ rule ELASTIC_Windows_Trojan_Microbackdoor_46F2E5Fd : FILE MEMORY date = "2022-03-07" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_MicroBackdoor.yar#L21-L44" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_MicroBackdoor.yar#L21-L44" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "fbbfcc81a976b57739ef13c1545ea4409a1c69720469c05ba249a42d532f9c21" logic_hash = "580be4c5b058916c2bc67a7964522a7c369bb254394e3cedbf0da025105231c4" score = 75 @@ -68272,8 +68377,8 @@ rule ELASTIC_Windows_Hacktool_Rubeus_43F18623 : FILE MEMORY date = "2022-10-20" modified = "2022-11-24" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Hacktool_Rubeus.yar#L1-L27" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Hacktool_Rubeus.yar#L1-L27" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "b7b4691ad1cdad7663c32d07e911a03d9cc8b104f724c2825fd4957007649235" logic_hash = "8714f30e12c0dc61c83491a71dbf9f1e9b6bc66663a8f2c069e7a7841d52cf68" score = 75 @@ -68309,8 +68414,8 @@ rule ELASTIC_Windows_Trojan_Privateloader_96Ac2734 : FILE MEMORY date = "2023-01-03" modified = "2023-02-01" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_PrivateLoader.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_PrivateLoader.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "077225467638a420cf29fb9b3f0241416dcb9ed5d4ba32fdcf2bf28f095740bb" logic_hash = "9f96f1c54853866e124d0996504e6efd3d154111390617999cc10520d7f68fe6" score = 75 @@ -68341,8 +68446,8 @@ rule ELASTIC_Windows_Ransomware_Blackmatter_B548D151 : FILE MEMORY date = "2021-08-03" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Blackmatter.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Blackmatter.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "072158f5588440e6c94cb419ae06a27cf584afe3b0cb09c28eff0b4662c15486" logic_hash = "cf76a311de9d292a2ea09b3937b8eb7fd761b7c33a464a31acf6b9a5bf121959" score = 75 @@ -68370,8 +68475,8 @@ rule ELASTIC_Windows_Ransomware_Blackmatter_8394F6D5 : FILE MEMORY date = "2021-08-03" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Blackmatter.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Blackmatter.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "072158f5588440e6c94cb419ae06a27cf584afe3b0cb09c28eff0b4662c15486" logic_hash = "50a9b65ca6dde4fc32d2d57e72042f4380dd6c263ec5c33ce7c158151b91a5ae" score = 75 @@ -68399,8 +68504,8 @@ rule ELASTIC_Windows_Vulndriver_Eneio_6E01882F : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_VulnDriver_EneIo.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_VulnDriver_EneIo.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "175eed7a4c6de9c3156c7ae16ae85c554959ec350f1c8aaa6dfe8c7e99de3347" logic_hash = "144ac5375cb637b6301a2275f2412fbd0d0c5fb23105c7cce5aa7912cf68fa2c" score = 75 @@ -68428,8 +68533,8 @@ rule ELASTIC_Windows_Trojan_Pipedance_01C18057 : FILE MEMORY date = "2023-02-02" modified = "2023-02-22" reference = "https://www.elastic.co/security-labs/twice-around-the-dance-floor-with-pipedance" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_PipeDance.yar#L1-L27" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_PipeDance.yar#L1-L27" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "9d3f739e35182992f1e3ade48b8999fb3a5049f48c14db20e38ee63eddc5a1e7" logic_hash = "0c03a725ae930eb829d6a6a9f681489d61aa7f69e72b6b298776f75a98115398" score = 75 @@ -68464,8 +68569,8 @@ rule ELASTIC_Multi_Trojan_Sliver_42298C4A : FILE MEMORY date = "2021-10-20" modified = "2022-01-14" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Multi_Trojan_Sliver.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Multi_Trojan_Sliver.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "3b45aae401ac64c055982b5f3782a3c4c892bdb9f9a5531657d50c27497c8007" logic_hash = "a84bdb51fcdeb4629365bdb727b53087604ee0eb112c8d6c3ecf315598ec678a" score = 75 @@ -68499,8 +68604,8 @@ rule ELASTIC_Multi_Trojan_Sliver_3Bde542D : FILE MEMORY date = "2022-08-31" modified = "2022-09-29" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Multi_Trojan_Sliver.yar#L27-L50" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Multi_Trojan_Sliver.yar#L27-L50" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "05461e1c2a2e581a7c30e14d04bd3d09670e281f9f7c60f4169e9614d22ce1b3" logic_hash = "23a0e28c1423f577a147efdf927f2dc71871760e38d4d7494ead2920b90ef05e" score = 75 @@ -68533,8 +68638,8 @@ rule ELASTIC_Multi_Trojan_Sliver_3D6B7Cd3 : FILE MEMORY date = "2022-12-01" modified = "2023-09-20" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Multi_Trojan_Sliver.yar#L52-L88" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Multi_Trojan_Sliver.yar#L52-L88" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "9846124cfd124eed466465d187eeacb4d405c558dd84ba8e575d8a7b3290403e" logic_hash = "3cbd3358b7d59d6a2912069f4cb8de005b6fafd61e44111d1f6cf0418eb2d1fc" score = 75 @@ -68580,8 +68685,8 @@ rule ELASTIC_Linux_Trojan_Dropperl_B97Baf37 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Dropperl.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Dropperl.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "aff94f915fc81d5a2649ebd7c21ec8a4c2fc0d622ec9b790b43cc49f7feb83da" logic_hash = "e58130c33242bc3020602c2c0254bed2bbc564c4a11806c6cfcd858fd724c362" score = 75 @@ -68609,8 +68714,8 @@ rule ELASTIC_Linux_Trojan_Dropperl_E2443Be5 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Dropperl.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Dropperl.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "aff94f915fc81d5a2649ebd7c21ec8a4c2fc0d622ec9b790b43cc49f7feb83da" logic_hash = "85733ff904cfa3eddaa4c4fbfc51c00494c3a3725e2eb722bbf33c82e7135336" score = 75 @@ -68638,8 +68743,8 @@ rule ELASTIC_Linux_Trojan_Dropperl_683C2Ba1 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Dropperl.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Dropperl.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "a02e166fbf002dd4217c012f24bb3a8dbe310a9f0b0635eb20a7d315049367e1" logic_hash = "eef2bdef7e20633f7dc92f653b43e3a217e8cbdbac63d05540bdd520e22dd1ed" score = 75 @@ -68667,8 +68772,8 @@ rule ELASTIC_Linux_Trojan_Dropperl_8Bca73F6 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Dropperl.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Dropperl.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "e7c17b7916b38494b9a07c249acb99499808959ba67125c29afec194ca4ae36c" logic_hash = "2cfad4e436198391185fdae5c4af18ae43841db19da33473fdf18b64b0399613" score = 75 @@ -68696,8 +68801,8 @@ rule ELASTIC_Linux_Trojan_Dropperl_C4018572 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Dropperl.yar#L81-L99" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Dropperl.yar#L81-L99" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "c1515b3a7a91650948af7577b613ee019166f116729b7ff6309b218047141f6d" logic_hash = "10d70540532c5c2984dc7e492672450924cb8f34c8158638191886057596b0a1" score = 75 @@ -68725,8 +68830,8 @@ rule ELASTIC_Linux_Trojan_Dropperl_733C0330 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Dropperl.yar#L101-L119" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Dropperl.yar#L101-L119" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "b303f241a2687dba8d7b4987b7a46b5569bd2272e2da3e0c5e597b342d4561b6" logic_hash = "37bf7777e26e556f09b8cb0e7e3c8425226a6412c3bed0d95fdab7229b6f4815" score = 75 @@ -68754,8 +68859,8 @@ rule ELASTIC_Linux_Trojan_Dropperl_39F4Cd0D : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Dropperl.yar#L121-L139" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Dropperl.yar#L121-L139" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "c08e1347877dc77ad73c1e017f928c69c8c78a0e3c16ac5455668d2ad22500f3" logic_hash = "5b61f54604b110d2c8efaf1782a2e520baac96c6d3e8d1eda0877475c504bf89" score = 75 @@ -68783,8 +68888,8 @@ rule ELASTIC_Windows_Trojan_Ghostpulse_A1311F49 : FILE MEMORY date = "2023-10-06" modified = "2023-10-26" reference = "https://www.elastic.co/security-labs/ghostpulse-haunts-victims-using-defense-evasion-bag-o-tricks" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_GhostPulse.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_GhostPulse.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "0175448655e593aa299278d5f11b81f2af76638859e104975bdb5d30af5c0c11" logic_hash = "21838f230ac1a77f09d01d30f4ea3b66313618660e63ab7012b030e0b819547e" score = 75 @@ -68813,8 +68918,8 @@ rule ELASTIC_Windows_Trojan_Ghostpulse_3Fe1D02D : FILE MEMORY date = "2023-10-12" modified = "2023-10-26" reference = "https://www.elastic.co/security-labs/ghostpulse-haunts-victims-using-defense-evasion-bag-o-tricks" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_GhostPulse.yar#L23-L41" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_GhostPulse.yar#L23-L41" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "4ef78d436a153ed751a8483c1e43ec2ba053dedfa0da2780fded42012d3042c1" score = 75 quality = 75 @@ -68841,8 +68946,8 @@ rule ELASTIC_Windows_Trojan_Ghostpulse_3673D337 : FILE MEMORY date = "2023-12-11" modified = "2024-01-12" reference = "https://www.elastic.co/security-labs/ghostpulse-haunts-victims-using-defense-evasion-bag-o-tricks" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_GhostPulse.yar#L43-L63" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_GhostPulse.yar#L43-L63" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "3013ba32838f6d97d7d75e25394f9611b1c5def94d93588f0a05c90b25b7d6d5" logic_hash = "a92815f27533338e17afd5ebdbe82e382636fb81167a82d1b613c0dccc5b7ed3" score = 75 @@ -68871,8 +68976,8 @@ rule ELASTIC_Windows_Trojan_Ghostpulse_8Ae8310B : FILE MEMORY date = "2024-05-27" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_GhostPulse.yar#L65-L84" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_GhostPulse.yar#L65-L84" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "5b64f91b41a7390d89cd3b1fccf02b08b18b7fed17a43b0bfac63d75dc0df083" logic_hash = "b3873a3c728e98d65984033620c0ac8ee93be21db5b6d9bd4665b9f7d0d759fa" score = 75 @@ -68901,8 +69006,8 @@ rule ELASTIC_Windows_Trojan_Amadey_7Abb059B : FILE MEMORY date = "2021-06-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Amadey.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Amadey.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e" logic_hash = "23b75d6df9e2a7f8e1efee46ecaf1fc84247312b19a8a1941ddbca1b2ce5e1db" score = 75 @@ -68930,8 +69035,8 @@ rule ELASTIC_Windows_Trojan_Amadey_C4Df8D4A : FILE MEMORY date = "2021-06-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Amadey.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Amadey.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "9039d31d0bd88d0c15ee9074a84f8d14e13f5447439ba80dd759bf937ed20bf2" logic_hash = "7f96c4de585223033fb7e7906be6d6898651ecf30be51ed01abde18ef52c0e1e" score = 75 @@ -68959,8 +69064,8 @@ rule ELASTIC_Macos_Trojan_Genieo_5E0F8980 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/MacOS_Trojan_Genieo.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/MacOS_Trojan_Genieo.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "6c698bac178892dfe03624905256a7d9abe468121163d7507cade48cf2131170" logic_hash = "76b725f6ae5755bb00d384ef2ae1511789487257d8bb7cb61b893226f03a803e" score = 75 @@ -68988,8 +69093,8 @@ rule ELASTIC_Macos_Trojan_Genieo_37878473 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/MacOS_Trojan_Genieo.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/MacOS_Trojan_Genieo.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "0fadd926f8d763f7f15e64f857e77f44a492dcf5dc82ae965d3ddf80cd9c7a0d" logic_hash = "bb04ae4e0a98e0dbd0c0708d5e767306e38edf76de2671523f4bd43cbcbfefc2" score = 75 @@ -69017,8 +69122,8 @@ rule ELASTIC_Macos_Trojan_Genieo_0D003634 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/MacOS_Trojan_Genieo.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/MacOS_Trojan_Genieo.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "bcd391b58338efec4769e876bd510d0c4b156a7830bab56c3b56585974435d70" logic_hash = "0412f88408fb14d1126ef091d0a5cc0ee2b2e39aeb241bef55208b59830ca993" score = 75 @@ -69046,8 +69151,8 @@ rule ELASTIC_Macos_Trojan_Genieo_9E178C0B : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/MacOS_Trojan_Genieo.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/MacOS_Trojan_Genieo.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "b7760e73195c3ea8566f3ff0427d85d6f35c6eec7ee9184f3aceab06da8845d8" logic_hash = "212f96ca964aceeb80c6d3282d488cfbb74aeffb9c0c9dd840a3a28f9bbdcbea" score = 75 @@ -69075,8 +69180,8 @@ rule ELASTIC_Windows_Vulndriver_Msio_Aa20A3C6 : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_VulnDriver_MsIo.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_VulnDriver_MsIo.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "2270a8144dabaf159c2888519b11b61e5e13acdaa997820c09798137bded3dd6" logic_hash = "3b383934dc91536f69e2c6cb2cf2054c5f8a08766ecf1d1804c57f3a2c39c1c2" score = 75 @@ -69104,8 +69209,8 @@ rule ELASTIC_Windows_Vulndriver_Msio_Ce0Bda23 : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_VulnDriver_MsIo.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_VulnDriver_MsIo.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "43ba8d96d5e8e54cab59d82d495eeca730eeb16e4743ed134cdd495c51a4fc89" logic_hash = "f7fbe0255a006cce42aff61b294512c11e1cceaf11d5c1b6f75b96fb3b155895" score = 75 @@ -69133,8 +69238,8 @@ rule ELASTIC_Macos_Backdoor_Kagent_64Ca1865 : FILE MEMORY date = "2021-11-11" modified = "2022-07-22" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/MacOS_Backdoor_Kagent.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/MacOS_Backdoor_Kagent.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "d599d7814adbab0f1442f5a10074e00f3a776ce183ea924abcd6154f0d068bb4" logic_hash = "dea0a1bbe8c3065b395de50b5ffc2fbdf479ed35ce284fa33298d6ed55e960c6" score = 75 @@ -69168,8 +69273,8 @@ rule ELASTIC_Linux_Trojan_Snowlight_F5C83D35 : FILE MEMORY date = "2024-05-16" modified = "2024-06-12" reference = "https://www.mandiant.com/resources/blog/initial-access-brokers-exploit-f5-screenconnect" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Snowlight.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Snowlight.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "7d6652d8fa3748d7f58d7e15cefee5a48126d0209cf674818f55e9a68248be01" logic_hash = "fef8f44e897a0f453be2f84d28886d27e261f8256c53c0425c5265b138ce5f40" score = 75 @@ -69197,8 +69302,8 @@ rule ELASTIC_Linux_Hacktool_Bruteforce_Bad95Bd6 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Hacktool_Bruteforce.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Hacktool_Bruteforce.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "8e8be482357ebddc6ac3ea9ee60241d011063f7e558a59e6bd119e72e4862024" logic_hash = "8001e6503baeb52c66c9b30026544913270085406a1fe4c45d14629811d36d5f" score = 75 @@ -69226,8 +69331,8 @@ rule ELASTIC_Linux_Hacktool_Bruteforce_66A14C03 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Hacktool_Bruteforce.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Hacktool_Bruteforce.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "a2d8e2c34ae95243477820583c0b00dfe3f475811d57ffb95a557a227f94cd55" logic_hash = "c8b2925c2e3f95e78f117ddd52e208d143d19ee75e9283f7f15d10e930eaac5f" score = 75 @@ -69255,8 +69360,8 @@ rule ELASTIC_Linux_Hacktool_Bruteforce_Eb83B6Aa : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Hacktool_Bruteforce.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Hacktool_Bruteforce.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "8dec88576f61f37fbaece3c30e71d338c340c8fb9c231f9d7b1c32510d2c3167" logic_hash = "bc79860e414d07ee8000eea3d61827272d66faa90a8bf6c65fcda90a4bd762ef" score = 75 @@ -69284,8 +69389,8 @@ rule ELASTIC_Windows_Trojan_Darkcomet_1Df27Bcc : FILE MEMORY date = "2021-08-16" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Darkcomet.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Darkcomet.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "7fbe87545eef49da0df850719536bb30b196f7ad2d5a34ee795c01381ffda569" logic_hash = "5886e3316839e64f934a0e84d85074e076f3e1e44f86fee35a87eb560bfa2aa7" score = 75 @@ -69317,8 +69422,8 @@ rule ELASTIC_Windows_Hacktool_Sharpstay_Eac706C5 : FILE MEMORY date = "2022-11-20" modified = "2023-01-11" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Hacktool_SharpStay.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Hacktool_SharpStay.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "498d201f65b57a007a79259ce7015eb7eb1bba660d44deafea716e36316a9caa" logic_hash = "b85679018658e33e81cd2589e9f99cf9ed16ac25b27d93bece26cb5ccc2e379a" score = 75 @@ -69350,8 +69455,8 @@ rule ELASTIC_Windows_Trojan_Asyncrat_11A11Ba1 : FILE MEMORY date = "2021-08-05" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Asyncrat.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Asyncrat.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "fe09cd1d13b87c5e970d3cbc1ebc02b1523c0a939f961fc02c1395707af1c6d1" logic_hash = "c6c4ce9ccf01c280be6c25c0c82c34b601626bc200b84d3e77b08be473335d3d" score = 75 @@ -69384,8 +69489,8 @@ rule ELASTIC_Linux_Exploit_Ramen_01B205Eb : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_Ramen.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_Ramen.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "c0b6303300f38013840abe17abe192db6a99ace78c83bc7ef705f5c568bc98fd" logic_hash = "e477e93434db9e650f159995f2cb754394f3187dc341d2ea4c2466924e19a8a6" score = 75 @@ -69413,8 +69518,8 @@ rule ELASTIC_Windows_Ransomware_Thanos_C3522Fd0 : BETA FILE MEMORY date = "2020-11-03" modified = "2021-08-23" reference = "https://labs.sentinelone.com/thanos-ransomware-riplace-bootlocker-and-more-added-to-feature-set/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Thanos.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Thanos.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "00d28aafd242308ad6561547ed8c80dad3086859dacab09ffdd43d436bf9ec52" score = 75 quality = 75 @@ -69444,8 +69549,8 @@ rule ELASTIC_Windows_Ransomware_Thanos_A6C09942 : BETA FILE MEMORY date = "2020-11-03" modified = "2021-08-23" reference = "https://labs.sentinelone.com/thanos-ransomware-riplace-bootlocker-and-more-added-to-feature-set/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Thanos.yar#L24-L44" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Thanos.yar#L24-L44" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "cecdeb21e041c90769b8fd8431fa87943461c1f7faa5ad15918524b91ba5c792" score = 75 quality = 75 @@ -69474,8 +69579,8 @@ rule ELASTIC_Windows_Ransomware_Thanos_E19Feca1 : BETA FILE MEMORY date = "2020-11-03" modified = "2021-08-23" reference = "https://labs.sentinelone.com/thanos-ransomware-riplace-bootlocker-and-more-added-to-feature-set/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Thanos.yar#L46-L77" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Thanos.yar#L46-L77" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "1f5a69b6749e887a5576843abb83388d5364e47601cf11fcac594008ace8e973" score = 75 quality = 75 @@ -69515,8 +69620,8 @@ rule ELASTIC_Linux_Ransomware_Babuk_Bd216Cab : FILE MEMORY date = "2024-05-09" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Ransomware_Babuk.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Ransomware_Babuk.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "d305a30017baef4f08cee38a851b57869676e45c66e64bb7cc58d40bf0142fe0" logic_hash = "b0538be9d8deccc3f77640da28e5fd38a07557e9e5e3c09b11349d7eb50a56b5" score = 75 @@ -69545,8 +69650,8 @@ rule ELASTIC_Linux_Ransomware_Royalpest_502A3Db6 : FILE MEMORY date = "2023-07-27" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Ransomware_RoyalPest.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Ransomware_RoyalPest.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "09a79e5e20fa4f5aae610c8ce3fe954029a91972b56c6576035ff7e0ec4c1d14" logic_hash = "aefb5a286636b827b50e4bc0ea978a75ba6a9e572504bfbc0a7700372c54a077" score = 75 @@ -69577,8 +69682,8 @@ rule ELASTIC_Windows_Vulndriver_Cpuz_A53D1446 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_VulnDriver_Cpuz.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_VulnDriver_Cpuz.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "8c95d28270a4a314299cf50f05dcbe63033b2a555195d2ad2f678e09e00393e6" logic_hash = "37da20f5fe1377fe85594055dc811424f52e53a9d77060c6784c2e4d1279e26f" score = 75 @@ -69608,8 +69713,8 @@ rule ELASTIC_Windows_Hacktool_Seatbelt_674Fd535 : FILE MEMORY date = "2022-10-20" modified = "2022-11-24" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Hacktool_Seatbelt.yar#L1-L26" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Hacktool_Seatbelt.yar#L1-L26" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "a0e467aacd383727d46e766f1c45b424a6d46248118c155c22c538e8773b3ae7" logic_hash = "1bff820ec5cc9e56e7be4b290a48628115cc1ace5e41278fa76898bf39ef893e" score = 75 @@ -69644,8 +69749,8 @@ rule ELASTIC_Windows_Trojan_Wineloader_13E8860A : FILE MEMORY date = "2024-03-24" modified = "2024-05-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_WineLoader.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_WineLoader.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "f5cb3234eff0dbbd653d5cdce1d4b1026fa9574ebeaf16aaae3d4e921b6a7f9d" logic_hash = "c072abb73377ed59c0dd9fab25a4c84575ab9badbddfda1ed51e576e4e12fa82" score = 75 @@ -69675,8 +69780,8 @@ rule ELASTIC_Linux_Ransomware_Hive_Bdc7De59 : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Ransomware_Hive.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Ransomware_Hive.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "713b699c04f21000fca981e698e1046d4595f423bd5741d712fd7e0bc358c771" logic_hash = "33908128258843d63c5dfe5acf15cfd68463f5cbdf08b88ef1bba394058a5a92" score = 75 @@ -69704,8 +69809,8 @@ rule ELASTIC_Linux_Ransomware_Sodinokibi_2883D7Cd : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Ransomware_Sodinokibi.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Ransomware_Sodinokibi.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "a322b230a3451fd11dcfe72af4da1df07183d6aaf1ab9e062f0e6b14cf6d23cd" logic_hash = "97d6b1b641c4b5b596b67a809e8e70bb0bccb9219282cd6c41bc905e2ea44c84" score = 75 @@ -69733,8 +69838,8 @@ rule ELASTIC_Windows_Trojan_Remcos_B296E965 : FILE MEMORY date = "2021-06-10" modified = "2021-08-23" reference = "https://www.elastic.co/security-labs/exploring-the-ref2731-intrusion-set" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Remcos.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Remcos.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed" logic_hash = "069072abd1182eee50cb9937503d47845e7315d8e3cd6b63576adc8f21820c82" score = 75 @@ -69765,8 +69870,8 @@ rule ELASTIC_Windows_Trojan_Remcos_7591E9F1 : FILE MEMORY date = "2023-06-23" modified = "2023-07-10" reference = "https://www.elastic.co/security-labs/exploring-the-ref2731-intrusion-set" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Remcos.yar#L25-L49" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Remcos.yar#L25-L49" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "4e6e5ecd1cf9c88d536c894d74320c77967fe08c75066098082bf237283842fa" logic_hash = "96acf1ba7740a8d34d929ed4a4fa446c984c3a8f64a603d428e782b6997e4d20" score = 75 @@ -69799,8 +69904,8 @@ rule ELASTIC_Windows_Exploit_Fakepipe_6Bc93551 : FILE MEMORY date = "2024-02-28" modified = "2024-03-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Exploit_FakePipe.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Exploit_FakePipe.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "545a41ccfcd0a4f09c1c62bef2dde61b52fa92abada71ab72b3f4febb9265f75" logic_hash = "daf78c4a2db337f51054e108b5b54c8aa32300eae3bd39c5fc2d4769221c8aea" score = 75 @@ -69831,8 +69936,8 @@ rule ELASTIC_Windows_Hacktool_Sharpchromium_41Ce5080 : FILE MEMORY date = "2022-11-20" modified = "2023-01-11" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Hacktool_SharpChromium.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Hacktool_SharpChromium.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "9dd65aa53728d51f0f3b9aaf51a24f8a2c3f84b4a4024245575975cf9ad7f2e5" logic_hash = "50972a6e6af1d7076243320fb6559193e0c46ac1300aa62d12390fdeb2fffdcd" score = 75 @@ -69864,8 +69969,8 @@ rule ELASTIC_Windows_Cryptominer_Generic_Dd1E4D1A : FILE date = "2021-01-12" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Cryptominer_Generic.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Cryptominer_Generic.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "7ac1d7b6107307fb2442522604c8fa56010d931392d606ac74dcea6b7125954b" logic_hash = "b7289c4688ec67d59e67755461f1f4e0c3f47ef9f8c73fc1dcc1d168baf11623" score = 75 @@ -69893,8 +69998,8 @@ rule ELASTIC_Windows_Cryptominer_Generic_F53Cfb9B : FILE MEMORY date = "2024-03-05" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Cryptominer_Generic.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Cryptominer_Generic.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "a9870a03ddc6543a5a12d50f95934ff49f26b60921096b2c8f2193cb411ed408" logic_hash = "b2453862747e251afc34c57e887889b8d3a65a9cc876d4a95ff5ecfcc24e4bd3" score = 75 @@ -69922,8 +70027,8 @@ rule ELASTIC_Windows_Trojan_Bitrat_34Bd6C83 : FILE MEMORY date = "2021-06-13" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Bitrat.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Bitrat.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "37f70ae0e4e671c739d402c00f708761e98b155a1eefbedff1236637c4b7690a" logic_hash = "d386fc2a4b6a98638328d1aa05a8d8dbb7a1bbcd72943457b1a5a27b056744ef" score = 75 @@ -69955,8 +70060,8 @@ rule ELASTIC_Windows_Trojan_Bitrat_54916275 : FILE MEMORY date = "2022-08-29" modified = "2022-09-29" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Bitrat.yar#L25-L43" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Bitrat.yar#L25-L43" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "d3b2c410b431c006c59f14b33e95c0e44e6221b1118340c745911712296f659f" logic_hash = "4c66f79f4bf6bde49bfb9208e6dc1d3b5d041927565e7302381838b0f32da6f4" score = 75 @@ -69984,8 +70089,8 @@ rule ELASTIC_Windows_Vulndriver_Fiddrv_E7875A5A : FILE date = "2023-07-25" modified = "2023-07-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Vulndriver_FidDrv.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Vulndriver_FidDrv.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "4bf4cced4209c73aa37a9e2bf9ff27d458d8d7201eefa6f6ad4849ee276ad158" logic_hash = "aa1635c651c8364ad2ee93b369dd583fce699001d753e46de013c476d185eef1" score = 75 @@ -70017,8 +70122,8 @@ rule ELASTIC_Windows_Ransomware_Hive_55619Cd0 : FILE MEMORY date = "2021-08-26" modified = "2022-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Hive.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Hive.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "50ad0e6e9dc72d10579c20bb436f09eeaa7bfdbcb5747a2590af667823e85609" logic_hash = "51e2b03a9f9b92819bbf05ecbb33a23662a40e7d51f9812aa8243c4506057f1f" score = 75 @@ -70048,8 +70153,8 @@ rule ELASTIC_Windows_Ransomware_Hive_3Ed67Fe6 : FILE MEMORY date = "2021-08-26" modified = "2022-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Hive.yar#L23-L45" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Hive.yar#L23-L45" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "50ad0e6e9dc72d10579c20bb436f09eeaa7bfdbcb5747a2590af667823e85609" logic_hash = "a599f0d528bdbec00afa7e9a5cddec5e799ee755a7f30af70dde7d2459b70155" score = 75 @@ -70081,8 +70186,8 @@ rule ELASTIC_Windows_Ransomware_Hive_B97Ec33B : FILE MEMORY date = "2021-08-26" modified = "2022-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Hive.yar#L47-L65" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Hive.yar#L47-L65" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "50ad0e6e9dc72d10579c20bb436f09eeaa7bfdbcb5747a2590af667823e85609" logic_hash = "10034d9f53fd5099a423269e0c42c01eac18318f5d11599e1390912c8fd7af25" score = 75 @@ -70110,8 +70215,8 @@ rule ELASTIC_Linux_Exploit_CVE_2012_0056_06B2Dff5 : FILE MEMORY CVE_2012_0056 date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_CVE_2012_0056.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_CVE_2012_0056.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "168b3fb1c675ab76224c641e228434495160502a738b64172c679e8ce791ac17" logic_hash = "4361e6e74d6678d9e0823b23a7a2e4ae84119142cad319950154f806115845d5" score = 75 @@ -70139,8 +70244,8 @@ rule ELASTIC_Linux_Exploit_CVE_2012_0056_B39839F4 : FILE MEMORY CVE_2012_0056 date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_CVE_2012_0056.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_CVE_2012_0056.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "cf569647759e011ff31d8626cea65ed506e8d0ef1d26f3bbb7c02a4060ce58dc" logic_hash = "553111c64d8abfc3688a88dd95088de0ea7e92f68592e9a778f8041b40071e84" score = 75 @@ -70168,8 +70273,8 @@ rule ELASTIC_Linux_Exploit_CVE_2012_0056_A1E53450 : FILE MEMORY CVE_2012_0056 date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_CVE_2012_0056.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_CVE_2012_0056.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "15a4d149e935758199f6df946ff889e12097f5fec4ef450e9cbd554d1efbd5e6" logic_hash = "f2ab5de83c36a9a834e41c8f6fdccd0dffdeb384adf7b1e1098e86a2ac52df18" score = 75 @@ -70197,8 +70302,8 @@ rule ELASTIC_Macos_Virus_Vsearch_0Dd3Ec6F : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/MacOS_Virus_Vsearch.yar#L1-L18" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/MacOS_Virus_Vsearch.yar#L1-L18" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "17a467b000117ea6c39fbd40b502ac9c7d59a97408c2cdfb09c65b2bb09924e5" score = 75 quality = 75 @@ -70225,8 +70330,8 @@ rule ELASTIC_Macos_Virus_Vsearch_2A0419F8 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/MacOS_Virus_Vsearch.yar#L20-L37" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/MacOS_Virus_Vsearch.yar#L20-L37" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "fa9b811465e435bff5bc0f149ff65f57932c94f548a5ece4ec54ba775cdbb55a" score = 75 quality = 75 @@ -70253,8 +70358,8 @@ rule ELASTIC_Linux_Trojan_Springtail_35D5B90B : FILE MEMORY date = "2024-05-18" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Springtail.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Springtail.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "30584f13c0a9d0c86562c803de350432d5a0607a06b24481ad4d92cdf7288213" logic_hash = "7158e60aedfde884d9ee01457abfe6d9b6b1df9cdc1c415231d98429866eaa6c" score = 75 @@ -70287,8 +70392,8 @@ rule ELASTIC_Linux_Backdoor_Bash_E427876D : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Backdoor_Bash.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Backdoor_Bash.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "07db41a4ddaac802b04df5e5bbae0881fead30cb8f6fa53a8a2e1edf14f2d36b" logic_hash = "fdd066b746416730419787d21eb53fa2ba997679a237d9db3a2e1365d43df892" score = 75 @@ -70316,8 +70421,8 @@ rule ELASTIC_Linux_Shellcode_Generic_5669055F : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Shellcode_Generic.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Shellcode_Generic.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "87ef4def16d956cdfecaea899cbb55ff59a6739bbb438bf44a8b5fec7fcfd85b" logic_hash = "735b8dc7fff3c9cc96646a4eb7c5afd70be19dcc821e9e26ce906681130746be" score = 75 @@ -70345,8 +70450,8 @@ rule ELASTIC_Linux_Shellcode_Generic_D2C96B1D : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Shellcode_Generic.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Shellcode_Generic.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "403d53a65bd77856f7c565307af5003b07413f2aba50869655cdd88ce15b0c82" logic_hash = "33d964e22c8e3046f114e8264d18e8b4a0e7b55eca59151b084db7eea07aa0b1" score = 75 @@ -70374,8 +70479,8 @@ rule ELASTIC_Linux_Shellcode_Generic_30C70926 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Shellcode_Generic.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Shellcode_Generic.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "a742e23f26726293b1bff3db72864471d6bb4062db1cc6e1c4241f51ec0e21b1" logic_hash = "3594994a911e5428198c472a51de189a6be74895170581ec577c49f8dbb9167a" score = 75 @@ -70403,8 +70508,8 @@ rule ELASTIC_Linux_Shellcode_Generic_224Bdcc4 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Shellcode_Generic.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Shellcode_Generic.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "bd22648babbee04555cef52bfe3e0285d33852e85d254b8ebc847e4e841b447e" logic_hash = "8c4a2bb63f0926e7373caf0a027179b4730cc589f9af66d2071e88f4165b0f73" score = 75 @@ -70432,8 +70537,8 @@ rule ELASTIC_Linux_Shellcode_Generic_99B991Cd : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Shellcode_Generic.yar#L81-L99" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Shellcode_Generic.yar#L81-L99" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "954b5a073ce99075b60beec72936975e48787bea936b4c5f13e254496a20d81d" logic_hash = "664e213314fe1d6f1920de237ebea3a94f7fbc42eff089475674ccef812f0f68" score = 75 @@ -70461,8 +70566,8 @@ rule ELASTIC_Linux_Shellcode_Generic_24B9Aa12 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Shellcode_Generic.yar#L101-L119" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Shellcode_Generic.yar#L101-L119" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "24b2c1ccbbbe135d40597fbd23f7951d93260d0039e0281919de60fa74eb5977" logic_hash = "4685253eb00a21d6dd6e874ff68209f20c8668262f24767086687555ccf934aa" score = 75 @@ -70490,8 +70595,8 @@ rule ELASTIC_Linux_Shellcode_Generic_8Ac37612 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Shellcode_Generic.yar#L121-L139" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Shellcode_Generic.yar#L121-L139" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "c199b902fa4b0fcf54dc6bf3e25ad16c12f862b47e055863a5e9e1f98c6bd6ca" logic_hash = "c0af751bc54dcd9cf834fa5fe9fa120be5e49a56135ebb72fd6073948e956929" score = 75 @@ -70519,8 +70624,8 @@ rule ELASTIC_Linux_Shellcode_Generic_932Ed0F0 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Shellcode_Generic.yar#L141-L159" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Shellcode_Generic.yar#L141-L159" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "f357597f718f86258e7a640250f2e9cf1c3363ab5af8ddbbabb10ebfa3c91251" logic_hash = "20ae3f1d96f8afd0900ac919eacaff3bd748a7466af5bb2b9f77cfdc4b8b829e" score = 75 @@ -70548,8 +70653,8 @@ rule ELASTIC_Linux_Trojan_Metasploit_69E20012 : FILE MEMORY date = "2024-05-03" modified = "2024-05-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Metasploit.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Metasploit.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "debb5d12c1b876f47a0057aad19b897c21f17de7b02c0e42f4cce478970f0120" logic_hash = "5d3c3e3ba7d5d0c20d2fa1a53032da9a93a6727dcd6cb3497bb7bfb8272e4f2b" score = 75 @@ -70582,8 +70687,8 @@ rule ELASTIC_Linux_Trojan_Metasploit_0C629849 : FILE MEMORY date = "2024-05-03" modified = "2024-05-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Metasploit.yar#L26-L48" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Metasploit.yar#L26-L48" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "ad070542729f3c80d6a981b351095ab8ac836b89a5c788dff367760a2d8b1dbb" logic_hash = "2bea8f569728ba81af4024bf062a06a5c91b1f057a0b62fe6d51b6fcadedf58c" score = 75 @@ -70615,8 +70720,8 @@ rule ELASTIC_Linux_Trojan_Metasploit_849Cc5D5 : FILE MEMORY date = "2024-05-03" modified = "2024-05-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Metasploit.yar#L50-L71" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Metasploit.yar#L50-L71" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "42d734dbd33295bd68e5a545a29303a2104a5a92e5fee31d645e2a6410cc03e9" logic_hash = "01c708b1e000aecf473e0a1cf23f3812a337b9b21f5b81f7a5e481d06fdaeb16" score = 75 @@ -70647,8 +70752,8 @@ rule ELASTIC_Linux_Trojan_Metasploit_Da378432 : FILE MEMORY date = "2024-05-03" modified = "2024-05-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Metasploit.yar#L73-L93" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Metasploit.yar#L73-L93" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "277499da700e0dbe27269c7cfb1fc385313c4483912a9a3f0c15adba33ecd0bf" logic_hash = "cd9df6dff23986d61176e4d3440516b0590abdeebef0e456d1f4924724556fe9" score = 75 @@ -70678,8 +70783,8 @@ rule ELASTIC_Linux_Trojan_Metasploit_B957E45D : FILE MEMORY date = "2024-05-07" modified = "2024-05-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Metasploit.yar#L95-L115" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Metasploit.yar#L95-L115" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "78af84bad4934283024f4bf72dfbf9cc081d2b92a9de32cc36e1289131c783ab" logic_hash = "27281303d007e6723308e88f335f52723b3ff0ef733d1a0712f5ba268e53a073" score = 75 @@ -70709,8 +70814,8 @@ rule ELASTIC_Linux_Trojan_Metasploit_1A98F2E2 : FILE MEMORY date = "2024-05-07" modified = "2024-05-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Metasploit.yar#L117-L137" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Metasploit.yar#L117-L137" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "89be4507c9c24c4ec9a7282f197a9a6819e696d2832df81f7e544095d048fc22" logic_hash = "23ea1c255472a67746b470e50d982bc91d22ede5e2582cf5cfaa90a1ed4e8805" score = 75 @@ -70740,8 +70845,8 @@ rule ELASTIC_Linux_Trojan_Metasploit_D74153F6 : FILE MEMORY date = "2024-05-07" modified = "2024-05-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Metasploit.yar#L139-L159" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Metasploit.yar#L139-L159" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "2823d27492e2e7a95b67a08cb269eb6f4175451d58b098ae429330913397d40a" logic_hash = "c60e7e63183f5bf0354a03f8399576e494e44a30257339ebccb6c19e954d6f3a" score = 75 @@ -70771,8 +70876,8 @@ rule ELASTIC_Linux_Trojan_Metasploit_F7A31E87 : FILE MEMORY date = "2024-05-07" modified = "2024-05-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Metasploit.yar#L161-L182" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Metasploit.yar#L161-L182" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "82b55d8c0f0175d02399aaf88ad9e92e2e37ef27d52c7f71271f3516ba884847" logic_hash = "49583ba4f2bedb9337a8c10df4246bb76a3e60b08ba1a6b8684537fee985d911" score = 75 @@ -70803,8 +70908,8 @@ rule ELASTIC_Linux_Trojan_Metasploit_B0D2D4A4 : FILE MEMORY date = "2024-05-07" modified = "2024-05-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Metasploit.yar#L184-L205" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Metasploit.yar#L184-L205" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "a37c888875e84069763303476f0df6769df6015b33aded59fc1e23eb604f2163" logic_hash = "bcabf74900222074ecf9051b6e0cb4ca7a240acd047a1b27137d1d198e23f161" score = 75 @@ -70835,8 +70940,8 @@ rule ELASTIC_Linux_Trojan_Metasploit_5D26689F : FILE MEMORY date = "2024-05-07" modified = "2024-05-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Metasploit.yar#L207-L229" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Metasploit.yar#L207-L229" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "dafefb4d79d848384442a697b1316d93fef2741fca854be744896ce1d7f82073" logic_hash = "e7906273aa7f42920be9d06cdae89c81e0a99e532cdcd7bd714acc5f2bbb0ed5" score = 75 @@ -70868,8 +70973,8 @@ rule ELASTIC_Linux_Trojan_Metasploit_1C8C98Ae : FILE MEMORY date = "2024-05-07" modified = "2024-05-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Metasploit.yar#L231-L251" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Metasploit.yar#L231-L251" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "1a2c40531584ed485f3ff532f4269241a76ff171956d03e4f0d3f9c950f186d4" logic_hash = "fc32aa29f58478f0b7f4f5be61aadec65842c05b7d8ded840530503eae28b8eb" score = 75 @@ -70899,8 +71004,8 @@ rule ELASTIC_Linux_Trojan_Metasploit_47F4B334 : FILE MEMORY date = "2024-05-07" modified = "2024-05-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Metasploit.yar#L253-L277" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Metasploit.yar#L253-L277" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "c3821f63a7ec8861a6168b4bb494bf8cbac436b3abf5eaffbc6907fd68ebedb8" logic_hash = "34c8182d3b5ecbebd122d2d58fc0502a6bbca020b528ffdcc9ee988f21512d99" score = 75 @@ -70934,8 +71039,8 @@ rule ELASTIC_Linux_Trojan_Metasploit_0B014E0E : FILE MEMORY date = "2024-05-07" modified = "2024-05-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Metasploit.yar#L279-L303" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Metasploit.yar#L279-L303" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "a24443331508cc72b3391353f91cd009cafcc223ac5939eab12faf57447e3162" logic_hash = "cb19a0461d5fe6066d1fed4898ea12a9818be69d870e511559b19d5c7c959819" score = 75 @@ -70969,8 +71074,8 @@ rule ELASTIC_Linux_Trojan_Metasploit_Ccc99Be1 : FILE MEMORY date = "2024-05-07" modified = "2024-05-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Metasploit.yar#L305-L327" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Metasploit.yar#L305-L327" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "0e9f52d7aa6bff33bfbdba6513d402db3913d4036a5e1c1c83f4ccd5cc8107c8" logic_hash = "96af2123251587ece32e424202ff61cfa70faf2916cacddf5fcd9d81bf483032" score = 75 @@ -71002,8 +71107,8 @@ rule ELASTIC_Linux_Trojan_Metasploit_Ed4B2C85 : FILE MEMORY date = "2024-05-07" modified = "2024-05-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Metasploit.yar#L329-L348" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Metasploit.yar#L329-L348" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "0709a60149ca110f6e016a257f9ac35c6f64f50cfbd71075c4ca8bfe843c3211" logic_hash = "79e466b2f40a6769db498cc28cb22ba72ec20f92c8450d6f1f8301d00012f967" score = 75 @@ -71032,8 +71137,8 @@ rule ELASTIC_Linux_Trojan_Metasploit_2B0Ad6F0 : FILE MEMORY date = "2024-05-07" modified = "2024-05-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Metasploit.yar#L350-L371" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Metasploit.yar#L350-L371" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "aa2bce61511c72ac03562b5178aad57bce8b46916160689ed07693790cbfbeec" logic_hash = "91b4547e44c40cafe09dd415f0b5dfe5980fcb10d50aeae844cf21e7608d9a9d" score = 75 @@ -71064,8 +71169,8 @@ rule ELASTIC_Linux_Trojan_Metasploit_Bf205D5A : FILE MEMORY date = "2024-05-07" modified = "2024-05-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Metasploit.yar#L373-L397" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Metasploit.yar#L373-L397" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "2162a89f70edd7a7f93f8972c6a13782fb466cdada41f255f0511730ec20d037" logic_hash = "9f4c84fadc3d7555c80efc9c9c5dcb01d4ea65d2ff191aa63ae8316f763ded3f" score = 75 @@ -71099,8 +71204,8 @@ rule ELASTIC_Linux_Trojan_Metasploit_E5B61173 : FILE MEMORY date = "2024-05-07" modified = "2024-05-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Metasploit.yar#L399-L420" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Metasploit.yar#L399-L420" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "8032a7a320102c8e038db16d51b8615ee49f04dab1444326463f75ce0c5947a5" logic_hash = "f60d2de0b7fac06b62616d7c7f51e9374df3895eb30a07040e742cbcb462a418" score = 75 @@ -71131,8 +71236,8 @@ rule ELASTIC_Linux_Trojan_Metasploit_Dd5Fd075 : FILE MEMORY date = "2024-05-07" modified = "2024-05-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Metasploit.yar#L422-L443" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Metasploit.yar#L422-L443" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "b47132a92b66c32c88f39fe36d0287c6b864043273939116225235d4c5b4043a" logic_hash = "f5101d5ddb1a84127e755677da70d9154849c546ac6ef0e7ef2639c82911eb92" score = 75 @@ -71163,8 +71268,8 @@ rule ELASTIC_Linux_Exploit_Perl_4A4B8A42 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_Perl.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_Perl.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "d1fa8520d3c3811d29c3d5702e7e0e7296b3faef0553835c495223a2bc015214" logic_hash = "c1f7b1c20fe6db6acbe46be38cc97a40de6ca047a4e4490e86610dbff356b395" score = 75 @@ -71192,8 +71297,8 @@ rule ELASTIC_Linux_Exploit_Perl_982Bb709 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_Perl.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_Perl.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "f3e4e2b5af9d0c72aae83cec57e5c091a95c549f826e8f13559aaf7d300f6e13" logic_hash = "b38e6cb15034c38c31f6b267b9ecaabe8dfa950a2fc8863cfff7705182cffb3a" score = 75 @@ -71221,8 +71326,8 @@ rule ELASTIC_Windows_Ransomware_Snake_550E0265 : BETA FILE MEMORY date = "2020-06-30" modified = "2021-08-23" reference = "https://labs.sentinelone.com/new-snake-ransomware-adds-itself-to-the-increasing-collection-of-golang-crimeware/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Snake.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Snake.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "d9c2f6961a4ef560743060ed176bdc606561ca1b8270b8826cb0dbadaf4e5dbc" score = 75 quality = 75 @@ -71254,8 +71359,8 @@ rule ELASTIC_Windows_Ransomware_Snake_119F9C83 : BETA FILE MEMORY date = "2020-06-30" modified = "2021-08-23" reference = "https://labs.sentinelone.com/new-snake-ransomware-adds-itself-to-the-increasing-collection-of-golang-crimeware/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Snake.yar#L26-L46" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Snake.yar#L26-L46" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "cf6c81e7332acc798409a05a548460bad0ac3621402672c242e48a1b6bccdae6" score = 75 quality = 75 @@ -71284,8 +71389,8 @@ rule ELASTIC_Windows_Ransomware_Snake_20Bc5Abc : BETA FILE MEMORY date = "2020-06-30" modified = "2021-08-23" reference = "https://labs.sentinelone.com/new-snake-ransomware-adds-itself-to-the-increasing-collection-of-golang-crimeware/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Snake.yar#L48-L67" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Snake.yar#L48-L67" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "f3d8a523e04e516e8e059c9f13df355e6caf29a528cfebdf730e3a7d135e3351" score = 75 quality = 75 @@ -71313,8 +71418,8 @@ rule ELASTIC_Linux_Cryptominer_Uwamson_C42Fd06D : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Uwamson.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Uwamson.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "8cfc38db2b860efcce5da40ce1e3992f467ab0b7491639d68d530b79529cda80" logic_hash = "4ff7aad11adaae8fccb23d36fc96937ba48a5517895a742f2864ba1973f3db3a" score = 75 @@ -71342,8 +71447,8 @@ rule ELASTIC_Linux_Cryptominer_Uwamson_D08B1D2E : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Uwamson.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Uwamson.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "4f7ad24b53b8e255710e4080d55f797564aa8c270bf100129bdbe52a29906b78" logic_hash = "8f489bb020397beae91f7bce82bc1b47912deab1b79224158f79c53f1d7c7fd3" score = 75 @@ -71371,8 +71476,8 @@ rule ELASTIC_Linux_Cryptominer_Uwamson_0797De34 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Uwamson.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Uwamson.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "e4699e35ce8091f97decbeebff63d7fa8c868172a79f9d9d52b6778c3faab8f2" logic_hash = "7ab5dd99d8bbef61ec764900df5bebf39ed90833a8f9481c427cbb46faf2c521" score = 75 @@ -71400,8 +71505,8 @@ rule ELASTIC_Linux_Cryptominer_Uwamson_41E36585 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Uwamson.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Uwamson.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "8cfc38db2b860efcce5da40ce1e3992f467ab0b7491639d68d530b79529cda80" logic_hash = "e176523afe8c3394ddda41a5ef11f825fed1e149476709a7c1ea26b8af72d4fc" score = 75 @@ -71429,8 +71534,8 @@ rule ELASTIC_Linux_Hacktool_Cleanlog_C2907D77 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Hacktool_Cleanlog.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Hacktool_Cleanlog.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "613ac236130ab1654f051d6f0661fa62414f3bef036ea4cc585b4b21a4bb9d2b" logic_hash = "39b72973bbcddf14604b8ea08339657cba317c23fd4d69d4aa0903b262397988" score = 75 @@ -71458,8 +71563,8 @@ rule ELASTIC_Linux_Hacktool_Cleanlog_3Eb725D1 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Hacktool_Cleanlog.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Hacktool_Cleanlog.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "4df4ebcc61ab2cdb8e5112eeb4e2f29e4e841048de43d7426b1ec11afe175bf6" logic_hash = "a9530aca53d935f3e77a5f0fc332db16e3a2832be67c067e5a6d18e7ec00e39f" score = 75 @@ -71487,8 +71592,8 @@ rule ELASTIC_Linux_Hacktool_Cleanlog_400B7595 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Hacktool_Cleanlog.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Hacktool_Cleanlog.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "4df4ebcc61ab2cdb8e5112eeb4e2f29e4e841048de43d7426b1ec11afe175bf6" logic_hash = "e36acf708875efda88143124e11fef5b0e2f99d17b0c49344db969cf0d454db1" score = 75 @@ -71516,8 +71621,8 @@ rule ELASTIC_Linux_Trojan_Sfloost_69A5343A : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Sfloost.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Sfloost.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "c0cd73db5165671c7bbd9493c34d693d25b845a9a21706081e1bf44bf0312ef9" logic_hash = "bd3cd33d02c7ca1d3a0364e5e3e2f968f32da8f087f744232f3cb786da6c7875" score = 75 @@ -71545,8 +71650,8 @@ rule ELASTIC_Windows_Trojan_Bruteratel_1916686D : FILE MEMORY date = "2022-06-23" modified = "2022-12-01" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_BruteRatel.yar#L1-L31" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_BruteRatel.yar#L1-L31" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "e0e7b8ba2865fc76845b21aa3e075ceab98888635a60bd722c0c81e0f4fcf58c" score = 75 quality = 75 @@ -71586,8 +71691,8 @@ rule ELASTIC_Windows_Trojan_Bruteratel_9B267F96 : FILE MEMORY date = "2022-06-23" modified = "2022-07-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_BruteRatel.yar#L33-L57" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_BruteRatel.yar#L33-L57" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "fbaaf4bf2462119b39a5df90b91fb831be3e602b926cd893374a5dddf48f029d" score = 75 quality = 75 @@ -71621,8 +71726,8 @@ rule ELASTIC_Windows_Trojan_Bruteratel_684A39F2 : FILE MEMORY date = "2023-01-24" modified = "2023-02-01" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_BruteRatel.yar#L59-L84" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_BruteRatel.yar#L59-L84" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "5f4782a34368bb661f413f33e2d1fb9f237b7f9637f2c0c21dc752316b02350c" logic_hash = "7cb74176e1dbdd248295649568d29c9d88841fcd0c16479b6b7efc71c4a1d706" score = 75 @@ -71657,8 +71762,8 @@ rule ELASTIC_Windows_Trojan_Bruteratel_Ade6C9D5 : FILE MEMORY date = "2023-01-24" modified = "2023-02-01" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_BruteRatel.yar#L86-L109" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_BruteRatel.yar#L86-L109" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "dc9757c9aa3aff76d86f9f23a3d20a817e48ca3d7294307cc67477177af5c0d4" logic_hash = "8ff8ed1e2b909606fe6aae3f43ad02898d7b3906c3d329a508f6d40490ec75a0" score = 60 @@ -71691,8 +71796,8 @@ rule ELASTIC_Windows_Trojan_Bruteratel_4110D879 : FILE MEMORY date = "2023-05-10" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_BruteRatel.yar#L111-L130" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_BruteRatel.yar#L111-L130" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "e0fbbc548fdb9da83a72ddc1040463e37ab6b8b544bf0d2b206bfff352175afe" logic_hash = "22c27523ddd8183c41da40f7ff908ae5bdee3b482c8a3f70aaa63a4c419e515b" score = 75 @@ -71721,8 +71826,8 @@ rule ELASTIC_Windows_Trojan_Bruteratel_5B12Cbab : FILE MEMORY date = "2024-02-21" modified = "2024-03-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_BruteRatel.yar#L132-L150" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_BruteRatel.yar#L132-L150" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "8165798fec8294523f25aedfc6699faad0c5d75f60bc7cefcbb2fa13dbc656e3" logic_hash = "b86296dafaef1dfa0a41704cafa351694abb0e453e104dfe06836ed599338f38" score = 75 @@ -71750,8 +71855,8 @@ rule ELASTIC_Windows_Trojan_Bruteratel_5E383Ae0 : FILE MEMORY date = "2024-03-27" modified = "2024-05-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_BruteRatel.yar#L152-L184" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_BruteRatel.yar#L152-L184" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "0b506ef32f58ee2b1e5701ca8e13c67584739ab1d00ee4a0c2f532c09a15836f" logic_hash = "5d87ada1c609e23742c389f8153a9266c4db95be4a5e10b50979aebc993a45e0" score = 75 @@ -71793,8 +71898,8 @@ rule ELASTIC_Windows_Trojan_Bruteratel_644Ac114 : FILE MEMORY date = "2024-04-17" modified = "2024-05-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_BruteRatel.yar#L186-L205" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_BruteRatel.yar#L186-L205" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "ace6a99d95ef859d4ab74db6900753e754273a12a34721f1aa8f1a9df3d8ec35" logic_hash = "06ffea16a0348f2276f379db150b5f9d2dbdffbcb2eee83c55c27c837ecb1e69" score = 75 @@ -71814,6 +71919,38 @@ rule ELASTIC_Windows_Trojan_Bruteratel_644Ac114 : FILE MEMORY condition: all of them } +rule ELASTIC_Windows_Hacktool_EDRWFP_F6D7Db7A : FILE +{ + meta: + description = "Detects Windows Hacktool Edrwfp (Windows.Hacktool.EDRWFP)" + author = "Elastic Security" + id = "f6d7db7a-c55e-41dc-859b-6431464e72f4" + date = "2024-06-10" + modified = "2024-07-02" + reference = "https://github.com/elastic/protections-artifacts/" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Hacktool_EDRWFP.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" + hash = "a1fc2f3ded852f75e36e70ae39087e21ae5b6af10e2038d04e61bd500ba511e2" + logic_hash = "45d427e4f52346b4a18c154bb0afb636c18951fd9c7323846bf2eb7e47928ef6" + score = 75 + quality = 75 + tags = "FILE" + fingerprint = "11e4224f53ddb5ef18aef5efeaa7ec6ec00072e57db5189e29a04feae6b3da31" + severity = 100 + arch_context = "x86" + scan_context = "file" + license = "Elastic License v2" + os = "windows" + + strings: + $s1 = "elastic-endpoint.exe" + $s2 = "elastic-agent.exe" + $s3 = "MsMpEng.exe" + $s4 = "FwpmFilterAdd0" + + condition: + all of them +} rule ELASTIC_Linux_Trojan_Setag_351Eeb76 : FILE MEMORY { meta: @@ -71823,8 +71960,8 @@ rule ELASTIC_Linux_Trojan_Setag_351Eeb76 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Setag.yar#L1-L18" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Setag.yar#L1-L18" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "3519d9e4bfa18c19b49d0fa15ef78151bd13db9614406c4569720d20830f3cbb" score = 75 quality = 75 @@ -71851,8 +71988,8 @@ rule ELASTIC_Linux_Trojan_Setag_01E2F79B : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Setag.yar#L20-L38" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Setag.yar#L20-L38" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "5b5e8486174026491341a750f6367959999bbacd3689215f59a62dbb13a45fcc" logic_hash = "1e0336760f364acbbe0e8aec10bc7bfb48ed7e33cde56d8914617664cb93fd9b" score = 75 @@ -71880,8 +72017,8 @@ rule ELASTIC_Windows_Ransomware_Crytox_29859242 : FILE MEMORY date = "2024-01-18" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Crytox.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Crytox.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "55a27cb6280f31c077987d338151b13e9dc0cc1c14d47a32e64de6d6c1a6a742" logic_hash = "47ca96e14b2b56bc6ef1ed22b42adac7aa557170632c2dc085fae3baf6198f40" score = 75 @@ -71909,8 +72046,8 @@ rule ELASTIC_Windows_Trojan_Whispergate_9192618B : FILE MEMORY date = "2022-01-17" modified = "2022-01-17" reference = "https://www.elastic.co/security-labs/operation-bleeding-bear" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_WhisperGate.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_WhisperGate.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "dcbbae5a1c61dbbbb7dcd6dc5dd1eb1169f5329958d38b58c3fd9384081c9b78" logic_hash = "28bb08d61d99d2bfc49ba18cdbabc34c31a715ae6439ab25bbce8cc6958ed381" score = 75 @@ -71942,8 +72079,8 @@ rule ELASTIC_Linux_Trojan_Zpevdo_7F563544 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Zpevdo.yar#L1-L18" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Zpevdo.yar#L1-L18" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "9cbbb5a9166184cef630d1aba8fec721f676b868d22b1f96ffc1430e98ae974c" score = 75 quality = 75 @@ -71970,8 +72107,8 @@ rule ELASTIC_Linux_Trojan_Dofloo_Be1973Ed : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Dofloo.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Dofloo.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "88d826bac06c29e1b9024baaf90783e15d87d2a5c8c97426cbd5a70ae0f99461" logic_hash = "65f9daabf44006fe4405032bf93570185248bc62cd287650c68f854b23aa2158" score = 75 @@ -71999,8 +72136,8 @@ rule ELASTIC_Linux_Trojan_Dofloo_1D057993 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Dofloo.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Dofloo.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "88d826bac06c29e1b9024baaf90783e15d87d2a5c8c97426cbd5a70ae0f99461" logic_hash = "c5e15e21946816052d5a8dc293db3830f1d6d06cdbf22eb8667b655206dbbc1f" score = 75 @@ -72028,8 +72165,8 @@ rule ELASTIC_Linux_Trojan_Dofloo_29C12775 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Dofloo.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Dofloo.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "88d826bac06c29e1b9024baaf90783e15d87d2a5c8c97426cbd5a70ae0f99461" logic_hash = "a8eb79fdf57811f4ffd5a7c5ec54cf46c06281f8cd4d677aec1ad168d6648a08" score = 75 @@ -72057,8 +72194,8 @@ rule ELASTIC_Windows_Trojan_Darkgate_Fa1F1338 : FILE MEMORY date = "2023-12-14" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_DarkGate.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_DarkGate.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "1fce9ee9254dd0641387cc3b6ea5f6a60f4753132c20ca03ce4eed2aa1042876" logic_hash = "d5447a57fc57af52c263b84522346a3e94a464a698de8be77eab3b56156164f2" score = 75 @@ -72088,8 +72225,8 @@ rule ELASTIC_Windows_Trojan_Darkgate_07Ef6F14 : FILE MEMORY date = "2023-12-14" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_DarkGate.yar#L23-L42" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_DarkGate.yar#L23-L42" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "1fce9ee9254dd0641387cc3b6ea5f6a60f4753132c20ca03ce4eed2aa1042876" logic_hash = "2820286b362b107fc7fc3ec8f1a004a7d7926a84318f2943f58239f1f7e8f1f0" score = 75 @@ -72118,8 +72255,8 @@ rule ELASTIC_Linux_Exploit_Cornelgen_584A227A : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_Cornelgen.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_Cornelgen.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "c823cb669f1d6cb9258d6f0b187609c226af23396f9c5be26eb479e5722a9d97" logic_hash = "db3b6bbab48074449ae8b404f8fa77d93cde1ab8e57bd4ad981ac2afb8226494" score = 75 @@ -72147,8 +72284,8 @@ rule ELASTIC_Linux_Exploit_Cornelgen_Be0Bc02D : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_Cornelgen.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_Cornelgen.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "24c0ba8ad4f543f9b0aff0d0b66537137bc78606b47ced9b6d08039bbae78d80" logic_hash = "67c4f2d875f233b52fcbc24d9225c51af4dc09c27ce3915f0d756202bd4e5867" score = 75 @@ -72176,8 +72313,8 @@ rule ELASTIC_Linux_Exploit_Cornelgen_03Ee53D3 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_Cornelgen.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_Cornelgen.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "711eafd09d4e5433be142d54db153993ee55b6c53779d8ec7e76ca534b4f81a5" logic_hash = "e7d9c66621ad3c56f3bb8150c17b10495053d9485b2143750aeefd3c55ab7943" score = 75 @@ -72205,8 +72342,8 @@ rule ELASTIC_Windows_Trojan_Diamondfox_18Bc11E3 : FILE MEMORY date = "2022-03-02" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_DiamondFox.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_DiamondFox.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "a44c46d4b9cf1254aaabd1e689f84c4d2c3dd213597f827acabface03a1ae6d1" logic_hash = "c64e4b3349b33cfd0fec1fe41f91ad819bb6b6751e822d7ab8d14638ad27571d" score = 75 @@ -72238,8 +72375,8 @@ rule ELASTIC_Windows_Trojan_Revengerat_Db91Bcc6 : FILE MEMORY date = "2021-09-02" modified = "2022-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Revengerat.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Revengerat.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "30d8f81a19976d67b495eb1324372598cc25e1e69179c11efa22025341e455bd" logic_hash = "1e33cb1d614aae0b2181ebaca694c69e7fc849b3a3b7ffff7059e8c43553f8cc" score = 75 @@ -72270,8 +72407,8 @@ rule ELASTIC_Macos_Trojan_Adload_4995469F : FILE MEMORY date = "2021-10-04" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/MacOS_Trojan_Adload.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/MacOS_Trojan_Adload.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "6464ca7b36197cccf0dac00f21c43f0cb09f900006b1934e2b3667b367114de5" logic_hash = "cceb804a11b93b0e3f491016c47a823d9e6a31294c3ed05d4404601323b30993" score = 75 @@ -72299,8 +72436,8 @@ rule ELASTIC_Macos_Trojan_Adload_9B9F86C7 : FILE MEMORY date = "2021-10-04" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/MacOS_Trojan_Adload.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/MacOS_Trojan_Adload.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "952e6004ce164ba607ac7fddc1df3d0d6cac07d271d90be02d790c52e49cb73c" logic_hash = "82297db23e036f22c90eee7b2654e84df847eb1c2b1ea4dcf358c48a14819709" score = 75 @@ -72328,8 +72465,8 @@ rule ELASTIC_Macos_Trojan_Adload_F6B18A0A : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/MacOS_Trojan_Adload.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/MacOS_Trojan_Adload.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "06f38bb811e6a6c38b5e2db708d4063f4aea27fcd193d57c60594f25a86488c8" logic_hash = "20d43fbf0b8155940e2e181f376a7b1979ce248d88dc08409aaa1a916777231c" score = 75 @@ -72357,8 +72494,8 @@ rule ELASTIC_Windows_Vulndriver_Fileseclab_4A21229A : FILE date = "2024-03-05" modified = "2024-03-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Vulndriver_Fileseclab.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Vulndriver_Fileseclab.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "ae55a0e93e5ef3948adecf20fa55b0f555dcf40589917a5bfbaa732075f0cc12" logic_hash = "bac78186f3d46c6765bacaf6a324ff94e449261cefe2594cb38c4cc25db1f0de" score = 75 @@ -72391,8 +72528,8 @@ rule ELASTIC_Linux_Proxy_Frp_4213778F : FILE MEMORY date = "2021-10-20" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Proxy_Frp.yar#L1-L28" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Proxy_Frp.yar#L1-L28" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "16294086be1cc853f75e864a405f31e2da621cb9d6a59f2a71a2fca4e268b6c2" logic_hash = "83eeb632026c38ac08357c27d971da31fbc9a0500ecf489e8332ac5862a77b85" score = 75 @@ -72429,8 +72566,8 @@ rule ELASTIC_Macos_Trojan_Eggshell_Ddacf7B9 : FILE MEMORY date = "2021-09-30" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/MacOS_Trojan_Eggshell.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/MacOS_Trojan_Eggshell.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "6d93a714dd008746569c0fbd00fadccbd5f15eef06b200a4e831df0dc8f3d05b" logic_hash = "f986f7d1e3a68e27f82048017c6d6381a0354ffad2cd10f3eee69bbbfa940abd" score = 75 @@ -72462,8 +72599,8 @@ rule ELASTIC_Windows_Hacktool_Sharpapplocker_9645Cf22 : FILE MEMORY date = "2022-11-20" modified = "2023-01-11" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Hacktool_SharpAppLocker.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Hacktool_SharpAppLocker.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "0f7390905abc132889f7b9a6d5b42701173aafbff5b8f8882397af35d8c10965" logic_hash = "cb72ecf7715b288acddac51dab091d84c64e3bd30276cba38a0d773e6693875c" score = 75 @@ -72494,8 +72631,8 @@ rule ELASTIC_Macos_Cryptominer_Generic_D3F68E29 : FILE MEMORY date = "2021-09-30" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/MacOS_Cryptominer_Generic.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/MacOS_Cryptominer_Generic.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "d9c78c822dfd29a1d9b1909bf95cab2a9550903e8f5f178edeb7a5a80129fbdb" logic_hash = "cc336e536e0f8dda47f9551dfabfc50c2094fffe4a69cdcec23824dd063dede0" score = 75 @@ -72525,8 +72662,8 @@ rule ELASTIC_Macos_Cryptominer_Generic_365Ecbb9 : FILE MEMORY date = "2021-09-30" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/MacOS_Cryptominer_Generic.yar#L23-L41" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/MacOS_Cryptominer_Generic.yar#L23-L41" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "e2562251058123f86c52437e82ea9ff32aae5f5227183638bc8aa2bc1b4fd9cf" logic_hash = "66f16c8694c5cfde1b5e4eea03c530fa32a15022fa35acdbb676bb696e7deae2" score = 75 @@ -72554,8 +72691,8 @@ rule ELASTIC_Macos_Cryptominer_Generic_4E7D4488 : FILE MEMORY date = "2021-09-30" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/MacOS_Cryptominer_Generic.yar#L43-L61" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/MacOS_Cryptominer_Generic.yar#L43-L61" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "e2562251058123f86c52437e82ea9ff32aae5f5227183638bc8aa2bc1b4fd9cf" logic_hash = "708b21b687c8b853a9b5f8a50d31119e4f0a02a5b63f81ba1cac8c06acd19214" score = 75 @@ -72583,8 +72720,8 @@ rule ELASTIC_Windows_Ransomware_Egregor_F24023F3 : BETA FILE MEMORY date = "2020-10-15" modified = "2021-08-23" reference = "https://www.bankinfosecurity.com/egregor-ransomware-adds-to-data-leak-trend-a-15110" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Egregor.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Egregor.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "5695b44f6ce018a91a99b6c94feae740ff4ac187e232bc9044e51d62d1f42bfa" score = 75 quality = 75 @@ -72617,8 +72754,8 @@ rule ELASTIC_Windows_Ransomware_Egregor_4Ec2B90C : BETA FILE MEMORY date = "2020-10-15" modified = "2021-08-23" reference = "https://www.bankinfosecurity.com/egregor-ransomware-adds-to-data-leak-trend-a-15110" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Egregor.yar#L27-L48" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Egregor.yar#L27-L48" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "8342d92e1486b1289645828e5ee5f1f6f21a0e645dd7cc4eca908ed59c2f1c4c" score = 75 quality = 73 @@ -72648,8 +72785,8 @@ rule ELASTIC_Windows_Trojan_Glupteba_70557305 : FILE MEMORY date = "2021-08-08" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Glupteba.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Glupteba.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "3ad13fd7968f9574d2c822e579291c77a0c525991cfb785cbe6cdd500b737218" logic_hash = "f3eee9808a1e8a2080116dda7ce795815e1179143c756ea8fdd26070f1f8f74a" score = 75 @@ -72682,8 +72819,8 @@ rule ELASTIC_Windows_Trojan_Glupteba_4669Dcd6 : FILE MEMORY date = "2021-08-08" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Glupteba.yar#L26-L44" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Glupteba.yar#L26-L44" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "1b55042e06f218546db5ddc52d140be4303153d592dcfc1ce90e6077c05e77f7" logic_hash = "64b2099f40f94b17bc5860b41773c41322420500696d320399ff1c016cb56e15" score = 75 @@ -72711,8 +72848,8 @@ rule ELASTIC_Linux_Trojan_Connectback_Bf194C93 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Connectback.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Connectback.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "6784cb86460bddf1226f71f5f5361463cbda487f813d19cd88e8a4a1eb1a417b" logic_hash = "148626e05caee4a2b2542726ea4e4dab074eeab0572a65fdbd32f5d96544daf8" score = 75 @@ -72740,8 +72877,8 @@ rule ELASTIC_Windows_Hacktool_Clroxide_D92D9575 : FILE MEMORY date = "2024-02-29" modified = "2024-03-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Hacktool_ClrOxide.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Hacktool_ClrOxide.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "f3a4900eff80563bff586ced172c3988347980f902aceef2f9f9f6d188fac8e3" logic_hash = "01bb071e1286bb139c5e1c37e421153ef1b28a5994feeaedf6ad27ad7dade5e9" score = 75 @@ -72775,8 +72912,8 @@ rule ELASTIC_Windows_Hacktool_Sharpview_2C7603Ad : FILE MEMORY date = "2022-10-20" modified = "2022-11-24" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Hacktool_SharpView.yar#L1-L34" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Hacktool_SharpView.yar#L1-L34" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "c0621954bd329b5cabe45e92b31053627c27fa40853beb2cce2734fa677ffd93" logic_hash = "1f80b2fd6121c2b36742c819a56626af2e1450dac0f62c67d93f09e4e140b75f" score = 75 @@ -72819,8 +72956,8 @@ rule ELASTIC_Linux_Cryptominer_Miancha_646803Ef : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Miancha.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Miancha.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "4c7761c9376ed065887dc6ce852491641419eb2d1f393c37ed0a5cb29bd108d4" logic_hash = "8fd386c0e7037565e8ab206642cc8c11f05ca727b365b94ffdd991f4bed95556" score = 75 @@ -72848,8 +72985,8 @@ rule ELASTIC_Linux_Trojan_Sqlexp_1Aa5001E : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Sqlexp.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Sqlexp.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "714a520fc69c54bcd422e75f4c3b71ce636cfae7fcec3c5c413d1294747d2dd6" logic_hash = "48c7331c80aa7d918f46d282c6f38b8e780f9b5222cf9304bf1a8bb39cc129ab" score = 75 @@ -72877,8 +73014,8 @@ rule ELASTIC_Windows_Exploit_Dcom_7A1Bcec7 : FILE date = "2021-01-12" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Exploit_Dcom.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Exploit_Dcom.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "84073caf71d0e0523adeb96169c85b8f0bfea09e7ef3bf677bfc19d3b536d8a5" logic_hash = "484576ab5369f99dc7086d724ead12d464f2bedaf84c93b74e137ddd98600b06" score = 75 @@ -72906,8 +73043,8 @@ rule ELASTIC_Macos_Trojan_Generic_A829D361 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/MacOS_Trojan_Generic.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/MacOS_Trojan_Generic.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "5b2a1cd801ae68a890b40dbd1601cdfeb5085574637ae8658417d0975be8acb5" logic_hash = "70a954e8b44b1ce46f5ce0ebcf43b46e1292f0b8cdb46aa67f980d3c9b0a6f61" score = 75 @@ -72935,8 +73072,8 @@ rule ELASTIC_Macos_Virus_Pirrit_271B8Ed0 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/MacOS_Virus_Pirrit.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/MacOS_Virus_Pirrit.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "7feda05d41b09c06a08c167c7f4dde597ac775c54bf0d74a82aa533644035177" logic_hash = "cb77f6df1403afbc7f45d30551559b6de7eb1c3434778b46d31754da0a1b1f10" score = 75 @@ -72964,8 +73101,8 @@ rule ELASTIC_Linux_Trojan_Banload_D5E1C189 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Banload.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Banload.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "48bf0403f777db5da9c6a7eada17ad4ddf471bd73ea6cf02817dd202b49204f4" logic_hash = "3f0bee251152a8c835a3bf71dc33c2e150705713c50ca2cfdbeb69361ed91a09" score = 75 @@ -72993,8 +73130,8 @@ rule ELASTIC_Windows_Ransomware_Conti_89F3F6Fa : FILE MEMORY date = "2021-08-05" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Conti.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Conti.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "eae876886f19ba384f55778634a35a1d975414e83f22f6111e3e792f706301fe" logic_hash = "4c1834e45d5e42f466249b75a89561ce1e88b9e3c07070e2833d4897fbed22ee" score = 75 @@ -73022,8 +73159,8 @@ rule ELASTIC_Linux_Backdoor_Tinyshell_67Ee6Fae : FILE MEMORY date = "2021-10-12" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Backdoor_Tinyshell.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Backdoor_Tinyshell.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "9d2e25ec0208a55fba97ac70b23d3d3753e9b906b4546d1b14d8c92f8d8eb03d" logic_hash = "200d4267e21b8934deecc48273294f2e34464fcb412e39f3f5a006278631b9f1" score = 75 @@ -73054,8 +73191,8 @@ rule ELASTIC_Linux_Cryptominer_Loudminer_581F57A9 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Loudminer.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Loudminer.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "2c2729395805fc9d3c1e654c9a065bbafc4f28d8ab235afaae8d2c484060596b" logic_hash = "82db0985f215da1d84e16fce94df7553b43b06082bf5475515dbbcf016c40fe4" score = 75 @@ -73083,8 +73220,8 @@ rule ELASTIC_Linux_Cryptominer_Loudminer_F2298A50 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Loudminer.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Loudminer.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "2c2729395805fc9d3c1e654c9a065bbafc4f28d8ab235afaae8d2c484060596b" logic_hash = "6c2c9b6aea1fb35f8f600dd084ed9cfd56123f7502036e76dd168ccd8b43b28f" score = 75 @@ -73112,8 +73249,8 @@ rule ELASTIC_Linux_Cryptominer_Loudminer_851Fc7Aa : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Loudminer.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Loudminer.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "2c2729395805fc9d3c1e654c9a065bbafc4f28d8ab235afaae8d2c484060596b" logic_hash = "9f271a16fe30fbf0c16533522b733228f19e0c44d173e4c0ef43bf13323e7383" score = 75 @@ -73141,8 +73278,8 @@ rule ELASTIC_Windows_Hacktool_Sharpwmi_A67D6Fe5 : FILE MEMORY date = "2022-10-20" modified = "2022-11-24" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Hacktool_SharpWMI.yar#L1-L27" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Hacktool_SharpWMI.yar#L1-L27" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "2134a5e1a5eece1336f831a7686c5ea3b6ca5aaa63ab7e7820be937da0678e15" logic_hash = "de8749951ece8d4798ade4661d531515e12edf8e8606ddc330000d847a66a26c" score = 75 @@ -73178,8 +73315,8 @@ rule ELASTIC_Windows_Trojan_Hawkeye_77C36Ace : FILE MEMORY date = "2021-08-16" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Hawkeye.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Hawkeye.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "28e28025060f1bafd4eb96c7477cab73497ca2144b52e664b254c616607d94cd" logic_hash = "e8c1060efde0c4a073247d03a19dedb1c0acc8506fbf6eac93ac44f00fc73be1" score = 75 @@ -73211,8 +73348,8 @@ rule ELASTIC_Windows_Trojan_Hawkeye_975D546C : FILE MEMORY date = "2023-03-23" modified = "2023-04-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Hawkeye.yar#L25-L48" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Hawkeye.yar#L25-L48" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "aca133bf1d72cf379101e6877871979d6e6e8bc4cc692a5ba815289735014340" logic_hash = "cbd8ce991059f961236a4bb83ea5a78efa661199b40fca8b09550856e932198b" score = 75 @@ -73245,8 +73382,8 @@ rule ELASTIC_Linux_Trojan_Lady_75F6392C : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Lady.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Lady.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "c257ac7bd3a9639e0d67a7db603d5bc8d8505f6f2107a26c2615c5838cf11826" logic_hash = "5160b6ab4800c72b48b501787f3164c2ba1061a2abe21c63180e02d6791a4c12" score = 75 @@ -73274,8 +73411,8 @@ rule ELASTIC_Linux_Ransomware_Redalert_39642D52 : FILE MEMORY date = "2022-07-06" modified = "2022-08-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Ransomware_RedAlert.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Ransomware_RedAlert.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "039e1765de1cdec65ad5e49266ab794f8e5642adb0bdeb78d8c0b77e8b34ae09" logic_hash = "fa8fc16f0c8a55dd78781d334d7f55db6aa5e60f76cebf5282150af8ceb08dc3" score = 75 @@ -73307,8 +73444,8 @@ rule ELASTIC_Linux_Trojan_Mechbot_F2E1C5Aa : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mechbot.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mechbot.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "5f8e80e6877ff2de09a12135ee1fc17bee8eb6d811a65495bcbcddf14ecb44a3" logic_hash = "2ba9ece1ab2360702a59a737a20b6dbd8fca276b543477f9290ab80c6f51e2f1" score = 75 @@ -73336,8 +73473,8 @@ rule ELASTIC_Windows_Wiper_Hermeticwiper_7206A969 : FILE MEMORY date = "2022-02-24" modified = "2022-02-24" reference = "https://www.elastic.co/security-labs/elastic-protects-against-data-wiper-malware-targeting-ukraine-hermeticwiper" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Wiper_HermeticWiper.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Wiper_HermeticWiper.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "1bc44eef75779e3ca1eefb8ff5a64807dbc942b1e4a2672d77b9f6928d292591" logic_hash = "84c61b8223a6ebf1ccfa4fdccee3c9091abca4553e55ac6c2492cff5503b4774" score = 75 @@ -73370,8 +73507,8 @@ rule ELASTIC_Windows_Ransomware_Lockfile_74185716 : FILE MEMORY date = "2021-08-31" modified = "2022-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Lockfile.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Lockfile.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "bf315c9c064b887ee3276e1342d43637d8c0e067260946db45942f39b970d7ce" logic_hash = "e922c2fc9dd52dd0238847a9d48691bea90d028cf680fc3a1a0dbdfef1d8dce3" score = 75 @@ -73402,8 +73539,8 @@ rule ELASTIC_Windows_Trojan_Emotet_18379A8D : FILE MEMORY date = "2021-11-17" modified = "2022-01-13" reference = "https://www.elastic.co/security-labs/emotet-dynamic-configuration-extraction" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Emotet.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Emotet.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "eeb13cd51faa7c23d9a40241d03beb239626fbf3efe1dbbfa3994fc10dea0827" logic_hash = "2ad72ce2a352b91a4fa597ee9e796035298cfcee6fdc13dd3f64579d8da96b97" score = 75 @@ -73431,8 +73568,8 @@ rule ELASTIC_Windows_Trojan_Emotet_5528B3B0 : FILE MEMORY date = "2021-11-17" modified = "2022-01-13" reference = "https://www.elastic.co/security-labs/emotet-dynamic-configuration-extraction" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Emotet.yar#L22-L41" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Emotet.yar#L22-L41" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "eeb13cd51faa7c23d9a40241d03beb239626fbf3efe1dbbfa3994fc10dea0827" logic_hash = "bb784ab0e064bafa8450b6bb15ef534af38254ea3c096807571c2c27f7cdfd76" score = 75 @@ -73460,8 +73597,8 @@ rule ELASTIC_Windows_Trojan_Emotet_1943Bbf2 : FILE MEMORY date = "2021-11-18" modified = "2022-01-13" reference = "https://www.elastic.co/security-labs/emotet-dynamic-configuration-extraction" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Emotet.yar#L43-L62" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Emotet.yar#L43-L62" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "5abec3cd6aa066b1ddc0149a911645049ea1da66b656c563f9a384e821c5db38" logic_hash = "41838e335b9314b8759922f23ec8709f46e6a26633f3685ac98ada5828191d35" score = 75 @@ -73489,8 +73626,8 @@ rule ELASTIC_Windows_Trojan_Emotet_Db7D33Fa : FILE MEMORY date = "2022-05-09" modified = "2022-06-09" reference = "https://www.elastic.co/security-labs/emotet-dynamic-configuration-extraction" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Emotet.yar#L64-L90" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Emotet.yar#L64-L90" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "08c23400ff546db41f9ddbbb19fa75519826744dde3b3afb38f3985266577afc" logic_hash = "e220c112c15f384fde6fc2286b01c7eb9bedcf4817d02645d0fa7afb05e7b593" score = 75 @@ -73525,8 +73662,8 @@ rule ELASTIC_Windows_Trojan_Emotet_D6Ac1Ea4 : FILE MEMORY date = "2022-05-24" modified = "2022-06-09" reference = "https://www.elastic.co/security-labs/emotet-dynamic-configuration-extraction" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Emotet.yar#L92-L114" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Emotet.yar#L92-L114" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "2c6709d5d2e891d1ce26fdb4021599ac10fea93c7773f5c00bea8e5e90404b71" logic_hash = "9b37940ea8752c6db52d4f09225de0389438c41468a11a7cda8f28b191192ef9" score = 75 @@ -73557,8 +73694,8 @@ rule ELASTIC_Windows_Trojan_Emotet_77C667B9 : FILE MEMORY date = "2022-11-07" modified = "2022-12-20" reference = "https://www.elastic.co/security-labs/emotet-dynamic-configuration-extraction" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Emotet.yar#L116-L144" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Emotet.yar#L116-L144" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "ffac0120c3ae022b807559e8ed7902fde0fa5f7cb9c5c8d612754fa498288572" logic_hash = "f11769fe5e9789b451e8826c5fd22bde5b3eb9f7af1d5fec7eec71700fc1f482" score = 75 @@ -73595,8 +73732,8 @@ rule ELASTIC_Windows_Trojan_Emotet_8B9449C1 : FILE MEMORY date = "2022-11-09" modified = "2022-12-20" reference = "https://www.elastic.co/security-labs/emotet-dynamic-configuration-extraction" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Emotet.yar#L146-L166" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Emotet.yar#L146-L166" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "ffac0120c3ae022b807559e8ed7902fde0fa5f7cb9c5c8d612754fa498288572" logic_hash = "5501354ebc1d97fe5ce894d5907adb29440f557f2dd235e1e983ae2d109199a2" score = 75 @@ -73625,8 +73762,8 @@ rule ELASTIC_Windows_Vulndriver_Fidpci_Cb7F69B5 : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_VulnDriver_Fidpci.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_VulnDriver_Fidpci.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "3ac5e01689a3d745e60925bc7faca8d4306ae693e803b5e19c94906dc30add46" logic_hash = "459429fb4e5156890f19c451e48676c9cd06eaab1c2eaea9236737c795086b5f" score = 75 @@ -73654,8 +73791,8 @@ rule ELASTIC_Windows_Rootkit_R77_5Bab748B : FILE MEMORY date = "2022-03-04" modified = "2022-04-12" reference = "https://www.elastic.co/security-labs/elastic-security-labs-steps-through-the-r77-rootkit" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Rootkit_R77.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Rootkit_R77.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "cfc76dddc74996bfbca6d9076d2f6627912ea196fdbdfb829819656d4d316c0c" logic_hash = "ebf851ef41fde8e3118acc742cd2b38651f662a00f11dd6f7c65cf56019c43d5" score = 75 @@ -73683,8 +73820,8 @@ rule ELASTIC_Windows_Rootkit_R77_Eb366Abc : FILE MEMORY date = "2023-05-09" modified = "2023-06-13" reference = "https://www.elastic.co/security-labs/elastic-security-labs-steps-through-the-r77-rootkit" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Rootkit_R77.yar#L22-L42" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Rootkit_R77.yar#L22-L42" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "21e7f69986987fc75bce67c4deda42bd7605365bac83cf2cecb25061b2d86d4f" logic_hash = "3d6f1c60bf749c53f4a4fcfd6490d309e4450d5f7e64de4665c3d80af1bce44f" score = 75 @@ -73713,8 +73850,8 @@ rule ELASTIC_Windows_Rootkit_R77_99050E7D : FILE MEMORY date = "2023-05-09" modified = "2023-06-13" reference = "https://www.elastic.co/security-labs/elastic-security-labs-steps-through-the-r77-rootkit" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Rootkit_R77.yar#L44-L64" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Rootkit_R77.yar#L44-L64" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "3dc94c88caa3169e096715eb6c2e6de1b011120117c0a51d12f572b4ba999ea6" logic_hash = "0fedf4698cc652076090b1fe256d05d2c0bc3ad2ab7ed5faa270c5c7fe0efca1" score = 75 @@ -73743,8 +73880,8 @@ rule ELASTIC_Windows_Rootkit_R77_Be403E3C : FILE MEMORY date = "2023-05-18" modified = "2023-06-13" reference = "https://www.elastic.co/security-labs/elastic-security-labs-steps-through-the-r77-rootkit" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Rootkit_R77.yar#L66-L85" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Rootkit_R77.yar#L66-L85" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "91c6e2621121a6871af091c52fafe41220ae12d6e47e52fd13a7b9edd8e31796" logic_hash = "efbf924c7a299f2543c639b6262007eb3bdbf6ff5e33dab7d6102814b9477811" score = 75 @@ -73772,8 +73909,8 @@ rule ELASTIC_Windows_Rootkit_R77_Ee853C9F : FILE MEMORY date = "2023-05-18" modified = "2023-06-13" reference = "https://www.elastic.co/security-labs/elastic-security-labs-steps-through-the-r77-rootkit" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Rootkit_R77.yar#L87-L112" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Rootkit_R77.yar#L87-L112" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "916c805b0d512dd7bbd88f46632d66d9613de61691b4bd368e4b7cb1f0ac7f60" logic_hash = "94f080f310ecace76da32ba2b4edcc80dedfb339113823708167c1d842db8cf3" score = 75 @@ -73807,8 +73944,8 @@ rule ELASTIC_Windows_Rootkit_R77_D0367E28 : FILE MEMORY date = "2023-05-18" modified = "2023-06-13" reference = "https://www.elastic.co/security-labs/elastic-security-labs-steps-through-the-r77-rootkit" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Rootkit_R77.yar#L114-L141" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Rootkit_R77.yar#L114-L141" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "96849108e13172d14591169f8fdcbf8a8aa6be05b7b6ef396d65529eacc02d89" logic_hash = "588b18c54c344ca267b86143df20c7dcaab081e0ef6acae0bd0dae61593eb521" score = 75 @@ -73844,8 +73981,8 @@ rule ELASTIC_Windows_Hacktool_Certify_Ffe1Cca2 : FILE MEMORY date = "2024-03-27" modified = "2024-05-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Hacktool_Certify.yar#L1-L27" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Hacktool_Certify.yar#L1-L27" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "3c7f759a6c38d0c0780fba2d43be6dcf9e4869d54b66f16c0703ec8e58124953" logic_hash = "e1d37ad683bfbe34433dc5e13ae2cf7c873fed640e1c58a3b0274b4b34900e53" score = 75 @@ -73881,8 +74018,8 @@ rule ELASTIC_Windows_Ransomware_Akira_C8C298Ba : FILE MEMORY date = "2024-05-02" modified = "2024-05-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Akira.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Akira.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "a2df5477cf924bd41241a3326060cc2f913aff2379858b148ddec455e4da67bc" logic_hash = "9058c83693e93f6daee8894453e56e0d9a4867d551ec3a6b66d7a517f65d8b07" score = 75 @@ -73915,8 +74052,8 @@ rule ELASTIC_Windows_Trojan_Afdk_C952Fcfa : FILE MEMORY date = "2023-12-01" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Afdk.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Afdk.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "6723a9489e7cfb5e2d37ff9160d55cda065f06907122d73764849808018eb7a0" logic_hash = "a0589a3bf9e733e615b6e552395b3ff513e4fad7efd7d2ebea634aa91d2f60d9" score = 75 @@ -73944,8 +74081,8 @@ rule ELASTIC_Windows_Trojan_Afdk_5F8Cc135 : FILE MEMORY date = "2023-12-01" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Afdk.yar#L21-L41" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Afdk.yar#L21-L41" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "6723a9489e7cfb5e2d37ff9160d55cda065f06907122d73764849808018eb7a0" logic_hash = "0523a0cc3a4446f2ac88c72999568313c6b40f7f8975b8e332c0c6b1e48c5d76" score = 75 @@ -73975,8 +74112,8 @@ rule ELASTIC_Windows_Trojan_Nimplant_44Ff3211 : FILE MEMORY date = "2023-06-23" modified = "2023-07-10" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Nimplant.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Nimplant.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "b56e20384f98e1d2417bb7dcdbfb375987dd075911b74ea7ead082494836b8f4" logic_hash = "ee519d8d722404ed440b385d283a41921bc34ee11f0e7273cdc074b377494c39" score = 75 @@ -74006,8 +74143,8 @@ rule ELASTIC_Windows_Trojan_Donutloader_F40E3759 : FILE MEMORY date = "2021-09-15" modified = "2022-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Donutloader.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Donutloader.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "541a4ca1da41f7cf54dff3fee917b219fadb60fd93a89b93b5efa3c1a57af81d" score = 75 quality = 75 @@ -74035,8 +74172,8 @@ rule ELASTIC_Windows_Trojan_Donutloader_5C38878D : FILE MEMORY date = "2021-09-15" modified = "2021-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Donutloader.yar#L21-L38" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Donutloader.yar#L21-L38" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "897880d13318027ac5008fe8d008f09780d6fa807d6cc828b57975443358750c" score = 75 quality = 75 @@ -74063,8 +74200,8 @@ rule ELASTIC_Windows_Trojan_Donutloader_21E801E0 : FILE MEMORY date = "2024-01-21" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Donutloader.yar#L40-L58" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Donutloader.yar#L40-L58" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "c3bda62725bb1047d203575bbe033f0f95d4dd6402c05f9d0c69d24bd3224ca6" logic_hash = "19ef7bc8c7117024ca72956376954254c36eeb673f9379aa00475f763084a169" score = 75 @@ -74092,8 +74229,8 @@ rule ELASTIC_Linux_Cryptominer_Roboto_0B6807F8 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Roboto.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Roboto.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "c2542e399f865b5c490ee66b882f5ff246786b3f004abb7489ec433c11007dda" logic_hash = "d945c7a23b9f435851f3c998231da615e220c259051cf213186c28f3279be1dd" score = 75 @@ -74121,8 +74258,8 @@ rule ELASTIC_Linux_Cryptominer_Roboto_1F1Cfe9A : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Roboto.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Roboto.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "497a6d426ff93d5cd18cea623074fb209d4f407a02ef8f382f089f1ed3f108c5" logic_hash = "2171284991b0019379c8d271013a35237c37bc2e13d807caed86f8fb9d2ba418" score = 75 @@ -74150,8 +74287,8 @@ rule ELASTIC_Windows_Hacktool_Leigod_89397Ebf : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Hacktool_LeiGod.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Hacktool_LeiGod.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "ae5cc99f3c61c86c7624b064fd188262e0160645c1676d231516bf4e716a22d3" logic_hash = "e887c34c624a182a3c57a55abe02784c4350d3956bcfd9f7918f08a464819e63" score = 75 @@ -74179,8 +74316,8 @@ rule ELASTIC_Windows_Hacktool_Leigod_3F5C98C4 : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Hacktool_LeiGod.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Hacktool_LeiGod.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "0c42fe45ffa9a9c36c87a7f01510a077da6340ffd86bf8509f02c6939da133c5" logic_hash = "7570bf1a69df6b493bde41c1de27969e36a3fcb59be574ee2e24e3a61347a146" score = 75 @@ -74208,8 +74345,8 @@ rule ELASTIC_Windows_Vulndriver_Iqvw_B8B45E6B : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_VulnDriver_Iqvw.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_VulnDriver_Iqvw.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "37c637a74bf20d7630281581a8fae124200920df11ad7cd68c14c26cc12c5ec9" logic_hash = "b0a8716f550ba231ca7db61bafd6effbc351faa45864f9ebf7be81f63f14a933" score = 60 @@ -74239,8 +74376,8 @@ rule ELASTIC_Windows_Ransomware_Grief_9953339A : FILE MEMORY date = "2021-08-04" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Grief.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Grief.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "0864575d4f487e52a1479c61c2c4ad16742d92e16d0c10f5ed2b40506bbc6ca0" logic_hash = "f99ea1e1f59dc2999659cbe649e76001dd7139b1438440717b60f081d1e99d70" score = 75 @@ -74268,8 +74405,8 @@ rule ELASTIC_Linux_Backdoor_Fontonlake_Fe916A45 : FILE MEMORY date = "2021-10-12" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Backdoor_Fontonlake.yar#L1-L29" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Backdoor_Fontonlake.yar#L1-L29" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "8a0a9740cf928b3bd1157a9044c6aced0dfeef3aa25e9ff9c93e113cbc1117ee" logic_hash = "590b28264345ea0bdbd53791f422cb4f1fad143df2b790824fc182356a568d7d" score = 75 @@ -74307,8 +74444,8 @@ rule ELASTIC_Linux_Exploit_Intfour_0Ca45Cd3 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_Intfour.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_Intfour.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "9d32c5447aa5182b4be66b7a283616cf531a2fd3ba3dde1bc363b24d8b22682f" logic_hash = "088d8daa9ba4f53c8de229282ed8a7b30b1e567687e7807ac6c3df9524dabba9" score = 75 @@ -74336,8 +74473,8 @@ rule ELASTIC_Linux_Ransomware_Clop_728Cf32A : FILE MEMORY date = "2023-07-27" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Ransomware_Clop.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Ransomware_Clop.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "09d6dab9b70a74f61c41eaa485b37de9a40c86b6d2eae7413db11b4e6a8256ef" logic_hash = "31c2fdfcfc46ad1dd69489536172937b9771d8505f36c7bd8dc796f40a2fe4d2" score = 75 @@ -74368,8 +74505,8 @@ rule ELASTIC_Windows_Ransomware_Dharma_Aa5Eefed : BETA FILE MEMORY date = "2020-06-25" modified = "2021-08-23" reference = "https://blog.malwarebytes.com/threat-analysis/2019/05/threat-spotlight-crysis-aka-dharma-ransomware-causing-a-crisis-for-businesses/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Dharma.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Dharma.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "bbafc2eac17562f315b09fa42eb601d0140152917d7962429df3a378abe67732" score = 75 quality = 75 @@ -74398,8 +74535,8 @@ rule ELASTIC_Windows_Ransomware_Dharma_B31Cac3F : BETA FILE MEMORY date = "2020-06-25" modified = "2021-08-23" reference = "https://blog.malwarebytes.com/threat-analysis/2019/05/threat-spotlight-crysis-aka-dharma-ransomware-causing-a-crisis-for-businesses/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Dharma.yar#L23-L44" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Dharma.yar#L23-L44" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "30500e35721e9db3d63cafa5ca10818557fa9f4e0bda9c0d02283183508cf7b5" score = 75 quality = 75 @@ -74429,8 +74566,8 @@ rule ELASTIC_Windows_Ransomware_Dharma_E9319E4A : BETA FILE MEMORY date = "2020-06-25" modified = "2021-08-23" reference = "https://blog.malwarebytes.com/threat-analysis/2019/05/threat-spotlight-crysis-aka-dharma-ransomware-causing-a-crisis-for-businesses/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Dharma.yar#L46-L65" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Dharma.yar#L46-L65" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "182ed508d645a0b1fab80fb6f975a05d33b64c43005bd3656df6470934cd71f4" score = 75 quality = 75 @@ -74458,8 +74595,8 @@ rule ELASTIC_Windows_Ransomware_Dharma_942142E3 : BETA FILE MEMORY date = "2020-06-25" modified = "2021-08-23" reference = "https://blog.malwarebytes.com/threat-analysis/2019/05/threat-spotlight-crysis-aka-dharma-ransomware-causing-a-crisis-for-businesses/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Dharma.yar#L67-L86" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Dharma.yar#L67-L86" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "af5068ef3442964e4d1c5e27090fb84eaf762ff23463b7a0c2902e523ae601c1" score = 75 quality = 75 @@ -74487,8 +74624,8 @@ rule ELASTIC_Windows_Trojan_Lumma_693A5234 : FILE MEMORY date = "2024-06-05" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Lumma.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Lumma.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "88340abcdc3cfe7574ee044aea44808446daf3bb7bf9fc60b16a2b1360c5d9c0" logic_hash = "2b29ac9bc73f191bdbfc92601cab923aa9f2f3380c8123ee469ced3754625dd0" score = 75 @@ -74517,8 +74654,8 @@ rule ELASTIC_Linux_Trojan_Rozena_56651C1D : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Rozena.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Rozena.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "997684fb438af3f5530b0066d2c9e0d066263ca9da269d6a7e160fa757a51e04" logic_hash = "a6d283b0c398cb1004defe7f5669f912112262e5aaf677ae4ca7fd15565cb988" score = 75 @@ -74546,8 +74683,8 @@ rule ELASTIC_Linux_Generic_Threat_A658B75F : FILE MEMORY date = "2024-01-17" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Generic_Threat.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Generic_Threat.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "df430ab9f5084a3e62a6c97c6c6279f2461618f038832305057c51b441c648d9" logic_hash = "1ef7267438b8d15ed770f0784a7d428cbc2680144b0ef179337875d5b4038d08" score = 75 @@ -74576,8 +74713,8 @@ rule ELASTIC_Linux_Generic_Threat_Ea5Ade9A : FILE MEMORY date = "2024-01-17" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Generic_Threat.yar#L22-L40" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Generic_Threat.yar#L22-L40" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "d75189d883b739d9fe558637b1fab7f41e414937a8bae7a9d58347c223a1fcaa" logic_hash = "12a9b5e54d6d528ecb559b6e2ea3aa72effa7f0efbf2c33581a4efedc292e4c1" score = 75 @@ -74605,8 +74742,8 @@ rule ELASTIC_Linux_Generic_Threat_80Aea077 : FILE MEMORY date = "2024-01-17" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Generic_Threat.yar#L42-L60" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Generic_Threat.yar#L42-L60" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "002827c41bc93772cd2832bc08dfc413302b1a29008adbb6822343861b9818f0" logic_hash = "cab860ad5f0c49555adb845504acb4dbeabb94dbc287202be35020e055e6f27b" score = 75 @@ -74634,8 +74771,8 @@ rule ELASTIC_Linux_Generic_Threat_2E214A04 : FILE MEMORY date = "2024-01-17" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Generic_Threat.yar#L62-L81" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Generic_Threat.yar#L62-L81" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "cad65816cc1a83c131fad63a545a4bd0bdaa45ea8cf039cbc6191e3c9f19dead" logic_hash = "0d29aa6214b0a05f9af10cdc080ffa33452156e13c057f31997630cebcda294a" score = 75 @@ -74664,8 +74801,8 @@ rule ELASTIC_Linux_Generic_Threat_0B770605 : FILE MEMORY date = "2024-01-17" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Generic_Threat.yar#L83-L102" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Generic_Threat.yar#L83-L102" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "99418cbe1496d5cd4177a341e6121411bc1fab600d192a3c9772e8e6cd3c4e88" logic_hash = "d4aae755870765a119ee7ae648d4388e0786e8ab6f7f196d81c6356be7d0ddfb" score = 75 @@ -74694,8 +74831,8 @@ rule ELASTIC_Linux_Generic_Threat_92064B27 : FILE MEMORY date = "2024-01-17" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Generic_Threat.yar#L104-L122" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Generic_Threat.yar#L104-L122" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "8e5cfcda52656a98105a48783b9362bad22f61bcb6a12a27207a08de826432d9" logic_hash = "adb9ed7280065f77440bd1e106bc800ebe6251119151cd54b76dc2917b013f65" score = 75 @@ -74723,8 +74860,8 @@ rule ELASTIC_Linux_Generic_Threat_De6Be095 : FILE MEMORY date = "2024-01-17" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Generic_Threat.yar#L124-L143" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Generic_Threat.yar#L124-L143" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "2431239d6e60ca24a5440e6c92da62b723a7e35c805f04db6b80f96c8cf9fee6" logic_hash = "cbd7578830169703b047adb1785b05d226f2507a65c203ee344d8e2b3a24f6c9" score = 75 @@ -74753,8 +74890,8 @@ rule ELASTIC_Linux_Generic_Threat_898D9308 : FILE MEMORY date = "2024-01-18" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Generic_Threat.yar#L145-L164" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Generic_Threat.yar#L145-L164" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "ce89863a16787a6f39c25fd15ee48c4d196223668a264217f5d1cea31f8dc8ef" logic_hash = "8b5deedf18d660d0b76dc987843ff5cc01432536a04ab4925e9b08269fd847e4" score = 75 @@ -74783,8 +74920,8 @@ rule ELASTIC_Linux_Generic_Threat_23D54A0E : FILE MEMORY date = "2024-01-18" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Generic_Threat.yar#L166-L185" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Generic_Threat.yar#L166-L185" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "a2b54f789a1c4cbed13e0e2a5ab61e0ce5bb42d44fe52ad4b7dd3da610045257" logic_hash = "7e52eaf9c49bd6cbdb89b0c525b448864e1ea55d00bc052898613174fe5956cc" score = 75 @@ -74813,8 +74950,8 @@ rule ELASTIC_Linux_Generic_Threat_D7802B0A : FILE MEMORY date = "2024-01-18" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Generic_Threat.yar#L187-L205" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Generic_Threat.yar#L187-L205" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "a2b54f789a1c4cbed13e0e2a5ab61e0ce5bb42d44fe52ad4b7dd3da610045257" logic_hash = "3e1452204fef11d63870af5f143ae73f4b8e5a4db83a53851444fbf8a0ea6a26" score = 75 @@ -74842,8 +74979,8 @@ rule ELASTIC_Linux_Generic_Threat_08E4Ee8C : FILE MEMORY date = "2024-01-18" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Generic_Threat.yar#L207-L225" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Generic_Threat.yar#L207-L225" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "35eeba173fb481ac30c40c1659ccc129eae2d4d922e27cf071047698e8d95aea" logic_hash = "a927415afbab32adee49a583fc35bc3d44764f87bbbb3497b38af6feb92cd9a8" score = 75 @@ -74871,8 +75008,8 @@ rule ELASTIC_Linux_Generic_Threat_D60E5924 : FILE MEMORY date = "2024-01-18" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Generic_Threat.yar#L227-L246" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Generic_Threat.yar#L227-L246" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "fdcc2366033541053a7c2994e1789f049e9e6579226478e2b420ebe8a7cebcd3" logic_hash = "012111e4a38c1f901dcd830cc26ef8dcfbde7986fcc8b8eebddb8d8b7a0cec6a" score = 75 @@ -74901,8 +75038,8 @@ rule ELASTIC_Linux_Generic_Threat_6Bed4416 : FILE MEMORY date = "2024-01-18" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Generic_Threat.yar#L248-L266" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Generic_Threat.yar#L248-L266" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "a2b54f789a1c4cbed13e0e2a5ab61e0ce5bb42d44fe52ad4b7dd3da610045257" logic_hash = "c098e27a12d5d10af67d1b78572bc7daeb500504527428366e1d9a4e55e0f4d7" score = 75 @@ -74930,8 +75067,8 @@ rule ELASTIC_Linux_Generic_Threat_Fc5B5B86 : FILE MEMORY date = "2024-01-18" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Generic_Threat.yar#L268-L286" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Generic_Threat.yar#L268-L286" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "134b063d9b5faed11c6db6848f800b63748ca81aeca46caa0a7c447d07a9cd9b" logic_hash = "a11ed323df7283188cf99ca89abbd18673fef88660df1150d4dc72de04a836a8" score = 75 @@ -74959,8 +75096,8 @@ rule ELASTIC_Linux_Generic_Threat_2C8D824C : FILE MEMORY date = "2024-01-18" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Generic_Threat.yar#L288-L306" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Generic_Threat.yar#L288-L306" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "9106bdd27e67d6eebfaec5b1482069285949de10afb28a538804ce64add88890" logic_hash = "c8fc90ec5e93ff39443f513e83f34140819a30b737da2a412ba97a7b221ca9dc" score = 75 @@ -74988,8 +75125,8 @@ rule ELASTIC_Linux_Generic_Threat_936B24D5 : FILE MEMORY date = "2024-01-18" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Generic_Threat.yar#L308-L326" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Generic_Threat.yar#L308-L326" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "fb8eb0c876148a4199cc873b84fd9c1c6abc1341e02d118f72ffb0dae37592a4" logic_hash = "972bbc4950c49ff7bc880b1d24b586072eb8541584b97a00ac501fac133a3157" score = 75 @@ -75017,8 +75154,8 @@ rule ELASTIC_Linux_Generic_Threat_98Bbca63 : FILE MEMORY date = "2024-01-22" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Generic_Threat.yar#L328-L347" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Generic_Threat.yar#L328-L347" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "1d4d3d8e089dcca348bb4a5115ee2991575c70584dce674da13b738dd0d6ff98" logic_hash = "1728d47b3f364cff02ae61ccf381ecab0c1fe46a5c76d832731fdf7acc1caf55" score = 75 @@ -75047,8 +75184,8 @@ rule ELASTIC_Linux_Generic_Threat_9Aaf894F : FILE MEMORY date = "2024-01-22" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Generic_Threat.yar#L349-L367" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Generic_Threat.yar#L349-L367" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "467ac05956eec6c74217112721b3008186b2802af2cafed6d2038c79621bcb08" logic_hash = "b28d6a8c23aba4371e2e5f48861d2bcc8bdfa7212738eda7b1b4a3059d159cf2" score = 75 @@ -75076,8 +75213,8 @@ rule ELASTIC_Linux_Generic_Threat_Ba3A047D : FILE MEMORY date = "2024-01-22" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Generic_Threat.yar#L369-L388" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Generic_Threat.yar#L369-L388" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "3064e89f3585f7f5b69852f1502e34a8423edf5b7da89b93fb8bd0bef0a28b8b" logic_hash = "ffcfb90c0c796b7b343adbd2142193759ececddd0700c0bb4e2898947464b1a2" score = 75 @@ -75106,8 +75243,8 @@ rule ELASTIC_Linux_Generic_Threat_902Cfdc5 : FILE MEMORY date = "2024-01-23" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Generic_Threat.yar#L390-L408" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Generic_Threat.yar#L390-L408" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "3fa5057e1be1cfeb73f6ebcdf84e00c37e9e09f1bec347d5424dd730a2124fa8" logic_hash = "0f86914cb598262744660e65048f75d071307ae47d069971bfcd049a7d4b36e5" score = 75 @@ -75135,8 +75272,8 @@ rule ELASTIC_Linux_Generic_Threat_094C1238 : FILE MEMORY date = "2024-01-23" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Generic_Threat.yar#L410-L428" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Generic_Threat.yar#L410-L428" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "2bfe7d51d59901af345ef06dafd8f0e950dcf8461922999670182bfc7082befd" logic_hash = "fb82e16bf153c88377cc8655557bc1f021af6e04e1160129ce9555e078d00a0d" score = 75 @@ -75164,8 +75301,8 @@ rule ELASTIC_Linux_Generic_Threat_A8Faf785 : FILE MEMORY date = "2024-01-23" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Generic_Threat.yar#L430-L448" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Generic_Threat.yar#L430-L448" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "6028562baf0a7dd27329c8926585007ba3e0648da25088204ebab2ac8f723e70" logic_hash = "3ab5d9ba39be2553173f6eb4d2a1ca22bfb9f1bd537fed247f273eba1eabd782" score = 75 @@ -75193,8 +75330,8 @@ rule ELASTIC_Linux_Generic_Threat_04E8E4A5 : FILE MEMORY date = "2024-01-23" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Generic_Threat.yar#L450-L468" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Generic_Threat.yar#L450-L468" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "248f010f18962c8d1cc4587e6c8b683a120a1e838d091284ba141566a8a01b92" logic_hash = "9b04725bf0a75340c011028b201ed08eb9de305a5b4630cc79156c0a847cdc9e" score = 75 @@ -75222,8 +75359,8 @@ rule ELASTIC_Linux_Generic_Threat_47B147Ec : FILE MEMORY date = "2024-02-01" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Generic_Threat.yar#L470-L488" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Generic_Threat.yar#L470-L488" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "cc7734a10998a4878b8f0c362971243ea051ce6c1689444ba6e71aea297fb70d" logic_hash = "84c68f2ed76d644122daf81d41d4eb0be9aa8b1c82993464d3138ae30992110f" score = 75 @@ -75251,8 +75388,8 @@ rule ELASTIC_Linux_Generic_Threat_887671E9 : FILE MEMORY date = "2024-02-01" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Generic_Threat.yar#L490-L508" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Generic_Threat.yar#L490-L508" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "701c7c75ed6a7aaf59f5a1f04192a1f7d49d73c1bd36453aed703ad5560606dc" logic_hash = "eefe9391a9ce716dbe16f11b8ccea89d032fdad42fcabd84ffe584409c550847" score = 75 @@ -75280,8 +75417,8 @@ rule ELASTIC_Linux_Generic_Threat_9Cf10F10 : FILE MEMORY date = "2024-02-01" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Generic_Threat.yar#L510-L528" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Generic_Threat.yar#L510-L528" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "d07c9be37dc37f43a54c8249fe887dbc4058708f238ff3d95ed21f874cbb84e8" logic_hash = "ca4ae64b73fb7013008e8049d17479032d904a3faf5ad0f2ad079971a231a3b8" score = 75 @@ -75309,8 +75446,8 @@ rule ELASTIC_Linux_Generic_Threat_75813Ab2 : FILE MEMORY date = "2024-02-01" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Generic_Threat.yar#L530-L549" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Generic_Threat.yar#L530-L549" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "5819eb73254fd2a698eb71bd738cf3df7beb65e8fb5e866151e8135865e3fd9a" logic_hash = "06e5daed278273137e416ef3ee6ac8496b144a9c3ce213ec92881ba61d7db6cb" score = 75 @@ -75339,8 +75476,8 @@ rule ELASTIC_Linux_Generic_Threat_11041685 : FILE MEMORY date = "2024-02-01" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Generic_Threat.yar#L551-L570" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Generic_Threat.yar#L551-L570" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "296440107afb1c8c03e5efaf862f2e8cc6b5d2cf979f2c73ccac859d4b78865a" logic_hash = "19f4109e73981424527ece8c375274f97fd3042427b7875071451a8081a9aae7" score = 75 @@ -75369,8 +75506,8 @@ rule ELASTIC_Linux_Generic_Threat_0D22F19C : FILE MEMORY date = "2024-02-01" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Generic_Threat.yar#L572-L591" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Generic_Threat.yar#L572-L591" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "da5a204af600e73184455d44aa6e01d82be8b480aa787b28a1df88bb281eb4db" logic_hash = "ee43796b0717717cb012385d5bb3aece433c11780f1a293d280c39411f9fed98" score = 75 @@ -75399,8 +75536,8 @@ rule ELASTIC_Linux_Generic_Threat_4A46B0E1 : FILE MEMORY date = "2024-02-01" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Generic_Threat.yar#L593-L612" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Generic_Threat.yar#L593-L612" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "3ba47ba830ab8deebd9bb906ea45c7df1f7a281277b44d43c588c55c11eba34a" logic_hash = "e3f6804f502fad8c893fb4c3c27506b6ef17d7e0d0a01399c6d185bad92e895a" score = 75 @@ -75429,8 +75566,8 @@ rule ELASTIC_Linux_Generic_Threat_0A02156C : FILE MEMORY date = "2024-02-01" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Generic_Threat.yar#L614-L633" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Generic_Threat.yar#L614-L633" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "f23d4b1fd10e3cdd5499a12f426e72cdf0a098617e6b178401441f249836371e" logic_hash = "3ceea812f0252ec703a92482ce7a3ef0aa65bad149df2aa0107e07a45490b8f1" score = 75 @@ -75459,8 +75596,8 @@ rule ELASTIC_Linux_Generic_Threat_6D7Ec30A : FILE MEMORY date = "2024-02-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Generic_Threat.yar#L635-L654" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Generic_Threat.yar#L635-L654" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "1cad1ddad84cdd8788478c529ed4a5f25911fb98d0a6241dcf5f32b0cdfc3eb0" logic_hash = "33c705b89a82989c25fc67f50b06aa3a613cae567ec652d86ae64bad4b253c28" score = 75 @@ -75489,8 +75626,8 @@ rule ELASTIC_Linux_Generic_Threat_900Ffdd4 : FILE MEMORY date = "2024-02-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Generic_Threat.yar#L656-L674" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Generic_Threat.yar#L656-L674" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "a3e1a1f22f6d32931d3f72c35a5ee50092b5492b3874e9e6309d015d82bddc5d" logic_hash = "eb69bfc146b32e790fffdf4588b583335d2006182070b53fec43bb6e4971d779" score = 75 @@ -75518,8 +75655,8 @@ rule ELASTIC_Linux_Generic_Threat_Cb825102 : FILE MEMORY date = "2024-02-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Generic_Threat.yar#L676-L694" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Generic_Threat.yar#L676-L694" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "4e24b72b24026e3dfbd65ddab9194bd03d09446f9ff0b3bcec76efbb5c096584" logic_hash = "ac48f32ec82aac6df0697729d14aaee65fba82d91173332cd13c6ccccd63b1be" score = 75 @@ -75547,8 +75684,8 @@ rule ELASTIC_Linux_Generic_Threat_3Bcc1630 : FILE MEMORY date = "2024-02-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Generic_Threat.yar#L696-L716" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Generic_Threat.yar#L696-L716" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "62a6866e924af2e2f5c8c1f5009ce64000acf700bb5351a47c7cfce6a4b2ffeb" logic_hash = "6f602aac6db46ac3f5b7716a1dac53b5dbd2c583505644bfc617d69be0a2d4de" score = 75 @@ -75578,8 +75715,8 @@ rule ELASTIC_Linux_Generic_Threat_5D5Fd28E : FILE MEMORY date = "2024-02-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Generic_Threat.yar#L718-L738" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Generic_Threat.yar#L718-L738" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "5b179a117e946ce639e99ff42ab70616ed9f3953ff90b131b4b3063f970fa955" logic_hash = "b29ca34b98ee87151496f900fa3558190127957539afac3fd99db2dc51980213" score = 75 @@ -75609,8 +75746,8 @@ rule ELASTIC_Linux_Generic_Threat_B0B891Fb : FILE MEMORY date = "2024-02-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Generic_Threat.yar#L740-L759" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Generic_Threat.yar#L740-L759" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "d666bc0600075f01d8139f8b09c5f4e4da17fa06a86ebb3fa0dc478562e541ae" logic_hash = "9ec82691a230f3240b1253f99a45cd0baa3238b6fd533004a22a6152b6ac9a12" score = 75 @@ -75639,8 +75776,8 @@ rule ELASTIC_Linux_Generic_Threat_Cd9Ce063 : FILE MEMORY date = "2024-02-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Generic_Threat.yar#L761-L779" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Generic_Threat.yar#L761-L779" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "485581520dd73429b662b73083d504aa8118e01c5d37c1c08b21a5db0341a19d" logic_hash = "ba070c2147028cad4be1c139b16a770c9d9854456d073373a93ed0b213f7b34c" score = 75 @@ -75668,8 +75805,8 @@ rule ELASTIC_Linux_Generic_Threat_B8B076F4 : FILE MEMORY date = "2024-02-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Generic_Threat.yar#L781-L799" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Generic_Threat.yar#L781-L799" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "4496e77ff00ad49a32e090750cb10c55e773752f4a50be05e3c7faacc97d2677" logic_hash = "37f3be4cbda4a93136d66e32d7245d4c962a9fe1c98fb0325f42a1d16d6d9415" score = 75 @@ -75697,8 +75834,8 @@ rule ELASTIC_Linux_Generic_Threat_1Ac392Ca : FILE MEMORY date = "2024-02-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Generic_Threat.yar#L801-L819" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Generic_Threat.yar#L801-L819" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "dca2d035b1f7191f7876eb727b13c308f63fe8f899cab643526f9492ec0fa16f" logic_hash = "6ffa5099c0d18644cd11a0511db542d2f809e4cba974eccca814fedf5a2b0a5b" score = 75 @@ -75726,8 +75863,8 @@ rule ELASTIC_Linux_Generic_Threat_949Bf68C : FILE MEMORY date = "2024-02-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Generic_Threat.yar#L821-L839" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Generic_Threat.yar#L821-L839" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "cc1b339ff6b33912a8713c192e8743d1207917825b62b6f585ab7c8d6ab4c044" logic_hash = "aaae0a8a2827786513891bc8c3e3418823ae3f3291d891e80e82113b929f7513" score = 75 @@ -75755,8 +75892,8 @@ rule ELASTIC_Linux_Generic_Threat_Bd35454B : FILE MEMORY date = "2024-02-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Generic_Threat.yar#L841-L860" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Generic_Threat.yar#L841-L860" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "cd729507d2e17aea23a56a56e0c593214dbda4197e8a353abe4ed0c5fbc4799c" logic_hash = "d3619cdb002b4ac7167716234058f949623c42a64614f5eb7956866b68fff5e4" score = 75 @@ -75785,8 +75922,8 @@ rule ELASTIC_Linux_Generic_Threat_1E047045 : FILE MEMORY date = "2024-02-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Generic_Threat.yar#L862-L880" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Generic_Threat.yar#L862-L880" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "2c49772d89bcc4ad4ed0cc130f91ed0ce1e625262762a4e9279058f36f4f5841" logic_hash = "0d28df53e030664e7225f1170888b51e94e64833537c5add3e10cfdb4f029a3a" score = 75 @@ -75814,8 +75951,8 @@ rule ELASTIC_Linux_Generic_Threat_1973391F : FILE MEMORY date = "2024-02-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Generic_Threat.yar#L882-L901" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Generic_Threat.yar#L882-L901" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "7bd76010f18061aeaf612ad96d7c03341519d85f6a1683fc4b2c74ea0508fe1f" logic_hash = "632a43b68e498f463ff5dfa78212646b8bd108ea47ff11164c8c1a69e830c1ac" score = 75 @@ -75844,8 +75981,8 @@ rule ELASTIC_Linux_Generic_Threat_66D00A84 : FILE MEMORY date = "2024-02-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Generic_Threat.yar#L903-L921" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Generic_Threat.yar#L903-L921" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "464e144bcbb54fc34262b4d81143f4e69e350fb526c803ebea1fdcfc8e57bf33" logic_hash = "a1d60619d72b3309bfaaf8b4085dd5ed90142ff3e9ebfe80fcd7beba5f14a62e" score = 75 @@ -75873,8 +76010,8 @@ rule ELASTIC_Linux_Generic_Threat_D2Dca9E7 : FILE MEMORY date = "2024-05-20" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Generic_Threat.yar#L923-L941" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Generic_Threat.yar#L923-L941" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "9b10bb3773011c4da44bf3a0f05b83079e4ad30f0b1eb2636a6025b927e03c7f" logic_hash = "175b9a80314cf280b995a012f13e65bd4ce7e27faebf02ae5abe978dbd14447c" score = 75 @@ -75902,8 +76039,8 @@ rule ELASTIC_Linux_Generic_Threat_1F5D056B : FILE MEMORY date = "2024-05-20" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Generic_Threat.yar#L943-L962" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Generic_Threat.yar#L943-L962" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "99d982701b156fe3523b359498c2d03899ea9805d6349416c9702b1067293471" logic_hash = "8ad23b593880dc1bebc95c92d0efc3a90e6b1e143c350e30b1a4258502ce7fc7" score = 75 @@ -75932,8 +76069,8 @@ rule ELASTIC_Linux_Generic_Threat_D94E1020 : FILE MEMORY date = "2024-05-20" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Generic_Threat.yar#L964-L982" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Generic_Threat.yar#L964-L982" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "96a2bfbb55250b784e94b1006391cc51e4adecbdde1fe450eab53353186f6ff0" logic_hash = "e4b4e588588080c66076aec02f56b4764a5f72059922db9651461c0287fe0351" score = 75 @@ -75961,8 +76098,8 @@ rule ELASTIC_Linux_Generic_Threat_Aa0C23D5 : FILE MEMORY date = "2024-05-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Generic_Threat.yar#L984-L1004" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Generic_Threat.yar#L984-L1004" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "8314290b81b827e1a1d157c41916a41a1c033e4f74876acc6806ed79ebbcc13d" logic_hash = "092f0ece2dfca3e02493c00afffe48ca4feccf56ab6f22d952a7ba5f115f3765" score = 75 @@ -75992,8 +76129,8 @@ rule ELASTIC_Linux_Generic_Threat_8299C877 : FILE MEMORY date = "2024-05-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Generic_Threat.yar#L1006-L1024" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Generic_Threat.yar#L1006-L1024" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "60c486049ec82b4fa2e0a53293ae6476216b76e2c23238ef1c723ac0a2ae070c" logic_hash = "3e0653a02517faa3037fc5f3f01f6fb11164fecafc6eca457a122ef2d1a99010" score = 75 @@ -76021,8 +76158,8 @@ rule ELASTIC_Linux_Generic_Threat_81Aa5579 : FILE MEMORY date = "2024-05-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Generic_Threat.yar#L1026-L1044" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Generic_Threat.yar#L1026-L1044" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "6be0e2c98ba5255b76c31f689432a9de83a0d76a898c28dbed0ba11354fec6c2" logic_hash = "c94d590daf61217335a72f3e1bc24b09084cf0a5a174c013c5aa97c01707c2bc" score = 75 @@ -76050,8 +76187,8 @@ rule ELASTIC_Linux_Generic_Threat_F2452362 : FILE MEMORY date = "2024-05-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Generic_Threat.yar#L1046-L1065" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Generic_Threat.yar#L1046-L1065" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "5ff46c27b5823e55f25c9567d687529a24a0d52dea5bc2423b36345782e6b8f6" logic_hash = "95d51077cb7c0f4b089a2e2ee8fcbab204264ade7ddd64fc1ee0176183dc84e0" score = 75 @@ -76080,8 +76217,8 @@ rule ELASTIC_Linux_Generic_Threat_Da28Eb8B : FILE MEMORY date = "2024-05-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Generic_Threat.yar#L1067-L1086" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Generic_Threat.yar#L1067-L1086" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "b3b4fcd19d71814d3b4899528ee9c3c2188e4a7a4d8ddb88859b1a6868e8433f" logic_hash = "8b0892d0dd8a012a1f9cd87a0ad3321ae751dd17a96205c12e6648946cf2afe2" score = 75 @@ -76110,8 +76247,8 @@ rule ELASTIC_Linux_Generic_Threat_A40Aaa96 : FILE MEMORY date = "2024-05-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Generic_Threat.yar#L1088-L1108" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Generic_Threat.yar#L1088-L1108" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "6f965252141084524f85d94169b13938721bce24cc986bf870473566b7cfd81b" logic_hash = "ab05cbf494b3b78083fd3e71703effed797d803b0203f8a413eb69b746656b1d" score = 75 @@ -76141,8 +76278,8 @@ rule ELASTIC_Linux_Generic_Threat_E24558E1 : FILE MEMORY date = "2024-05-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Generic_Threat.yar#L1110-L1130" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Generic_Threat.yar#L1110-L1130" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "9f483ddd8971cad4b25bb36a5a0cfb95c35a12c7d5cb9124ef0cfd020da63e99" logic_hash = "f1f33c719a4b41968c137ed43aa0591f97b4558d4dd9bd160df519dfbbc49205" score = 75 @@ -76172,8 +76309,8 @@ rule ELASTIC_Linux_Generic_Threat_Ace836F1 : FILE MEMORY date = "2024-05-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Generic_Threat.yar#L1132-L1150" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Generic_Threat.yar#L1132-L1150" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "116aaba80e2f303206d0ba84c8c58a4e3e34b70a8ca2717fa9cf1aa414d5ffcc" logic_hash = "c80af9d6f3e4d92cfa53429abbda944069d335fc89421a89e04089d236f5dddf" score = 75 @@ -76201,8 +76338,8 @@ rule ELASTIC_Linux_Generic_Threat_E9Aef030 : FILE MEMORY date = "2024-05-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Generic_Threat.yar#L1152-L1170" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Generic_Threat.yar#L1152-L1170" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "5ab72be12cca8275d95a90188a1584d67f95d43a7903987e734002983b5a3925" logic_hash = "1d458e147d6667e2e0740d6d26fee05ac02f49e9eba30002852e723308b1b462" score = 75 @@ -76230,8 +76367,8 @@ rule ELASTIC_Linux_Generic_Threat_A3C5F3Bd : FILE MEMORY date = "2024-05-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Generic_Threat.yar#L1172-L1192" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Generic_Threat.yar#L1172-L1192" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "8c093bcf3d83545ec442519637c956d2af62193ea6fd2769925cacda54e672b6" logic_hash = "41e66d1f47e7197662aa661ef49ee1f3191fee07a49538dd631ce9cc6fdd56be" score = 75 @@ -76261,8 +76398,8 @@ rule ELASTIC_Linux_Generic_Threat_3Fa2Df51 : FILE MEMORY date = "2024-05-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Generic_Threat.yar#L1194-L1213" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Generic_Threat.yar#L1194-L1213" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "89ec224db6b63936e8bc772415d785ef063bfd9343319892e832034696ff6f15" logic_hash = "f43b659dd093a635d9723b2443366763132217aaf28c582ed43f180725f92f19" score = 75 @@ -76291,8 +76428,8 @@ rule ELASTIC_Linux_Generic_Threat_Be02B1C9 : FILE MEMORY date = "2024-05-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Generic_Threat.yar#L1215-L1233" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Generic_Threat.yar#L1215-L1233" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "ef6d47ed26f9ac96836f112f1085656cf73fc445c8bacdb737b8be34d8e3bcd2" logic_hash = "a278c3a8033139d84c99a53901526895b154b5ef363fbeed47095889a5fb8d31" score = 75 @@ -76320,8 +76457,8 @@ rule ELASTIC_Windows_Ransomware_Ransomexx_Fabff49C : FILE MEMORY date = "2021-08-07" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Ransomexx.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Ransomexx.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "480af18104198ad3db1518501ee58f9c4aecd19dbbf2c5dd7694d1d87e9aeac7" logic_hash = "67d5123b706685ea5ab939aec31cb1549297778d91dd38b14e109945c52da71a" score = 75 @@ -76352,8 +76489,8 @@ rule ELASTIC_Linux_Trojan_Shellbot_65Aa6568 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Shellbot.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Shellbot.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "457d1f4e1db41a9bdbfad78a6815f42e45da16ad0252673b9a2b5dcefc02c47b" logic_hash = "46558801151ddc2f25bf46a278719f027acca2a18d2a9fcb275f4d787fbb1f0b" score = 75 @@ -76381,8 +76518,8 @@ rule ELASTIC_Windows_Vulndriver_Dbutil_Ffe07C79 : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_VulnDriver_DBUtil.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_VulnDriver_DBUtil.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "87e38e7aeaaaa96efe1a74f59fca8371de93544b7af22862eb0e574cec49c7c3" logic_hash = "18b1c93c395b105f446b4c968441e0a43e42b1bd7efcf6501a89eb92cbd21824" score = 75 @@ -76410,8 +76547,8 @@ rule ELASTIC_Windows_Vulndriver_Dbutil_852Ba283 : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_VulnDriver_DBUtil.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_VulnDriver_DBUtil.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "0296e2ce999e67c76352613a718e11516fe1b0efc3ffdb8918fc999dd76a73a5" logic_hash = "78acd081c2517f9c53cb311481c0cc40cc3699b222afc290da1a3698e7bf75b7" score = 75 @@ -76439,8 +76576,8 @@ rule ELASTIC_Windows_Trojan_Merlin_E8Ecb3Be : FILE MEMORY date = "2022-01-05" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Merlin.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Merlin.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "768c120e63d3960a0842dcc538749955ab7caabaeaf3682f6d1e30666aac65a8" logic_hash = "293158c981463544abd0c38694bfc8635ad1a679bbae115521b65879f145cea6" score = 75 @@ -76468,8 +76605,8 @@ rule ELASTIC_Windows_Vulndriver_Agent64_8Ef48Aeb : FILE date = "2022-07-19" modified = "2022-07-19" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_VulnDriver_Agent64.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_VulnDriver_Agent64.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "05f052c64d192cf69a462a5ec16dda0d43ca5d0245900c9fcb9201685a2e7748" hash = "4045ae77859b1dbf13972451972eaaf6f3c97bea423e9e78f1c2f14330cd47ca" logic_hash = "a35f82202507e582e3cbc7018656545fcee1244ec1638a696f0b7c970fd5023c" @@ -76503,8 +76640,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_D9E6B88E : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Tsunami.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Tsunami.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "a4ac275275e7be694a200fe6c5c5746256398c109cf54f45220637fe5d9e26ba" logic_hash = "979d2ae62efca0f719ed1db2ff832dc9a0aa0347dcd50ccede29ec35cba6d296" score = 75 @@ -76532,8 +76669,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_30C039E2 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Tsunami.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Tsunami.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "b494ca3b7bae2ab9a5197b81e928baae5b8eac77dfdc7fe1223fee8f27024772" logic_hash = "a9dbfede68a3209b403aa40dbc5b69326c3e1c14259ed6bc6351f0f9412cfce2" score = 75 @@ -76561,8 +76698,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_C94Eec37 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Tsunami.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Tsunami.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "294fcdd57fc0a53e2d63b620e85fa65c00942db2163921719d052d341aa2dc30" logic_hash = "39a49e1661ac2ca6a43a56b0bd136976f6d506c0779d862a43ba2c25d6947fee" score = 75 @@ -76590,8 +76727,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_F806D5D9 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Tsunami.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Tsunami.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "5259495788f730a2a3bad7478c1873c8a6296506a778f18bc68e39ce48b979da" logic_hash = "86336f662e3abcf2fe7635155782c549fc9eef514356bf78bfbc3b65192e2d90" score = 75 @@ -76619,8 +76756,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_0Fa3A6E9 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Tsunami.yar#L81-L99" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Tsunami.yar#L81-L99" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "40a15a186373a062bfb476b37a73c61e1ba84e5fa57282a7f9ec0481860f372a" logic_hash = "970062e909ffe5356b750605f2c44a6e893949bc5bc71be3ea98b16e51629d4d" score = 75 @@ -76648,8 +76785,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_36A98405 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Tsunami.yar#L101-L119" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Tsunami.yar#L101-L119" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "a57de6cd3468f55b4bfded5f1eed610fdb2cbffbb584660ae000c20663d5b304" logic_hash = "a32d324d1865a7796faefbc2f209e6043008a696929fe7837afbbc770e6f4c74" score = 75 @@ -76677,8 +76814,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_0C6686B8 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Tsunami.yar#L121-L139" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Tsunami.yar#L121-L139" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "409c55110d392aed1a9ec98a6598fb8da86ab415534c8754aa48e3949e7c4b62" logic_hash = "731bb3f9957e8777040c0b7b316a818f4ee1ca9a113fb9eed24ee61bfc71e11d" score = 75 @@ -76706,8 +76843,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_9Ce5B69F : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Tsunami.yar#L141-L159" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Tsunami.yar#L141-L159" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "ad63fbd15b7de4da0db1b38609b7481253c100e3028c19831a5d5c1926351829" logic_hash = "b9756eb99e59ba3a9a616b391bcf26bda26a6ac0de115460f9ba52129f590764" score = 75 @@ -76735,8 +76872,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_55A80Ab6 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Tsunami.yar#L161-L179" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Tsunami.yar#L161-L179" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "5259495788f730a2a3bad7478c1873c8a6296506a778f18bc68e39ce48b979da" logic_hash = "1fc29f98e9ea2a5b67d0a88f37813a5e62b5f1d2a26aee74f90e9ead445dc713" score = 75 @@ -76764,8 +76901,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_E98B83Ee : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Tsunami.yar#L181-L199" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Tsunami.yar#L181-L199" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "cf1ca1d824c8687e87a5b0275a0e39fa101442b4bbf470859ddda9982f9b3417" logic_hash = "8b16c0fee991ee2143a20998097066a90b1f20060bac7b42e5c3188adcdc7907" score = 75 @@ -76793,8 +76930,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_8A11F9Be : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Tsunami.yar#L201-L219" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Tsunami.yar#L201-L219" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "1f773d0e00d40eecde9e3ab80438698923a2620036c2fc33315ef95229e98571" logic_hash = "f80dcb3579a76da787e9bb2bfb02ef86e464aec1bea405f02642b8c8902c7663" score = 75 @@ -76822,8 +76959,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_2462067E : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Tsunami.yar#L221-L239" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Tsunami.yar#L221-L239" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "3847f1c7c15ce771613079419de3d5e8adc07208e1fefa23f7dd416b532853a1" logic_hash = "cf6c0703f9108f8193e0a9c18ba3d76263527a13fe44e194fa464d399512ae05" score = 75 @@ -76851,8 +76988,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_0A028640 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Tsunami.yar#L241-L259" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Tsunami.yar#L241-L259" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "e36081f0dbd6d523c9378cdd312e117642b0359b545b29a61d8f9027d8c0f2f0" logic_hash = "663f110c7214498466759b66a83ff1844f5bf45ce706fa8ad0e8b205cc9c8f72" score = 75 @@ -76880,8 +77017,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_6B3974B2 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Tsunami.yar#L281-L299" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Tsunami.yar#L281-L299" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "2216776ba5c6495d86a13f6a3ce61b655b72a328ca05b3678d1abb7a20829d04" logic_hash = "7c44a0abcd51a6b775fc379b592652ebb10faf16c039ca23b20984183340cada" score = 75 @@ -76909,8 +77046,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_87Bcb848 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Tsunami.yar#L301-L319" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Tsunami.yar#L301-L319" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "575b0dc887d132aa3983e5712b8f642b03762b0685fbd5a32c104bca72871857" logic_hash = "60e8aa7e27ea0bec665075a373ce150c21af4cddfd511b7ec771293126f0006c" score = 75 @@ -76938,8 +77075,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_Ad60D7E8 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Tsunami.yar#L321-L338" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Tsunami.yar#L321-L338" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "1253a8cd1a5230f1ec1f8c7ecd07f89f28acf5c2aa92395c6cb9e635c16a1e25" score = 75 quality = 73 @@ -76966,8 +77103,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_22646C0D : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Tsunami.yar#L340-L358" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Tsunami.yar#L340-L358" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "20439a8fc21a94c194888725fbbb7a7fbeef5faf4b0f704559d89f1cd2e57d9d" logic_hash = "548f531429132392f6d9bccff706b56ba87d8e44763116dedca5d0baa5097b92" score = 75 @@ -76995,8 +77132,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_019F0E75 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Tsunami.yar#L360-L378" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Tsunami.yar#L360-L378" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "575b0dc887d132aa3983e5712b8f642b03762b0685fbd5a32c104bca72871857" logic_hash = "7a63eb94266b04a31ba67165c512e2e060c3e344665aeed748a51943143b2219" score = 75 @@ -77024,8 +77161,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_7C545Abf : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Tsunami.yar#L380-L398" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Tsunami.yar#L380-L398" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "95691c7ad1d80f7f1b5541e1d1a1dbeba30a26702a4080d256f14edb75851c5d" logic_hash = "fa50ccc4c85417d18a84b7f117f853609c44b17c488a937cdc7495e2d32757f7" score = 75 @@ -77053,8 +77190,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_32C0B950 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Tsunami.yar#L400-L418" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Tsunami.yar#L400-L418" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "214c1caf20ceae579476d3bf97f489484df4c5f1c0c44d37ff9b9066072cd83c" logic_hash = "db077e5916327ca78fcc9dc35f64e5c497dbbe60c4a0c1eb7abb49c555765681" score = 75 @@ -77082,8 +77219,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_Cbf50D9C : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Tsunami.yar#L420-L438" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Tsunami.yar#L420-L438" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "b64d0cf4fc4149aa4f63900e61b6739e154d328ea1eb31f4c231016679fc4aa5" logic_hash = "331a35fb3ecc54022b1d4d05bd64e7c5c6a7997b06dbea3a36c33ccc0a2f7086" score = 75 @@ -77111,8 +77248,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_40C25A06 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Tsunami.yar#L440-L458" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Tsunami.yar#L440-L458" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "61af6bb7be25465e7d469953763be5671f33c197d4b005e4a78227da11ae91e9" logic_hash = "38976911ff9e56fae27fad8b9df01063ed703f43c8220b1fbcef7a3945b3f1ad" score = 75 @@ -77140,8 +77277,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_35806Adc : FILE MEMORY date = "2021-12-13" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Tsunami.yar#L460-L478" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Tsunami.yar#L460-L478" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "15e7942ebf88a51346d3a5975bb1c2d87996799e6255db9e92aed798d279b36b" logic_hash = "6e9d3e5c0a33208d1b5f4f84f8634955e70bd63395b367cd1ece67798ce5e502" score = 75 @@ -77169,8 +77306,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_D74D7F0C : FILE MEMORY date = "2021-12-13" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Tsunami.yar#L480-L498" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Tsunami.yar#L480-L498" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "b0a8b2259c00d563aa387d7e1a1f1527405da19bf4741053f5822071699795e2" logic_hash = "6f5313fc9e838bd06bd4e797ea7fb448073849dc714ecf18809f94900fa11ca2" score = 75 @@ -77198,8 +77335,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_71D31510 : FILE MEMORY date = "2021-12-13" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Tsunami.yar#L500-L518" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Tsunami.yar#L500-L518" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "33dd6c0af99455a0ca3908c0117e16a513b39fabbf9c52ba24c7b09226ad8626" logic_hash = "18bfe9347faf1811686a61e0ee0de5cef842beb25fb06793947309135c41de89" score = 75 @@ -77227,8 +77364,8 @@ rule ELASTIC_Linux_Trojan_Tsunami_97288Af8 : FILE MEMORY date = "2021-12-13" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Tsunami.yar#L520-L538" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Tsunami.yar#L520-L538" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "c39eb055c5f71ebfd6881ff04e876f49495c0be5560687586fc47bf5faee0c84" logic_hash = "c5b521cc887236a189dca419476758cee0f1513a8ad81c94b1ff42e4fe232b8e" score = 75 @@ -77256,8 +77393,8 @@ rule ELASTIC_Linux_Exploit_CVE_2021_3490_D369D615 : FILE MEMORY CVE_2021_3490 date = "2021-11-12" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_CVE_2021_3490.yar#L1-L30" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_CVE_2021_3490.yar#L1-L30" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "e65ba616942fd1e893e10898d546fe54458debbc42e0d6826aff7a4bb4b2cf19" logic_hash = "6fa4b36366d2c255f5ccf0e22a06c7e17df74fddd06963787dbcd713b3e8aca6" score = 75 @@ -77296,8 +77433,8 @@ rule ELASTIC_Windows_Trojan_Qbot_D91C1384 : FILE MEMORY date = "2021-07-08" modified = "2021-08-23" reference = "https://www.elastic.co/security-labs/exploring-the-qbot-attack-pattern" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Qbot.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Qbot.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "18ac3870aaa9aaaf6f4a5c0118daa4b43ad93d71c38bf42cb600db3d786c6dda" logic_hash = "8fd8249a2af236c92ccbc20b2a8380f69ca75976bd64bad167828e9ab4c6ed90" score = 75 @@ -77325,8 +77462,8 @@ rule ELASTIC_Windows_Trojan_Qbot_7D5Dc64A : FILE MEMORY date = "2021-10-04" modified = "2022-01-13" reference = "https://www.elastic.co/security-labs/exploring-the-qbot-attack-pattern" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Qbot.yar#L22-L42" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Qbot.yar#L22-L42" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "a2bacde7210d88675564106406d9c2f3b738e2b1993737cb8bf621b78a9ebf56" logic_hash = "5c8858502050494ab20a230f04c2c1cb4bfcd80f4a248dad82787d7ce67c741d" score = 75 @@ -77355,8 +77492,8 @@ rule ELASTIC_Windows_Trojan_Qbot_6Fd34691 : FILE MEMORY date = "2022-03-07" modified = "2022-04-12" reference = "https://www.elastic.co/security-labs/exploring-the-qbot-attack-pattern" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Qbot.yar#L44-L64" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Qbot.yar#L44-L64" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "0838cd11d6f504203ea98f78cac8f066eb2096a2af16d27fb9903484e7e6a689" logic_hash = "9422d9f276f0c8c2990ece3282d918abc6fcce7eeb6809d46ae6b768a501a877" score = 75 @@ -77385,8 +77522,8 @@ rule ELASTIC_Windows_Trojan_Qbot_3074A8D4 : FILE MEMORY date = "2022-06-07" modified = "2022-07-18" reference = "https://www.elastic.co/security-labs/exploring-the-qbot-attack-pattern" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Qbot.yar#L66-L97" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Qbot.yar#L66-L97" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "c2ba065654f13612ae63bca7f972ea91c6fe97291caeaaa3a28a180fb1912b3a" logic_hash = "90c06bd09fe640bb5a6be8e4f2384fb15c7501674d57db005e790ed336740c99" score = 75 @@ -77426,8 +77563,8 @@ rule ELASTIC_Windows_Trojan_Qbot_1Ac22A26 : FILE MEMORY date = "2022-12-29" modified = "2023-02-01" reference = "https://www.elastic.co/security-labs/exploring-the-qbot-attack-pattern" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Qbot.yar#L99-L136" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Qbot.yar#L99-L136" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "c2ba065654f13612ae63bca7f972ea91c6fe97291caeaaa3a28a180fb1912b3a" logic_hash = "d9beaf4a8c28a0b3c38dda6bf22a96b8c96ef715bd36de880504a9f970338fe2" score = 75 @@ -77473,8 +77610,8 @@ rule ELASTIC_Linux_Exploit_CVE_2009_2698_12374E97 : FILE MEMORY CVE_2009_2698 date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_CVE_2009_2698.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_CVE_2009_2698.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "656fddc1bf4743a08a455628b6151076b81e604ff49c93d797fa49b1f7d09c2f" logic_hash = "ed86a239b909681f2ab3503cfedf202dbe5f53a6f554cf4db13f08bee625c0b7" score = 75 @@ -77502,8 +77639,8 @@ rule ELASTIC_Linux_Exploit_CVE_2009_2698_Cc04Dddd : FILE MEMORY CVE_2009_2698 date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_CVE_2009_2698.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_CVE_2009_2698.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "502b73ea04095e8a7ec4e8d7cc306242b45850ad28690156754beac8cd8d7b2d" logic_hash = "68daa56ca98cc8f713faa138432190d19c27f07b2182a1f82347a3bfc5821ebb" score = 75 @@ -77531,8 +77668,8 @@ rule ELASTIC_Windows_Hacktool_Cheatengine_Fedac96D : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Hacktool_CheatEngine.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Hacktool_CheatEngine.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "b20b339a7b61dc7dbc9a36c45492ba9654a8b8a7c8cbc202ed1dfed427cfd799" logic_hash = "426b6d388f86dd935d8165af0fb7c8491c987542755ec4c7c53a35a9003f8680" score = 75 @@ -77561,8 +77698,8 @@ rule ELASTIC_Windows_Vulndriver_Powertool_044A8645 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_VulnDriver_PowerTool.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_VulnDriver_PowerTool.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "1aaa9aef39cb3c0a854ecb4ca7d3b213458f302025e0ec5bfbdef973cca9111c" logic_hash = "b21c16cb72d003c505aa0ac4cc21b92513a100bad6870460090994c02cad875a" score = 75 @@ -77591,8 +77728,8 @@ rule ELASTIC_Windows_Trojan_Svcready_Af498D39 : FILE MEMORY date = "2022-06-12" modified = "2022-07-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_SVCReady.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_SVCReady.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "08e427c92010a8a282c894cf5a77a874e09c08e283a66f1905c131871cc4d273" logic_hash = "e3520103064cf82cd1747f8889667929d23466c9febfda7e4968a3679db97d71" score = 75 @@ -77624,8 +77761,8 @@ rule ELASTIC_Windows_Vulndriver_Tmcomm_333F3851 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_VulnDriver_TmComm.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_VulnDriver_TmComm.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "cc687fe3741bbde1dd142eac0ef59fd1d4457daee43cdde23bb162ef28d04e64" logic_hash = "a4464fb7edbacb6d9c8d6b385f9cc28685f0bed40876eecd5a7c87e0707e3025" score = 75 @@ -77655,8 +77792,8 @@ rule ELASTIC_Windows_Trojan_Powerseal_D63F5E54 : FILE MEMORY date = "2023-03-16" modified = "2023-05-26" reference = "https://www.elastic.co/security-labs/elastic-charms-spectralviper" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_PowerSeal.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_PowerSeal.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "523dcff68a51ea8fb022066b5f09394e8174d6c157222a08100de30669898057" score = 75 quality = 75 @@ -77686,8 +77823,8 @@ rule ELASTIC_Windows_Trojan_Powerseal_2E50F393 : FILE MEMORY date = "2023-05-10" modified = "2023-06-13" reference = "https://www.elastic.co/security-labs/elastic-charms-spectralviper" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_PowerSeal.yar#L24-L44" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_PowerSeal.yar#L24-L44" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "3ca1d4568fea7b2e4e9d30ba03662a2c28ee8623d887a0336e27989b5c98b55f" score = 75 quality = 75 @@ -77716,8 +77853,8 @@ rule ELASTIC_Multi_Attacksimulation_Blindspot_D93F54C5 : FILE MEMORY date = "2022-05-23" modified = "2022-08-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Multi_AttackSimulation_Blindspot.yar#L1-L18" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Multi_AttackSimulation_Blindspot.yar#L1-L18" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "41984a0ad20ab21186252bb2f3f68604d2cbeea0e1ce22895dd163f7acbf2ca1" score = 75 quality = 75 @@ -77744,8 +77881,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_D7Bd0E5D : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Generic.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Generic.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "afcfd67af99e437f553029ccf97b91ed0ca891f9bcc01c148c2b38c75482d671" logic_hash = "1f87721fdfe58d029c0696bc99385a0052c771bc48b2c9ce01b72c3e42359654" score = 75 @@ -77773,8 +77910,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_69E1A763 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Generic.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Generic.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "b04d9fabd1e8fc42d1fa8e90a3299a3c36e6f05d858dfbed9f5e90a84b68bcbb" logic_hash = "d0dac8e2c9571d9e622c8c1250a54a7671ad1b9b00dba584c3741b714c22d8e0" score = 75 @@ -77802,8 +77939,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_397A86Bd : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Generic.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Generic.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "79c47a80ecc6e0f5f87749319f6d5d6a3f0fbff7c34082d747155b9b20510cde" logic_hash = "6b46a82d1aea0357f5a48c9ae1d93e3d4d31bd98b9c9b4e0b0d0629e7f159499" score = 75 @@ -77831,8 +77968,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_37C3F8D3 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Generic.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Generic.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "efbddf1020d0845b7a524da357893730981b9ee65a90e54976d7289d46d0ffd4" logic_hash = "e7bdd185ea4227b0960c3e677e7d8ac7488d53eaa77efd631be828b2ca079bb8" score = 75 @@ -77860,8 +77997,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_28A80546 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Generic.yar#L81-L99" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Generic.yar#L81-L99" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "96cc225cf20240592e1dcc8a13a69f2f97637ed8bc89e30a78b8b2423991d850" logic_hash = "120e9f7cad0fc8aebd843374c0edca8cbb701882ab55a7f24aced1d80d8cd697" score = 75 @@ -77889,8 +78026,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_9D531F70 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Generic.yar#L101-L119" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Generic.yar#L101-L119" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "36f2ce4e34faf42741f0a15f62e8b3477d69193bf289818e22d0e3ee3e906eb0" logic_hash = "87d3cb7049975d52f2a6d6aa10e6b6d0d008d166ca5f9889ad1413a573d8b58e" score = 75 @@ -77918,8 +78055,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_23A5C29A : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Generic.yar#L121-L139" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Generic.yar#L121-L139" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "1320d7a2b5e3b65fe974a95374b4ea7ed1a5aa27d76cd3d9517d3a271121103f" logic_hash = "c2608e7ee73102e0737a859a18c5482877c6dc0e597d8a14d8d41f5e01a0b1f4" score = 75 @@ -77947,8 +78084,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_Ea5703Ce : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Generic.yar#L141-L159" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Generic.yar#L141-L159" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "bec6eea63025e2afa5940d27ead403bfda3a7b95caac979079cabef88af5ee0b" logic_hash = "bbf0191ecff24fd24376fd3dec2e96644188ca4d26b4ca4f087e212bae2eab85" score = 75 @@ -77976,8 +78113,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_6A4F4255 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Generic.yar#L161-L179" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Generic.yar#L161-L179" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "8cfc38db2b860efcce5da40ce1e3992f467ab0b7491639d68d530b79529cda80" logic_hash = "133290dc7423174bb3b41b152bab038d118b47baaca52705b66fd9be01692a03" score = 75 @@ -78005,8 +78142,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_9088D00B : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Generic.yar#L181-L199" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Generic.yar#L181-L199" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "8abb2b058ec475b0b6fd0c994685db72e98d87ee3eec58e29cf5c324672df04a" logic_hash = "3ebc8cb6d647138e72194528dafc644c90222440855d657ec50109f11ff936da" score = 75 @@ -78034,8 +78171,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_71024C4A : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Generic.yar#L201-L219" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Generic.yar#L201-L219" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "afe81c84dcb693326ee207ccd8aeed6ed62603ad3c8d361e8d75035f6ce7c80f" logic_hash = "0c66a3388fe8546ae180e52d50ef05a28755d24e47b3b56f390d5c6fcb0b89eb" score = 75 @@ -78063,8 +78200,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_D81368A3 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Generic.yar#L221-L239" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Generic.yar#L221-L239" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "71225e4702f2e0a0ecf79f7ec6c6a1efc95caf665fda93a646519f6f5744990b" logic_hash = "0e30c9ebd8f2d3a489180f114daf91a3655ce9075ae25ea3d6ef5be472d7721a" score = 75 @@ -78092,8 +78229,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_97E9Cebe : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Generic.yar#L241-L259" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Generic.yar#L241-L259" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "b4ff62d92bd4d423379f26b37530776b3f4d927cc8a22bd9504ef6f457de4b7a" logic_hash = "8aad31db2646fb9971b9af886e30f6c5a62a9c7de86cb9dc9e1341ac3b7762eb" score = 75 @@ -78121,8 +78258,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_98Ff0F36 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Generic.yar#L261-L279" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Generic.yar#L261-L279" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "4c14aaf05149bb38bbff041432bf9574dd38e851038638aeb121b464a1e60dcc" logic_hash = "60f17855b08cfc51e497003cbb5ed25d9168fb29c57d8bfd7105b9b5e714e3a1" score = 75 @@ -78150,8 +78287,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_1512Cf40 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Generic.yar#L281-L299" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Generic.yar#L281-L299" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "fc063a0e763894e86cdfcd2b1c73d588ae6ecb411c97df2a7a802cd85ee3f46d" logic_hash = "0d43e6a4bd5036c2b6adb61f2d7b11e625c20e9a3d29242c7c34cfc7708561be" score = 75 @@ -78179,8 +78316,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_0D6005A1 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Generic.yar#L301-L319" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Generic.yar#L301-L319" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "230d46b39b036552e8ca6525a0d2f7faadbf4246cdb5e0ac9a8569584ef295d4" logic_hash = "c3fd32e7582f0900b94fe3ba6b6bcdf238f78e2e343d70d5b0196a968a41cf26" score = 75 @@ -78208,8 +78345,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_E1Ff020A : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Generic.yar#L321-L339" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Generic.yar#L321-L339" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "5b611898f1605751a3d518173b5b3d4864b4bb4d1f8d9064cc90ad836dd61812" logic_hash = "be801989b9770f3b70217bd5f13795b5dd0b516209f631d900b6647e0afe8d98" score = 75 @@ -78237,8 +78374,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_102D6F7C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Generic.yar#L341-L359" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Generic.yar#L341-L359" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "bd40c2fbf775e3c8cb4de4a1c7c02bc4bcfa5b459855b2e5f1a8ab40f2fb1f9e" logic_hash = "52966eaaef5522e711dc89bd796b1e12019a8485ee789e8d5112d86f7e630170" score = 75 @@ -78266,8 +78403,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_9C8F3B1A : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Generic.yar#L361-L379" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Generic.yar#L361-L379" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "74d8344139c5deea854d8f82970e06fc6a51a6bf845e763de603bde7b8aa80ac" logic_hash = "f7ab9990b417c1c81903dcb7adaae910d20ea7fce6689d4846dd6002bea3e721" score = 75 @@ -78295,8 +78432,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_76Cb94A9 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Generic.yar#L381-L399" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Generic.yar#L381-L399" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "1320d7a2b5e3b65fe974a95374b4ea7ed1a5aa27d76cd3d9517d3a271121103f" logic_hash = "758ee41048c94576e7a872bfdacc6b6f2be3d460169905c876585037e11fdaa8" score = 75 @@ -78324,8 +78461,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_616Afaa1 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Generic.yar#L401-L419" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Generic.yar#L401-L419" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "0901672d2688660baa26fdaac05082c9e199c06337871d2ae40f369f5d575f71" logic_hash = "53a309a6a274558e4ae8cfa8f3e258f23dc9ceafab3be46351c00d24f5d790ec" score = 75 @@ -78353,8 +78490,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_18Af74B2 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Generic.yar#L421-L439" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Generic.yar#L421-L439" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "52707aa413c488693da32bf2705d4ac702af34faee3f605b207db55cdcc66318" logic_hash = "d8ec9bd01fcabdd4a80e07287ecc85026007672bbc3cd2d4cbb2aef98da88ed5" score = 75 @@ -78382,8 +78519,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_1B76C066 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Generic.yar#L441-L459" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Generic.yar#L441-L459" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "f60302de1a0e756e3af9da2547a28da5f57864191f448e341af1911d64e5bc8b" logic_hash = "be239bc14d1adf05a5c6bf2b2557551566330644a049b256a7a5c0ab9549bd06" score = 75 @@ -78411,8 +78548,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_B6Ea5Ee1 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Generic.yar#L461-L479" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Generic.yar#L461-L479" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "19b442c9aa229cd724ed9cbaa73f9dfaf0ed61aa3fd1bee7bf8ba964fc23a2b8" logic_hash = "529119e07aa0243afddc3141dc441c314c3f75bdf3aee473b8bb7749c95fa78a" score = 75 @@ -78440,8 +78577,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_050Ac14C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Generic.yar#L481-L499" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Generic.yar#L481-L499" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "36f2ce4e34faf42741f0a15f62e8b3477d69193bf289818e22d0e3ee3e906eb0" logic_hash = "c34b0ff3ce867a76ef57fad7642de7916fa7baebf1a2a8d514f7b74be7231fd4" score = 75 @@ -78469,8 +78606,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_Df937Caa : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Generic.yar#L501-L519" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Generic.yar#L501-L519" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "19b442c9aa229cd724ed9cbaa73f9dfaf0ed61aa3fd1bee7bf8ba964fc23a2b8" logic_hash = "d76a6008576687088f28674fb752e1a79ad2046e0208a65c21d0fcd284812ad8" score = 75 @@ -78498,8 +78635,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_E9Ff82A8 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Generic.yar#L521-L539" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Generic.yar#L521-L539" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "62ea137e42ce32680066693f02f57a0fb03483f78c365dffcebc1f992bb49c7a" logic_hash = "9309aaad6643fa212bb04ce8dc7d24978839fe475f17d36e3b692320563b6fad" score = 75 @@ -78527,8 +78664,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_A5267Ea3 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Generic.yar#L541-L559" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Generic.yar#L541-L559" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "b342ceeef58b3eeb7a312038622bcce4d76fc112b9925379566b24f45390be7d" logic_hash = "081633b5aa0490dbffcc0b8ab9850b59dbbd67d947c0fe68d28338a352e94676" score = 75 @@ -78556,8 +78693,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_4E9075E6 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Generic.yar#L561-L579" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Generic.yar#L561-L579" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "098bf2f1ce9d7f125e1c9618f349ae798a987316e95345c037a744964277f0fe" logic_hash = "fe117f65666b9eac19fa588ee631f9be7551a3a9e3695b7ecbb77806658678aa" score = 75 @@ -78585,8 +78722,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_3A8D0974 : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "193fe9ea690759f8e155458ef8f8e9efe9efc8c22ec8073bbb760e4f96b5aef7" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Generic.yar#L581-L599" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Generic.yar#L581-L599" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "7039d461d8339d635a543fae2c6dbea284ce1b727d6585b69d8d621c603f37ac" score = 75 quality = 75 @@ -78613,8 +78750,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_B9E6Ffdf : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Generic.yar#L601-L619" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Generic.yar#L601-L619" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "c0f3200a93f1be4589eec562c4f688e379e687d09c03d1d8850cc4b5f90f192a" logic_hash = "57d5b3eb5812a849d04695bdb1fb728a5ebd3bf5201ac3e7f36d37af0622eec2" score = 75 @@ -78642,8 +78779,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_7Ef74003 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Generic.yar#L621-L639" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Generic.yar#L621-L639" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "a172cfecdec8ebd365603ae094a16e247846fdbb47ba7fd79564091b7e8942a0" logic_hash = "1bde07dbb88357fcc02171512725be94d9fc0427c03afb2d59fbd0658c5d8e2e" score = 75 @@ -78671,8 +78808,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_1D0700B8 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Generic.yar#L641-L659" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Generic.yar#L641-L659" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "de59bee1793b88e7b48b6278a52e579770f5204e92042142cc3a9b2d683798dd" logic_hash = "a24264cb071d269c82718aed5bc5c6c955e1cb2c7a63fe74d4033bfa6adf8385" score = 75 @@ -78700,8 +78837,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_55Beb2Ee : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Generic.yar#L661-L679" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Generic.yar#L661-L679" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "edda1c6b3395e7f14dd201095c1e9303968d02c127ff9bf6c76af6b3d02e80ad" logic_hash = "8a31b4866100b35d559d50f5db6f80d51bced93f9aac3f0d2d1de71ba692a3c5" score = 75 @@ -78729,8 +78866,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_Fdd7340F : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Generic.yar#L681-L699" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Generic.yar#L681-L699" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "de59bee1793b88e7b48b6278a52e579770f5204e92042142cc3a9b2d683798dd" logic_hash = "fd39ba5cf050d23de0889feefa9cd74dfb6385a09aa9dba90dc1d5d6cb020867" score = 75 @@ -78758,8 +78895,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_2627921E : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Generic.yar#L701-L719" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Generic.yar#L701-L719" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "350a8ceabd8495e66cc58885f1ab38f602c66c162c05e4b6ae0e2a7977ec2cdf" logic_hash = "edb2864719d62ab212bde1adf02dd17c8edc8ce4ae273b959e58a3eaf751fd7c" score = 75 @@ -78787,8 +78924,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_E36A35B0 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Generic.yar#L721-L739" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Generic.yar#L721-L739" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "ab6d8f09df67a86fed4faabe4127cc65570dbb9ec56a1bdc484e72b72476f5a4" logic_hash = "0572f584746a2af6f545798b25445fd4e764a9eecc01b7476e5c1af631eb314a" score = 75 @@ -78816,8 +78953,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_6Dad0380 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Generic.yar#L741-L759" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Generic.yar#L741-L759" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "628b1cc8ccdbe2ae0d4ef621da047e07e2532d00fe3d4da65f0a0bcab20fb546" logic_hash = "b305448d5517212adb7586e7af12842095e1a263520511329e40f0865fe4f81b" score = 75 @@ -78845,8 +78982,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_E73F501E : FILE MEMORY date = "2021-12-13" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Generic.yar#L761-L779" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Generic.yar#L761-L779" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "2f646ced4d05ba1807f8e08a46ae92ae3eea7199e4a58daf27f9bd0f63108266" logic_hash = "2f6187f3447f9409485e9e8aa047114aa3c38bcc338106c3ed8680152dff121a" score = 75 @@ -78874,8 +79011,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_5E56D076 : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Generic.yar#L781-L799" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Generic.yar#L781-L799" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "32e1cb0369803f817a0c61f25ca410774b4f37882cab966133b4f3e9c74fac09" logic_hash = "c8e2ebcffe8a169c2cc311c95538b674937fa87e06d2946a6ed3b0c1f039f7fc" score = 75 @@ -78903,8 +79040,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_54357231 : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Generic.yar#L801-L819" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Generic.yar#L801-L819" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "388b927b850b388e0a46a6c9a22b733d469e0f93dc053ebd78996e903b25e38a" logic_hash = "a895c9fd124d6bd55748093c3ef54606e5692285260aa21bd70dca02126239d2" score = 75 @@ -78932,8 +79069,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_467C4D46 : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Generic.yar#L821-L839" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Generic.yar#L821-L839" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "388b927b850b388e0a46a6c9a22b733d469e0f93dc053ebd78996e903b25e38a" logic_hash = "b28f871365c1fa6315b1c2fc6698bdd224961972cd578db05c311406c239ac22" score = 75 @@ -78961,8 +79098,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_E0Cca9Dc : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Generic.yar#L841-L859" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Generic.yar#L841-L859" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "59a1d8aa677739f2edbb8bd34f566b31f19d729b0a115fef2eac8ab1d1acc383" logic_hash = "fa4089f74fc78e99427b4e8eda9f8348e042dc876c7281a4a2173c83076bfbd2" score = 75 @@ -78990,8 +79127,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_36E404E2 : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Generic.yar#L861-L879" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Generic.yar#L861-L879" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "59a1d8aa677739f2edbb8bd34f566b31f19d729b0a115fef2eac8ab1d1acc383" logic_hash = "d38cc5714721c0b00cfa47cb9828fd76ff57ec8180e5cfe1fec67a092dd87904" score = 75 @@ -79019,8 +79156,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_947Dcc5E : FILE MEMORY date = "2024-04-19" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Generic.yar#L881-L899" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Generic.yar#L881-L899" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "7c5a6ac425abe60e8ea5df5dfa8211a7c34a307048b4e677336b735237dcd8fd" logic_hash = "c4aac006561386fbfe0fa0fe3df6b6798d2915a3dbfb5384583ebf9b2f413115" score = 75 @@ -79048,8 +79185,8 @@ rule ELASTIC_Linux_Cryptominer_Generic_B4C2D007 : FILE MEMORY date = "2024-04-19" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Generic.yar#L901-L919" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Generic.yar#L901-L919" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "e1e518ba226d30869e404b92bfa810bae27c8b1476766934961e80c44e39c738" logic_hash = "cb52d9233028918210b8bd3959a6649d75b5c6873befff0cf62d9e71dfecc302" score = 75 @@ -79077,8 +79214,8 @@ rule ELASTIC_Windows_Shellcode_Rdi_Edc62A10 : FILE MEMORY date = "2023-06-23" modified = "2023-07-10" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Shellcode_Rdi.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Shellcode_Rdi.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "64485ffc283e981c8b77db5a675c7ba2a04d3effaced522531185aa46eb6a36b" logic_hash = "986cb6c28d2d9767a2fd084fdd71edb7a1c36e78ddedf3c562076cf6f5b5afd1" score = 75 @@ -79106,8 +79243,8 @@ rule ELASTIC_Windows_Shellcode_Rdi_Eee75D2C : FILE MEMORY date = "2023-08-25" modified = "2023-11-02" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Shellcode_Rdi.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Shellcode_Rdi.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "8c4de69e89dcc659d2fff52d695764f1efd7e64e0a80983ce6d0cb9eeddb806c" logic_hash = "18cd9be4af210686872610f832ac0ad58a48588a1226fc6093348ceb8371c6b4" score = 75 @@ -79135,8 +79272,8 @@ rule ELASTIC_Windows_Trojan_Cryptbot_489A6562 : FILE MEMORY date = "2021-08-18" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Cryptbot.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Cryptbot.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "423563995910af04cb2c4136bf50607fc26977dfa043a84433e8bd64b3315110" logic_hash = "7fee3cc67419e66de790ba2ad8c3102425b3a45bdfe31801758dd38021a8439b" score = 75 @@ -79168,8 +79305,8 @@ rule ELASTIC_Linux_Trojan_Mobidash_52A15A93 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mobidash.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mobidash.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "6694640e7df5308a969ef40f86393a65febe51639069cb7eaa5650f62c1f4083" logic_hash = "ceaf5b06108baa6043e31010d777099ed6ac9b4054e86d41309bd7c2b0ffda11" score = 75 @@ -79197,8 +79334,8 @@ rule ELASTIC_Linux_Trojan_Mobidash_D0Ad9C82 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mobidash.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mobidash.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "6694640e7df5308a969ef40f86393a65febe51639069cb7eaa5650f62c1f4083" logic_hash = "8351cb61f5b712c65962e734a7c29271fa4805720e14b6badc9bc1c0364778f8" score = 75 @@ -79226,8 +79363,8 @@ rule ELASTIC_Linux_Trojan_Mobidash_E2C89606 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mobidash.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mobidash.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "6694640e7df5308a969ef40f86393a65febe51639069cb7eaa5650f62c1f4083" logic_hash = "64cb8d8ec04a53f663b216208279afba3c10f148fe99822f9a45100a4f73ed28" score = 75 @@ -79255,8 +79392,8 @@ rule ELASTIC_Linux_Trojan_Mobidash_82B4E3F3 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mobidash.yar#L61-L78" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mobidash.yar#L61-L78" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "8c91f85bc807605a3233d28a5eb8b6e1cf847fb288cbc4427e86226eed7a2055" score = 75 quality = 75 @@ -79283,8 +79420,8 @@ rule ELASTIC_Linux_Trojan_Mobidash_601352Dc : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mobidash.yar#L80-L98" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mobidash.yar#L80-L98" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "5714e130075f4780e025fb3810f58a63e618659ac34d12abe211a1b6f2f80269" logic_hash = "adeeea73b711fc867b88775c06a14011380118ed85691660ba771381e51160e3" score = 75 @@ -79312,8 +79449,8 @@ rule ELASTIC_Linux_Trojan_Mobidash_Ddca1181 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mobidash.yar#L100-L117" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mobidash.yar#L100-L117" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "076d4ac69f6bc29975b22e19d429c25ef357443ec8fcaf5165e0a8069112af74" score = 75 quality = 75 @@ -79340,8 +79477,8 @@ rule ELASTIC_Linux_Trojan_Mobidash_65E666C0 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mobidash.yar#L119-L137" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mobidash.yar#L119-L137" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "19f9b5382d3e8e604be321aefd47cb72c2337a170403613b853307c266d065dd" logic_hash = "2d2bec8f89986b19bf1c806b6654405ac6523f49aeafd759b7631d9587d780c8" score = 75 @@ -79369,8 +79506,8 @@ rule ELASTIC_Linux_Trojan_Mobidash_494D5B0F : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mobidash.yar#L139-L157" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mobidash.yar#L139-L157" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "7e08df5279f4d22f1f27553946b0dadd60bb8242d522a8dceb45ab7636433c2f" logic_hash = "6ddb94f9f44fe749a442592d491343a99bd870ea2d79596631d857516425e72b" score = 75 @@ -79398,8 +79535,8 @@ rule ELASTIC_Linux_Trojan_Mobidash_Bb4F7F39 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mobidash.yar#L159-L177" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mobidash.yar#L159-L177" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "6694640e7df5308a969ef40f86393a65febe51639069cb7eaa5650f62c1f4083" logic_hash = "33e8fcbb29cc38b4a8365845eb3a1488e13be964f7383b28a158a98fb259acb4" score = 75 @@ -79427,8 +79564,8 @@ rule ELASTIC_Linux_Trojan_Mobidash_8679E1Cb : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mobidash.yar#L179-L196" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mobidash.yar#L179-L196" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "6055ac4800397f6582e60cdf15fa74584986e1e7cf49a541b0ec746445834819" score = 75 quality = 75 @@ -79455,8 +79592,8 @@ rule ELASTIC_Linux_Trojan_Mobidash_29B86E6A : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mobidash.yar#L198-L215" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mobidash.yar#L198-L215" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "dd5f44249cc4c91f39a0e7d0b236ebeed8f78d5fcb03c7ebc80ef1c738b18336" score = 75 quality = 75 @@ -79483,8 +79620,8 @@ rule ELASTIC_Linux_Trojan_Mobidash_E3086563 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mobidash.yar#L217-L235" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mobidash.yar#L217-L235" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "6694640e7df5308a969ef40f86393a65febe51639069cb7eaa5650f62c1f4083" logic_hash = "5545f7ce8fa45dc56bc4bb5140ce1db527997dfaa1dd2bbb1e4a12af45300065" score = 75 @@ -79512,8 +79649,8 @@ rule ELASTIC_Linux_Trojan_Mobidash_2F114992 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mobidash.yar#L237-L255" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mobidash.yar#L237-L255" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "6694640e7df5308a969ef40f86393a65febe51639069cb7eaa5650f62c1f4083" logic_hash = "f93fe72e08c8ec135cccc8cdab2ecedbb694e9ad39f2572d060864bb3290e25c" score = 75 @@ -79541,8 +79678,8 @@ rule ELASTIC_Linux_Trojan_Mumblehard_523450Aa : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mumblehard.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mumblehard.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "a637ea8f070e1edf2c9c81450e83934c177696171b24b4dff32dfb23cefa56d3" logic_hash = "60b4cc388975ce030e03c5c3a48adcfeec25299105206909163f20100fbf45d8" score = 75 @@ -79570,8 +79707,8 @@ rule ELASTIC_Windows_Hacktool_Netfilter_E8243Dae : FILE date = "2022-04-04" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Hacktool_NetFilter.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Hacktool_NetFilter.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "760be95d4c04b10df89a78414facf91c0961020e80561eee6e2cb94b43b76510" logic_hash = "c551bd87e73f980d8836b13449490de5e639d768b72d9006d90969f3140b28e2" score = 75 @@ -79599,8 +79736,8 @@ rule ELASTIC_Windows_Hacktool_Netfilter_Dd576D28 : FILE date = "2022-04-04" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Hacktool_NetFilter.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Hacktool_NetFilter.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "88cfe6d7c81d0064045c4198d6ec7d3c50dc3ec8e36e053456ed1b50fc8c23bf" logic_hash = "7635ed94ca77c7705df4d2a9c5546ece86bf831b5bf5355943419174e0387b86" score = 75 @@ -79628,8 +79765,8 @@ rule ELASTIC_Windows_Hacktool_Netfilter_B4F2A520 : FILE date = "2022-04-04" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Hacktool_NetFilter.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Hacktool_NetFilter.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "5d0d5373c5e52c4405f4bd963413e6ef3490b7c4c919ec2d4e3fb92e91f397a0" logic_hash = "520d2194593f1622a3b905fe182a0773447a4eee3472e7701cce977f5bf4fbae" score = 75 @@ -79657,8 +79794,8 @@ rule ELASTIC_Windows_Hacktool_Netfilter_1Cae6E26 : FILE date = "2022-04-04" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Hacktool_NetFilter.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Hacktool_NetFilter.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "e2ec3b2a93c473d88bfdf2deb1969d15ab61737acc1ee8e08234bc5513ee87ea" logic_hash = "29c0edc03934e6e7275c3870a8808e03ec85dacb1f54e10efca3123d2257db98" score = 75 @@ -79686,8 +79823,8 @@ rule ELASTIC_Windows_Hacktool_Sharplaps_381C3F40 : FILE MEMORY date = "2022-12-22" modified = "2022-12-22" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Hacktool_SharpLAPS.yar#L1-L26" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Hacktool_SharpLAPS.yar#L1-L26" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "ef0d508b3051fe6f99ba55202a17237f29fdbc0085e3f5c99b1aef52c8ebe425" logic_hash = "d94f9e4200a63283346919c121873130ad90e4ad5979c017cb71dc0cc910a64a" score = 75 @@ -79722,8 +79859,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_364F3B7B : FILE MEMORY CVE_2016_5195 date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "0d4c43bf0cdd6486a4bcab988517e58b8c15d276f41600e596ecc28b0b728e69" logic_hash = "5950195453232e4752b58c9e466c4df1b5ca2b22d5325730de69cd4178438aa7" score = 75 @@ -79751,8 +79888,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_3A2Ed31B : FILE MEMORY CVE_2016_5195 date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "ebbf3bc39ec661e2029d88960a5608e348de92089099019348bc0e891841690f" logic_hash = "30cd10e38cbda719d9c344efd813e9a19e738a5251e3622957c8349e94366a29" score = 75 @@ -79780,8 +79917,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_7448814C : FILE MEMORY CVE_2016_5195 date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "e95d0783b635e34743109d090af17aef2e507e8c90060d171e71d9ac79e083ba" logic_hash = "0024b2cc22bf6c2dfc3b73ba91080cea8d502659db38d94b19338382e2fc0c84" score = 75 @@ -79809,8 +79946,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_2Fa988E3 : FILE MEMORY CVE_2016_5195 date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "679392e78d4abefc05b885e43aaccc2da235bd7f2a267c6ecfbe2cf824776993" logic_hash = "55c3992ca62ebaf8d45aff818d3261838d239f2004125689ea81edca2cfa59c2" score = 75 @@ -79838,8 +79975,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_Ea8801Ac : FILE MEMORY CVE_2016_5195 date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L81-L99" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L81-L99" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "7acccfd8c2e5555a3e3bf979ad2314c12a939c1ef32b66e61e30a712f07164fd" logic_hash = "00a7f71a0559f937ace15465059147839598897467db6176040882d86111bcd2" score = 75 @@ -79867,8 +80004,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_B2Ebdebd : FILE MEMORY CVE_2016_5195 date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L101-L119" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L101-L119" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "dee49d4b7f406fd1728dad4dc217484ced2586e014e2cd265ea64eff70a2633d" logic_hash = "a9d6ffa65b503f9aa13a0054fa92e346c86585418b6b72131efc00340f8ec224" score = 75 @@ -79896,8 +80033,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_9190D516 : FILE MEMORY CVE_2016_5195 date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L121-L139" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L121-L139" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "837ffed1f23293dc9c7cb994601488fc121751a249ffde51326947c33c5fca7f" logic_hash = "370248d2b6bb625d65f160b62f1b4a7d2809f3fedfb98a009b19dab61f0ba57e" score = 75 @@ -79925,8 +80062,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_3B460716 : FILE MEMORY CVE_2016_5195 date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L141-L159" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L141-L159" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "8c4d49d4881ebdab1bd0e083d4e644cfc8eb7af3b96664598526ab3d175fc420" logic_hash = "759e08c9e3405d841aa467c3343cfac01fed9e9d86aca90139d0eae8855942e5" score = 75 @@ -79954,8 +80091,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_Ccfd7518 : FILE MEMORY CVE_2016_5195 date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L161-L179" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L161-L179" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "b1017db71cf195aa565c57fed91ff1cdfcce344dc76526256d5817018f1351bf" logic_hash = "02720152af167f1a7e5707f97aa920c6d955458df58d8ef0d9eba868da6a16af" score = 75 @@ -79983,8 +80120,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_D41C2C63 : FILE MEMORY CVE_2016_5195 date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L181-L199" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L181-L199" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "a4e5751b4e8fa2e9b70e1e234f435a03290c414f9547dc7709ce2ee4263a35f1" logic_hash = "c9460cfc2b6d686145be9afd3ed670619f04c7155b03caa193222cba8405160d" score = 75 @@ -80012,8 +80149,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_Ffa7F059 : FILE MEMORY CVE_2016_5195 date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L201-L219" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L201-L219" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "a073c6be047ea7b4500b1ffdc8bdadd9a06f9efccd38c88e0fc976b97b2b2df5" logic_hash = "b558066b80232ceb32c625f49a0ddeccd4b3bc52e664e5a72f2aa7361bcec352" score = 75 @@ -80041,8 +80178,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_Fb24C7E4 : FILE MEMORY CVE_2016_5195 date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L221-L239" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L221-L239" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "a073c6be047ea7b4500b1ffdc8bdadd9a06f9efccd38c88e0fc976b97b2b2df5" logic_hash = "17a2a628f2d1fa088a1e0c5b2ad3f08e24b8504033b328c944b9ae83a5d12fcc" score = 75 @@ -80070,8 +80207,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_B45098Df : FILE MEMORY CVE_2016_5195 date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L241-L259" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L241-L259" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "e053aca86570b3781b3e08daab51382712270d2a375257c8b5789d3d87149314" logic_hash = "4622551b73a12c5399df1f4e052ce32b4cee04486a870bc92942c8597dcad1f7" score = 75 @@ -80099,8 +80236,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_9C67A994 : FILE MEMORY CVE_2016_5195 date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L261-L279" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L261-L279" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "70429d67402a43ed801e295b1ae1757e4fccd5d786c09ee054591ae51dfc1b25" logic_hash = "742ce59fadefe242ca97d8ce603976fa8b5e1ba55ede38434c04dcd6f4891712" score = 75 @@ -80128,8 +80265,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_Ab87C1Ed : FILE MEMORY CVE_2016_5195 date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L281-L299" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L281-L299" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "c13c32d3a14cbc9c2580b1c76625cce8d48c5ae683230149a3f41640655e7f28" logic_hash = "737f5ff982d2b656918ad3258ca20bce2ec416f2af743335b9a87a86f78be810" score = 75 @@ -80157,8 +80294,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_5195_F1C0482A : FILE MEMORY CVE_2016_5195 date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L301-L319" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_CVE_2016_5195.yar#L301-L319" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "a12a1e8253ee1244b018fd3bdcb6b7729dfe16e06aed470f6b08344a110a4061" logic_hash = "084ba60d8464ef5bf3a3aa942bb88caf447c6cee3ebf023157bd261226057663" score = 75 @@ -80186,8 +80323,8 @@ rule ELASTIC_Windows_Trojan_Beam_E41B243A : FILE MEMORY date = "2021-12-07" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Beam.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Beam.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "233a1f1dcbb679d31dab7744358b434cccabfc752baf53ba991388ced098f7c8" logic_hash = "295837743ecfa51e1713d19cba24ff8885c8716201caac058ae8b2bc9e008e6c" score = 75 @@ -80218,8 +80355,8 @@ rule ELASTIC_Windows_Trojan_Beam_5A951D13 : FILE MEMORY date = "2021-12-07" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Beam.yar#L24-L42" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Beam.yar#L24-L42" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "233a1f1dcbb679d31dab7744358b434cccabfc752baf53ba991388ced098f7c8" logic_hash = "3419b649717b69f07334bd966f438dd0b77f03572fe14f4b88ce95a2a86cae07" score = 75 @@ -80247,8 +80384,8 @@ rule ELASTIC_Windows_Trojan_Onlylogger_B9E88336 : FILE MEMORY date = "2022-03-22" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_OnlyLogger.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_OnlyLogger.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "69876ee4d89ba68ee86f1a4eaf0a7cb51a012752e14c952a177cd5ffd8190986" logic_hash = "b8d1c4c1e33fc0b54a62f82b8f53c9a1b051ad8c2f578d2a43f504158d1d9247" score = 75 @@ -80279,8 +80416,8 @@ rule ELASTIC_Windows_Trojan_Onlylogger_Ec14D5F2 : FILE MEMORY date = "2022-03-22" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_OnlyLogger.yar#L24-L46" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_OnlyLogger.yar#L24-L46" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "f45adcc2aad5c0fd900df4521f404bc9ca71b01e3378a5490f5ae2f0c711912e" logic_hash = "2838851a5e013705b64625801d2ab1d56cfc17c52f75a5fd71448cb0a4b4b683" score = 75 @@ -80312,8 +80449,8 @@ rule ELASTIC_Linux_Trojan_Mirai_268Aac0B : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "49c94d184d7e387c3efe34ae6f021e011c3046ae631c9733ab0a230d5fe28ead" logic_hash = "6eae3aba35d3379fa194b66a1b4e0d78d0d0b88386cd4ea5dfeb3c072642c7ba" score = 75 @@ -80341,8 +80478,8 @@ rule ELASTIC_Linux_Trojan_Mirai_D5F2Abe2 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "c490586fbf90d360cf3b2f9e2dc943809441df3dfd64dadad27fc9f5ee96ec74" logic_hash = "169e7e5d1a7ea8c219464e22df9be8bc8caa2e78e1bc725674c8e0b14f6b9fc5" score = 75 @@ -80370,8 +80507,8 @@ rule ELASTIC_Linux_Trojan_Mirai_1Cb033F3 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L41-L58" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L41-L58" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "ebaf45ce58124aa91b07ebb48779e6da73baa0b80b13e663c13d8fb2bb47ad0d" score = 75 quality = 75 @@ -80398,8 +80535,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Fa3Ad9D0 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L60-L78" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L60-L78" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6" logic_hash = "5890c85872ea4508e673235b20b481972f613f6e5f9564c0237c458995532347" score = 75 @@ -80427,8 +80564,8 @@ rule ELASTIC_Linux_Trojan_Mirai_0Cb1699C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L80-L98" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L80-L98" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "fc8741f67f39e7409ab2c6c62d4f9acdd168d3e53cf6976dd87501833771cacb" logic_hash = "97307f583240290de2bfc663b99f8dcdedace92885bd3e0c0340709b94c0bc2a" score = 75 @@ -80456,8 +80593,8 @@ rule ELASTIC_Linux_Trojan_Mirai_6F021787 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L100-L118" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L100-L118" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "88183d71359c16d91a3252085ad5a270ad3e196fe431e3019b0810ecfd85ae10" logic_hash = "7e8062682a0babbaa3c00975807ba9fc34c465afde55e4144944e7598f0ea1fd" score = 75 @@ -80485,8 +80622,8 @@ rule ELASTIC_Linux_Trojan_Mirai_1E0C5Ce0 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L120-L138" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L120-L138" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "5b1f95840caebf9721bf318126be27085ec08cf7881ec64a884211a934351c2d" logic_hash = "591cc3ef6932bf990f56c932866b34778e8eccd0e343f9bd6126eb8205a12ecc" score = 75 @@ -80514,8 +80651,8 @@ rule ELASTIC_Linux_Trojan_Mirai_22965A6D : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L140-L158" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L140-L158" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "09c821aa8977f67878f8769f717c792d69436a951bb5ac06ce5052f46da80a48" logic_hash = "6b2a46694edf709d28267268252cfe95d88049b7dca854059cfe44479ada7423" score = 75 @@ -80543,8 +80680,8 @@ rule ELASTIC_Linux_Trojan_Mirai_4032Ade1 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L160-L178" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L160-L178" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "6150fbbefb916583a0e888dee8ed3df8ec197ba7c04f89fb24f31de50226e688" logic_hash = "9c5e24c4efd4035408897f638d3579c3798139fd18178cee4a944b49c13e1532" score = 75 @@ -80572,8 +80709,8 @@ rule ELASTIC_Linux_Trojan_Mirai_B14F4C5D : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L180-L197" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L180-L197" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "1a2114a7b397c850d732940a0e154bc04fbee1fdc12d343947b343b9b27a8af1" score = 75 quality = 75 @@ -80600,8 +80737,8 @@ rule ELASTIC_Linux_Trojan_Mirai_C8385B81 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L199-L217" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L199-L217" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "3d27736caccdd3199a14ce29d91b1812d1d597a4fa8472698e6df6ef716f5ce9" logic_hash = "4ff1f0912fb92e7ac5af49e1738dac897ff1f0a118d8ff905da45b0a91b3f4a7" score = 75 @@ -80629,8 +80766,8 @@ rule ELASTIC_Linux_Trojan_Mirai_122Ff2E6 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L219-L237" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L219-L237" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "c7dd999a033fa3edc1936785b87cd69ce2f5cac5a084ddfaf527a1094e718bc4" logic_hash = "62884309b9095cdd6219c9ef6cd77a0f712640d8a1db4afe5b1d01f4bbe5acc2" score = 75 @@ -80658,8 +80795,8 @@ rule ELASTIC_Linux_Trojan_Mirai_26Cba88C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L239-L257" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L239-L257" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "4b4758bff3dcaa5640e340d27abba5c2e2b02c3c4a582374e183986375e49be8" logic_hash = "bb5a0f9e68655556ab9fccc27d11bf7828c299720bb67948455579d6a7eb2a9f" score = 75 @@ -80687,8 +80824,8 @@ rule ELASTIC_Linux_Trojan_Mirai_93Fc3657 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L259-L277" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L259-L277" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6" logic_hash = "0b5278feddd00b0b24ca735bf7cd1440379c6ce5aca6d2a6f38c9fdcedcb3c0d" score = 75 @@ -80716,8 +80853,8 @@ rule ELASTIC_Linux_Trojan_Mirai_7C88Acbc : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L279-L296" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L279-L296" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "76373f8e09b7467ac5d36e8baad3025a57568e891434297e53f2629a72cf8929" score = 75 quality = 75 @@ -80744,8 +80881,8 @@ rule ELASTIC_Linux_Trojan_Mirai_804F8E7C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L298-L316" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L298-L316" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6" logic_hash = "711d74406d9b0d658b3b29f647bd659699ac0af9cd482403122124ec6054f1ec" score = 75 @@ -80773,8 +80910,8 @@ rule ELASTIC_Linux_Trojan_Mirai_A2D2E15A : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L318-L336" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L318-L336" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "567c3ce9bbbda760be81c286bfb2252418f551a64ba1189f6c0ec8ec059cee49" logic_hash = "c76fe953c4a70110346a020f2b27c7e79f4ad8a24fd92ac26e5ddd1fed068f65" score = 75 @@ -80802,8 +80939,8 @@ rule ELASTIC_Linux_Trojan_Mirai_5946F41B : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L338-L356" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L338-L356" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "f0b6bf8a683f8692973ea8291129c9764269a6739650ec3f9ee50d222df0a38a" logic_hash = "43691675db419426413ccc24aa9dfe94456fa1007630652b08a625eafd1f17b8" score = 75 @@ -80831,8 +80968,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Da4Aa3B3 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L358-L376" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L358-L376" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "dbc246032d432318f23a4c1e5b6fcd787df29da3bf418613f588f758dcd80617" logic_hash = "84ddc505d2e2be955b88a0fe3b78d435f73c0a315b513e105933e84be78ba2ad" score = 75 @@ -80860,8 +80997,8 @@ rule ELASTIC_Linux_Trojan_Mirai_70Ef58F1 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L378-L396" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L378-L396" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "fc8741f67f39e7409ab2c6c62d4f9acdd168d3e53cf6976dd87501833771cacb" logic_hash = "3ad201d643e8f93a6f9075c03a76020d78186702a19bf9174b08688a2e94ef5c" score = 75 @@ -80889,8 +81026,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Ea584243 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L398-L416" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L398-L416" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "f363d9bd2132d969cd41e79f29c53ef403da64ca8afc4643084cc50076ddfb47" logic_hash = "34c6f800c849c295797cdd971fb4f3d16d680530f9a98c291388345569708208" score = 75 @@ -80918,8 +81055,8 @@ rule ELASTIC_Linux_Trojan_Mirai_564B8Eda : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L418-L436" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L418-L436" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "ff04921d7bf9ca01ae33a9fc0743dce9ca250e42a33547c5665b1c9a0b5260ee" logic_hash = "4bf11492f480911629623250146554f2456f3a527f5f80402ef74b22c1460462" score = 75 @@ -80947,8 +81084,8 @@ rule ELASTIC_Linux_Trojan_Mirai_7E9F85Fb : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L438-L456" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L438-L456" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "4333e80fd311b28c948bab7fb3f5efb40adda766f1ea4bed96a8db5fe0d80ea1" logic_hash = "f4ce912e190bc5dcb56541f54ba8e47b6103c482bdc7e83b44693d2c066c0170" score = 75 @@ -80976,8 +81113,8 @@ rule ELASTIC_Linux_Trojan_Mirai_3A85A418 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L458-L476" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L458-L476" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "86a43b39b157f47ab12e9dc1013b4eec0e1792092d4cef2772a21a9bf4fc518a" logic_hash = "bd7fe497fb2557c9e9c26ec90e783f03cbbc9bdaa8d20b364ce65edf6c1e5fa3" score = 75 @@ -81005,8 +81142,8 @@ rule ELASTIC_Linux_Trojan_Mirai_24C5B7D6 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L478-L496" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L478-L496" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "7c2f8ba2d6f1e67d1b4a3a737a449429c322d945d49dafb9e8c66608ab2154c4" logic_hash = "f790f6b8fcf932773054525ed74a3f15998d91a2626ae9c56486de8dabc2035c" score = 75 @@ -81034,8 +81171,8 @@ rule ELASTIC_Linux_Trojan_Mirai_99D78950 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L498-L516" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L498-L516" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6" logic_hash = "bfd628a9973f85ed0a8be2723c7ff4bd028af00ea98c9cbcde9df6aabcf394b2" score = 75 @@ -81063,8 +81200,8 @@ rule ELASTIC_Linux_Trojan_Mirai_3Fe3C668 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L518-L535" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L518-L535" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "e75b2dca7de7d9f31a0ae5940dc45d0e6d0f1ca110b5458fc99912400da97bde" score = 75 quality = 75 @@ -81091,8 +81228,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Eedfbfc6 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L537-L555" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L537-L555" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "b7342f7437a3a16805a7a8d4a667e0e018584f9a99591413650e05d21d3e6da6" logic_hash = "949b32db1a00570fc84fbbe510f57f6e898d089efd3fedbd7719f8059021b6bc" score = 75 @@ -81120,8 +81257,8 @@ rule ELASTIC_Linux_Trojan_Mirai_6D96Ae91 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L557-L575" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L557-L575" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "e3a1d92df6fb566e09c389cfb085126d2ea0f51a776ec099afb8913ef5e96f9b" logic_hash = "43b0ac7090620eb6c892f1105778c395bf18f5ac309ce1b2d9015b5abccbfc2a" score = 75 @@ -81149,8 +81286,8 @@ rule ELASTIC_Linux_Trojan_Mirai_D8779A57 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L577-L595" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L577-L595" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "c490586fbf90d360cf3b2f9e2dc943809441df3dfd64dadad27fc9f5ee96ec74" logic_hash = "2154786bbb6dbcc280aaa9e2b75106b585d04c7c85f6162f441c81dc54663cb3" score = 75 @@ -81178,8 +81315,8 @@ rule ELASTIC_Linux_Trojan_Mirai_3E72E107 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L597-L615" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L597-L615" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "57d04035b68950246dd152054e949008dafb810f3705710d09911876cd44aec7" logic_hash = "ba0ba56ded8977502ad9f8a1ceebd30efbff964d576bbfeedff5761f0538d8f0" score = 75 @@ -81207,8 +81344,8 @@ rule ELASTIC_Linux_Trojan_Mirai_5C62E6B2 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L617-L635" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L617-L635" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "91642663793bdda93928597ff1ac6087e4c1e5d020a8f40f2140e9471ab730f9" logic_hash = "6505c4272f0f7c8c5f2d3f7cefdc3947c4015b0dfd94efde4357a506af93a99d" score = 75 @@ -81236,8 +81373,8 @@ rule ELASTIC_Linux_Trojan_Mirai_C5430Ff9 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L637-L655" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L637-L655" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "5676773882a84d0efc220dd7595c4594bc824cbe3eeddfadc00ac3c8e899aa77" logic_hash = "8c385980560cd4b24e703744b57a9d5ea1bca8fbeea066e98dd4b40009e56104" score = 75 @@ -81265,8 +81402,8 @@ rule ELASTIC_Linux_Trojan_Mirai_402Adc45 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L657-L675" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L657-L675" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "1ae0cd7e5bac967e31771873b4b41a1887abddfcdfcc76fa9149bb2054b03ca4" logic_hash = "dab879d57507d5e119ddf4ce6ed33570c74f185a2260e97a7ec1d6c844943e5d" score = 75 @@ -81294,8 +81431,8 @@ rule ELASTIC_Linux_Trojan_Mirai_A39Dfaa7 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L677-L694" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L677-L694" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "98fde36fc412b6aa50c80c12118975a6bf754a9fba94f1cc3cdeed22565d6b0d" score = 75 quality = 75 @@ -81322,8 +81459,8 @@ rule ELASTIC_Linux_Trojan_Mirai_E3E6D768 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L696-L714" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L696-L714" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "b505cb26d3ead5a0ef82d2c87a9b352cc0268ef0571f5e28defca7131065545e" logic_hash = "b848c7200f405d77553d661a6c49fb958df225875957ead35b35091995f307d1" score = 75 @@ -81351,8 +81488,8 @@ rule ELASTIC_Linux_Trojan_Mirai_520Deeb8 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L716-L733" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L716-L733" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "671c17835f30cce1e5d68dbf3a73d340069b1b55a2ac42fc132c008cb2da622e" score = 75 quality = 75 @@ -81379,8 +81516,8 @@ rule ELASTIC_Linux_Trojan_Mirai_77137320 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L735-L753" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L735-L753" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "91642663793bdda93928597ff1ac6087e4c1e5d020a8f40f2140e9471ab730f9" logic_hash = "ee48e0478845a61dbbdb5cc3ee5194eb272fcf6dcf139381f068c9af1557d0d4" score = 75 @@ -81408,8 +81545,8 @@ rule ELASTIC_Linux_Trojan_Mirai_A6A81F9C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L755-L772" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L755-L772" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "0d31cc1f4a673c13e6c81c492acbe16e1e0dfb0b15913fb276ea4abff18b32af" score = 75 quality = 75 @@ -81436,8 +81573,8 @@ rule ELASTIC_Linux_Trojan_Mirai_485C4B13 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L774-L792" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L774-L792" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "49c94d184d7e387c3efe34ae6f021e011c3046ae631c9733ab0a230d5fe28ead" logic_hash = "9625e4190559cc77f41ebef24f9bfa5e3d2e2259c12b301148c614b0f98b5835" score = 75 @@ -81465,8 +81602,8 @@ rule ELASTIC_Linux_Trojan_Mirai_7146E518 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L794-L811" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L794-L811" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "374602254be1f5c1dbb00ad25d870722e03d674033dfcf953a2895e1f50c637d" score = 75 quality = 75 @@ -81493,8 +81630,8 @@ rule ELASTIC_Linux_Trojan_Mirai_6A77Af0F : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L813-L830" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L813-L830" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "7d7623dfc1e16c7c02294607ddf46edd12cdc7d39a2b920d8711dc47c383731b" score = 75 quality = 75 @@ -81521,8 +81658,8 @@ rule ELASTIC_Linux_Trojan_Mirai_5F7B67B8 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L832-L849" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L832-L849" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "b2aedc0361c1093d7a996f26d907da3e4654c32a6dbcdbab441c19d4207f2e2a" score = 75 quality = 75 @@ -81549,8 +81686,8 @@ rule ELASTIC_Linux_Trojan_Mirai_A3Cedc45 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L851-L869" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L851-L869" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "1ae0cd7e5bac967e31771873b4b41a1887abddfcdfcc76fa9149bb2054b03ca4" logic_hash = "9233e6faa43d8ea43ff3c71ecb5248d5d311b2a593825c299cac4466278cd020" score = 75 @@ -81578,8 +81715,8 @@ rule ELASTIC_Linux_Trojan_Mirai_7D05725E : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L871-L889" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L871-L889" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "fc8741f67f39e7409ab2c6c62d4f9acdd168d3e53cf6976dd87501833771cacb" logic_hash = "ac2d0b81325ce7984bc09f93e61b42c8e312a31c75f09d37313d70cd40d3cf8b" score = 75 @@ -81607,8 +81744,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Fa48B592 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L891-L909" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L891-L909" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "c9e33befeec133720b3ba40bb3cd7f636aad80f72f324c5fe65ac7af271c49ee" logic_hash = "5648bcc96b1fdd1529b4b8765b1738594d0d61f7880b763e803cd89bd117e96b" score = 75 @@ -81636,8 +81773,8 @@ rule ELASTIC_Linux_Trojan_Mirai_B9A9D04B : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L911-L928" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L911-L928" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "61575576be4c1991bc381965a40e5d9d751bba2680a42907b0148651716419fc" score = 75 quality = 75 @@ -81664,8 +81801,8 @@ rule ELASTIC_Linux_Trojan_Mirai_D2205527 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L930-L948" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L930-L948" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "e4f584d1f75f0d7c98b325adc55025304d55907e8eb77b328c007600180d6f06" logic_hash = "172ba256873cce61047a5198733cacaff4ef343c9cbd76f2fbbf0e1ed8003236" score = 75 @@ -81693,8 +81830,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Ab073861 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L950-L968" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L950-L968" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "175444a9c9ca78565de4b2eabe341f51b55e59dec00090574ee0f1875422cbac" logic_hash = "251b92c4fec9d113025c6869c279247a3dd16ee094c8861fe43a33f87132bf75" score = 75 @@ -81722,8 +81859,8 @@ rule ELASTIC_Linux_Trojan_Mirai_637F2C04 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L970-L987" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L970-L987" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "cff4aa6c613ccc64f64441f7e40f79d3a22b5c12856c32814545bd41d5f112bd" score = 75 quality = 75 @@ -81750,8 +81887,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Aa39Fb02 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L989-L1006" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L989-L1006" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "ffa95d92a2b619008bd5918cd34a17cd034b2830dc09d495db4b0c397b1cb53a" score = 75 quality = 75 @@ -81778,8 +81915,8 @@ rule ELASTIC_Linux_Trojan_Mirai_0Bce98A2 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L1008-L1026" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L1008-L1026" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "1b20df8df7f84ad29d81ccbe276f49a6488c2214077b13da858656c027531c80" logic_hash = "04d10ef03c178fb101d3c6b6d3b36f0aa04149b9b35a33c3d10d17af1fc07625" score = 75 @@ -81807,8 +81944,8 @@ rule ELASTIC_Linux_Trojan_Mirai_3A56423B : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L1028-L1045" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L1028-L1045" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "0c2765a5c1b331eb9ff5e542bc72eff7be3506e6caef94128413d500086715c6" score = 75 quality = 75 @@ -81835,8 +81972,8 @@ rule ELASTIC_Linux_Trojan_Mirai_D18B3463 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L1047-L1065" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L1047-L1065" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "cd86534d709877ec737ceb016b2a5889d2e3562ffa45a278bc615838c2e9ebc3" logic_hash = "f906c6f9baae6d6fa3f42e84607549bae44ed9ca847fd916d04f2671eef1caa1" score = 75 @@ -81864,8 +82001,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Fe721Dc5 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L1067-L1084" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L1067-L1084" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "e9312eefb5f14a27d96e973139e45098c2f62a24d5254ca24dea64b9888a4448" score = 75 quality = 75 @@ -81892,8 +82029,8 @@ rule ELASTIC_Linux_Trojan_Mirai_575F5Bc8 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L1086-L1103" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L1086-L1103" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "dec143d096f5774f297ce90ef664ae50c40ae4f87843bbb34e496565c0faf3b2" score = 75 quality = 75 @@ -81920,8 +82057,8 @@ rule ELASTIC_Linux_Trojan_Mirai_449937Aa : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L1105-L1123" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L1105-L1123" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "6f27766534445cffb097c7c52db1fca53b2210c1b10b75594f77c34dc8b994fe" logic_hash = "d459e46893115dbdef46bcaceb6a66255ef3a389f1bf7173b0e0bd0d8ce024fb" score = 75 @@ -81949,8 +82086,8 @@ rule ELASTIC_Linux_Trojan_Mirai_2E3F67A9 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L1125-L1143" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L1125-L1143" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "fc8741f67f39e7409ab2c6c62d4f9acdd168d3e53cf6976dd87501833771cacb" logic_hash = "8c83c5d32c58041444f33264f692a7580c76324d2cbad736fdd737bdfcd63595" score = 75 @@ -81978,8 +82115,8 @@ rule ELASTIC_Linux_Trojan_Mirai_01E4A728 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L1145-L1162" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L1145-L1162" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "753936b97a36c774975a1d0988f6f908d4b5e5906498aa34c606d4cd971f1ba5" score = 75 quality = 75 @@ -82006,8 +82143,8 @@ rule ELASTIC_Linux_Trojan_Mirai_64D5Cde2 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L1164-L1182" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L1164-L1182" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "caf2a8c199156db2f39dbb0a303db56040f615c4410e074ef56be2662752ca9d" logic_hash = "08f3635e5517185cae936b39f503bbeba5aed2e36abdd805170a259bc5e3644f" score = 75 @@ -82035,8 +82172,8 @@ rule ELASTIC_Linux_Trojan_Mirai_0D73971C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L1184-L1202" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L1184-L1202" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "49c94d184d7e387c3efe34ae6f021e011c3046ae631c9733ab0a230d5fe28ead" logic_hash = "56f3bac05fce0a0458e5b80197335e7bef6dcd50b9feb6f1008b8679f29cf37a" score = 75 @@ -82064,8 +82201,8 @@ rule ELASTIC_Linux_Trojan_Mirai_82C361D4 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L1204-L1222" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L1204-L1222" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "f8dbcf0fc52f0c717c8680cb5171a8c6c395f14fd40a2af75efc9ba5684a5b49" logic_hash = "766a964d7d35525fbc88adcf86fb69d11f9c63c0d28ceefb3ae79797a7161193" score = 75 @@ -82093,8 +82230,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Ec591E81 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L1224-L1242" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L1224-L1242" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "7d45a4a128c25f317020b5d042ab893e9875b6ff0ef17482b984f5b3fe87e451" logic_hash = "f2a147fe7f98d2b3141a1fda118ee803c81d9bc6f498bfaf3557665397eb44da" score = 75 @@ -82122,8 +82259,8 @@ rule ELASTIC_Linux_Trojan_Mirai_0Eba3F5A : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L1244-L1262" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L1244-L1262" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "2e4f89c76dfefd4b2bfd1cf0467ac0324026355723950d12d7ed51195fd998cf" logic_hash = "bcb2f1e1659102f39977fac43b119c58d6c72f828c3065e2318f671146e911da" score = 75 @@ -82151,8 +82288,8 @@ rule ELASTIC_Linux_Trojan_Mirai_E43A8744 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L1264-L1282" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L1264-L1282" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "f363d9bd2132d969cd41e79f29c53ef403da64ca8afc4643084cc50076ddfb47" logic_hash = "17c52d2b720fa2e98c3e9bb077525a695a6e547a66e8c44fcc1e26e48df81adf" score = 75 @@ -82180,8 +82317,8 @@ rule ELASTIC_Linux_Trojan_Mirai_6E8E9257 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L1284-L1301" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L1284-L1301" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "67973257e578783838f18dc8ae994f221ad1c1b3f4a04a2b6b523da5ebd8c95b" score = 75 quality = 75 @@ -82208,8 +82345,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Ac253E4F : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L1303-L1321" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L1303-L1321" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "91642663793bdda93928597ff1ac6087e4c1e5d020a8f40f2140e9471ab730f9" logic_hash = "1ab463fce01148c2cc95659fdf8b05e597d9b4eeabe81a9cdfa1da3632d72291" score = 75 @@ -82237,8 +82374,8 @@ rule ELASTIC_Linux_Trojan_Mirai_994535C4 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L1323-L1341" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L1323-L1341" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "376a2771a2a973628e22379b3dbb9a8015c828505bbe18a0c027b5d513c9e90d" logic_hash = "c83c8c9cdfea1bf322115e5b23d751b226a5dbf42fc41faac172d36192ccf31f" score = 75 @@ -82266,8 +82403,8 @@ rule ELASTIC_Linux_Trojan_Mirai_A68E498C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L1343-L1361" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L1343-L1361" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6" logic_hash = "e4552813dc92b397c5ba78f32ee6507520f337b55779a3fc705de7e961f8eb8f" score = 75 @@ -82295,8 +82432,8 @@ rule ELASTIC_Linux_Trojan_Mirai_88De437F : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L1363-L1381" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L1363-L1381" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6" logic_hash = "233dbf3d13c35f4c9c7078d67ea60086355c801ce6515f9d3c518e95afd39d85" score = 75 @@ -82324,8 +82461,8 @@ rule ELASTIC_Linux_Trojan_Mirai_95E0056C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L1383-L1401" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L1383-L1401" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "45f67d4c18abc1bad9a9cc6305983abf3234cd955d2177f1a72c146ced50a380" logic_hash = "9e34891d28034d1f4fc3da5cb99df8fc74f0b876903088f5eab5fe36e0e0e603" score = 75 @@ -82353,8 +82490,8 @@ rule ELASTIC_Linux_Trojan_Mirai_B548632D : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L1403-L1421" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L1403-L1421" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "639d9d6da22e84fb6b6fc676a1c4cfd74a8ed546ce8661500ab2ef971242df07" logic_hash = "bfb46457f8b79548726e3988d649f94e04f26f9e546aae70ece94defae6bab8a" score = 75 @@ -82382,8 +82519,8 @@ rule ELASTIC_Linux_Trojan_Mirai_E0Cf29E2 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L1423-L1440" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L1423-L1440" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "693e27da8cbab32954cc2c9ba648151ad9fc21fe53251628145d7b436ec5e976" score = 75 quality = 75 @@ -82410,8 +82547,8 @@ rule ELASTIC_Linux_Trojan_Mirai_1754B331 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L1442-L1460" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L1442-L1460" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "0d89fc59d0de2584af0e4614a1561d1d343faa766edfef27d1ea96790ac7014b" logic_hash = "fde04b0e31a00326f9d011198995999ff9b15628f5ff4139ec7dec19ac0c59c9" score = 75 @@ -82439,8 +82576,8 @@ rule ELASTIC_Linux_Trojan_Mirai_3278F1B8 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L1462-L1480" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L1462-L1480" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "fc8741f67f39e7409ab2c6c62d4f9acdd168d3e53cf6976dd87501833771cacb" logic_hash = "4d709e8e2062099ac06b241408e52bcb86bbf8163faaffbcff68a05f864e1b3f" score = 75 @@ -82468,8 +82605,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Ab804Bb7 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L1482-L1500" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L1482-L1500" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "8f0cc764729498b4cb9c5446f1a84cde54e828e913dc78faf537004a7df21b20" logic_hash = "cef2ffafe152332502fb0d72d014c81b90dc9ad4f4491f1b2f2f9c1f73cc7958" score = 75 @@ -82497,8 +82634,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Dca3B9B4 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L1502-L1520" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L1502-L1520" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "a839437deba6d30e7a22104561e38f60776729199a96a71da3a88a7c7990246a" logic_hash = "f85dfc1c00706d7ac11ef35c41c471383ef8b019a5c2566b27072a5ef5ad5c93" score = 75 @@ -82526,8 +82663,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Ae9D0Fa6 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L1522-L1539" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L1522-L1539" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "8da5b14b95d96de5ced8bcab98e23973e449c1b5ca101f39a2114bb8e74fd9a5" score = 75 quality = 75 @@ -82554,8 +82691,8 @@ rule ELASTIC_Linux_Trojan_Mirai_612B407C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L1541-L1559" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L1541-L1559" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "7833bc89778461a9f46cc47a78c67dda48b498ee40b09a80a21e67cb70c6add1" logic_hash = "6514725a32f7c28be7de5ff6fe1363df7c50e2cd6c8c79824ec4cbeadda2ca31" score = 75 @@ -82583,8 +82720,8 @@ rule ELASTIC_Linux_Trojan_Mirai_D5Da717F : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L1561-L1579" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L1561-L1579" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "1f6bcdfc7d1c56228897cd7548266bb0b9a41b913be354036816643ac21b6f66" logic_hash = "034dae5bea7536e8c8aa22b8b891b9c991b94f04be12c9fe6d78ddf07a2365d9" score = 75 @@ -82612,8 +82749,8 @@ rule ELASTIC_Linux_Trojan_Mirai_D33095D4 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L1581-L1599" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L1581-L1599" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "72326a3a9160e9481dd6fc87159f7ebf8a358f52bf0c17fbc3df80217d032635" logic_hash = "b7feaec65d72907d08c98b09fb4ac494ceee7d7bd51c09063363c617e3f057a4" score = 75 @@ -82641,8 +82778,8 @@ rule ELASTIC_Linux_Trojan_Mirai_4E2246Fb : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L1601-L1619" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L1601-L1619" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "1f6bcdfc7d1c56228897cd7548266bb0b9a41b913be354036816643ac21b6f66" logic_hash = "6d2e1300286751a5e1ae683e9aab2f59bfbb20d1cc18dcce89c06ecadf25a3e6" score = 75 @@ -82670,8 +82807,8 @@ rule ELASTIC_Linux_Trojan_Mirai_D5981806 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L1621-L1639" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L1621-L1639" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "784f2005853b5375efaf3995208e4611b81b8c52f67b6dc139fd9fec7b49d9dc" logic_hash = "e625323543aa5c8374a179dfa51c3f5be1446459c45fa7c7a27ae383cf0f551b" score = 75 @@ -82699,8 +82836,8 @@ rule ELASTIC_Linux_Trojan_Mirai_C6055Dc9 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L1641-L1659" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L1641-L1659" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "c1718d7fdeef886caa33951e75cbd9139467fa1724605fdf76c8cdb1ec20e024" logic_hash = "4d9d7c44f0d3ae60275720ae5faf3c25c368aa6e7d9ab5ed706a30f9a7ffd3b8" score = 75 @@ -82728,8 +82865,8 @@ rule ELASTIC_Linux_Trojan_Mirai_3B9675Fd : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L1661-L1679" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L1661-L1679" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "4ec4bc88156bd51451fdaf0550c21c799c6adacbfc654c8ec634ebca3383bd66" logic_hash = "61ff7cb8d664291de5cf0c82b80cf0f4001c41d3f02b7f4762f67eb8128df15d" score = 75 @@ -82757,8 +82894,8 @@ rule ELASTIC_Linux_Trojan_Mirai_1C0D246D : FILE MEMORY date = "2021-04-13" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L1681-L1700" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L1681-L1700" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "211cfe9d158c8a6840a53f2d1db2bf94ae689946fffb791eed3acceef7f0e3dd" logic_hash = "7a101e6d2265e09eb6c8d0f1a2fe54c9aa353dfd8bd156926937f4aec86c3ef1" score = 75 @@ -82787,8 +82924,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Ad337D2F : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "012b717909a8b251ec1e0c284b3c795865a32a1f4b79706d2254a4eb289c30a7" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L1702-L1720" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L1702-L1720" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "dba630c1deb00b0dbd9f895a9b93393bc634150c8f32527b02d8dd71dc806e7d" score = 75 quality = 75 @@ -82815,8 +82952,8 @@ rule ELASTIC_Linux_Trojan_Mirai_88A1B067 : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "1a62db02343edda916cbbf463d8e07ec2ad4509fd0f15a5f6946d0ec6c332dd9" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L1722-L1740" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L1722-L1740" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "0755f1f974734ccd4ecc444217bf52ed306d1dc32c05841ba9ca6d259e1a147e" score = 75 quality = 75 @@ -82843,8 +82980,8 @@ rule ELASTIC_Linux_Trojan_Mirai_76Bbc4Ca : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "1a9ff86a66d417678c387102932a71fd879972173901c04f3462de0e519c3b51" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L1742-L1760" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L1742-L1760" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "855b7938b92b5645fcefd2ec1e2ccb71269654816f362282ccbf9aef1c01c8a0" score = 75 quality = 75 @@ -82871,8 +83008,8 @@ rule ELASTIC_Linux_Trojan_Mirai_0Bfc17Bd : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L1762-L1780" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L1762-L1780" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "1cdd94f2a1cb2b93134646c171d947e325a498f7a13db021e88c05a4cbb68903" logic_hash = "ef83bc9ae3c881d09b691db42a1712b500a5bb8df34060a6786cfdc6caaf5530" score = 75 @@ -82900,8 +83037,8 @@ rule ELASTIC_Linux_Trojan_Mirai_389Ee3E9 : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L1782-L1800" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L1782-L1800" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f" logic_hash = "fedeae98d468a11c3eaa561b9d5433ec206bdd4caed5aed7926434730f7f866b" score = 75 @@ -82929,8 +83066,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Cc93863B : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L1802-L1820" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L1802-L1820" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f" logic_hash = "881998dee010270d7cefae5b59a888e541d4a2b93e3e52ae0abe0df41371c50d" score = 75 @@ -82958,8 +83095,8 @@ rule ELASTIC_Linux_Trojan_Mirai_8Aa7B5D3 : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L1822-L1840" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L1822-L1840" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f" logic_hash = "3c99b7b126184b75802c7198c81f4783af776920edc6e964dbe726d28d88f64d" score = 75 @@ -82987,8 +83124,8 @@ rule ELASTIC_Linux_Trojan_Mirai_76908C99 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L1842-L1860" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L1842-L1860" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "533a90959bfb337fd7532fb844501fd568f5f4a49998d5d479daf5dfbd01abb2" logic_hash = "bd8254e888b1ea93ca9aad92ea2c8ece1f2d03ae2949ca4c3743b6e339ee21e0" score = 75 @@ -83016,8 +83153,8 @@ rule ELASTIC_Linux_Trojan_Mirai_1538Ce1A : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L1862-L1880" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L1862-L1880" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "2382996a8fd44111376253da227120649a1a94b5c61739e87a4e8acc1130e662" logic_hash = "cf2dd11da520640c6a64e05c4679072a714d8cf93d5f5aa3a1eca8eb3e9c8b3b" score = 75 @@ -83045,8 +83182,8 @@ rule ELASTIC_Linux_Trojan_Mirai_07B1F4F6 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L1882-L1900" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L1882-L1900" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "2382996a8fd44111376253da227120649a1a94b5c61739e87a4e8acc1130e662" logic_hash = "4af1a20e29e0c9b62e1530031e49a3d7b37d4e9a547d89a270a2e59e0c7852cc" score = 75 @@ -83074,8 +83211,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Feaa98Ff : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L1902-L1920" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L1902-L1920" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "2382996a8fd44111376253da227120649a1a94b5c61739e87a4e8acc1130e662" logic_hash = "06be9d8bcfcb7e6b600103cf29fa8a94a457ff56e8c7018336c270978a57ccbf" score = 75 @@ -83103,8 +83240,8 @@ rule ELASTIC_Linux_Trojan_Mirai_3Acd6Ed4 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L1922-L1940" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L1922-L1940" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "2644447de8befa1b4fe39b2117d49754718a2f230d6d5f977166386aa88e7b84" logic_hash = "ab284d41af8e1920fa54ac8bfab84bac493adf816aebce60490ab22c0e502201" score = 75 @@ -83132,8 +83269,8 @@ rule ELASTIC_Linux_Trojan_Mirai_Eb940856 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mirai.yar#L1942-L1960" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mirai.yar#L1942-L1960" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "fbf814c04234fc95b6a288b62fb9513d6bbad2e601b96db14bb65ab153e65fef" logic_hash = "d7bb2373a35ea97a11513e80e9a561f53a8f0b9345f392e8e7f042d4cb2d7d20" score = 75 @@ -83161,8 +83298,8 @@ rule ELASTIC_Windows_Vulndriver_Speedfan_9B590Eee : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_VulnDriver_Speedfan.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_VulnDriver_Speedfan.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "22be050955347661685a4343c51f11c7811674e030386d2264cd12ecbf544b7c" logic_hash = "6f75c0e6b89dd1ceb85c73b7e51fd261ca2804e14a5f8ed6ce3352b3f1bcdfe4" score = 75 @@ -83191,8 +83328,8 @@ rule ELASTIC_Linux_Ransomware_Hellokitty_35731270 : FILE MEMORY date = "2023-07-27" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Ransomware_Hellokitty.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Ransomware_Hellokitty.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "556e5cb5e4e77678110961c8d9260a726a363e00bf8d278e5302cb4bfccc3eed" logic_hash = "40cb632d6b8561de56f2010a082a24b0c50d4cabed21e073168b5302ddff7044" score = 75 @@ -83222,8 +83359,8 @@ rule ELASTIC_Linux_Hacktool_Prochide_7333221A : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Hacktool_Prochide.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Hacktool_Prochide.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "fad956a6a38abac8a8a0f14cc50f473ec6fc1c9fd204e235b89523183931090b" logic_hash = "413f19744240eae0a87d56da1e524e2afa0fe0ec385bd9369218713b13a93495" score = 75 @@ -83251,8 +83388,8 @@ rule ELASTIC_Linux_Worm_Generic_920D273F : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Worm_Generic.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Worm_Generic.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "04a65bc73fab91f654d448b2d7f8f15ac782965dcdeec586e20b5c7a8cc42d73" logic_hash = "d0ed260857ae3002483ea7ef242b82514caaa95c2700b39dd0a03d39fdde090d" score = 75 @@ -83280,8 +83417,8 @@ rule ELASTIC_Linux_Worm_Generic_98Efcd38 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Worm_Generic.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Worm_Generic.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "87507f5cd73fffdb264d76db9b75f30fe21cc113bcf82c524c5386b5a380d4bb" logic_hash = "c1a130d2ef8d09cb28adc4e347cbd1a083c78241752ecf3f935b03d774d00a81" score = 60 @@ -83309,8 +83446,8 @@ rule ELASTIC_Linux_Worm_Generic_Bd64472E : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Worm_Generic.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Worm_Generic.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "b3334a3b61b1a3fc14763dc3d590100ed5e85a97493c89b499b02b76f7a0a7d0" logic_hash = "9a7267a0ebc1073d0b1f81a61b963642cc816b563b43ff4d9508dd8bc195a0e1" score = 75 @@ -83338,8 +83475,8 @@ rule ELASTIC_Linux_Worm_Generic_3Ff8F75B : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Worm_Generic.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Worm_Generic.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "991175a96b719982f3a846df4a66161a02225c21b12a879e233e19124e90bd35" logic_hash = "798e98f286201f1cda18bf1bf433826cf8a949b584f016b24a684425069d1024" score = 75 @@ -83367,8 +83504,8 @@ rule ELASTIC_Macos_Trojan_Sugarloader_E7E1D99C : FILE MEMORY date = "2023-10-24" modified = "2023-10-24" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/MacOS_Trojan_SugarLoader.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/MacOS_Trojan_SugarLoader.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "3ea2ead8f3cec030906dcbffe3efd5c5d77d5d375d4a54cca03bfe8a6cb59940" logic_hash = "0689b704add81e8e7968d9dba5f60d45c8791209330f4ee97e218f8eeb22c88f" score = 75 @@ -83400,8 +83537,8 @@ rule ELASTIC_Windows_Vulndriver_Amifldrv_E387D5Ad : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_VulnDriver_Amifldrv.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_VulnDriver_Amifldrv.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "fda506e2aa85dc41a4cbc23d3ecc71ab34e06f1def736e58862dc449acbc2330" logic_hash = "14d75b5aff2c82d69b041c654cdc0840f6b6e37a197f5c0c1c2698c9e8eba3e2" score = 60 @@ -83429,8 +83566,8 @@ rule ELASTIC_Linux_Trojan_Winnti_61215D98 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Winnti.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Winnti.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "cc1455e3a479602581c1c7dc86a0e02605a3c14916b86817960397d5a2f41c31" logic_hash = "051cc157f189094d25d45e66e410bdfd61ed7649a4c935d076cec1597c5debf5" score = 75 @@ -83458,8 +83595,8 @@ rule ELASTIC_Linux_Trojan_Winnti_4C5A1865 : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "0d963a713093fc8e5928141f5747640c9b43f3aadc8a5478c949f7ec364b28ad" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Winnti.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Winnti.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "69f6dcba59ec8cd7f4dfe853495a35601e35d74476fad9e18bef7685a68ece51" score = 75 quality = 75 @@ -83486,8 +83623,8 @@ rule ELASTIC_Linux_Trojan_Winnti_6F4Ca425 : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "161af780209aa24845863f7a8120aa982aa811f16ec04bcd797ed165955a09c1" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Winnti.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Winnti.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "a1ffc0e3d27c4bb9fd10f14d45b649b4f059c654b31449013ac06d0981ed25ed" score = 75 quality = 75 @@ -83514,8 +83651,8 @@ rule ELASTIC_Linux_Trojan_Winnti_De4B0F6E : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "a6b9b3ea19eaddd4d90e58c372c10bbe37dbfced638d167182be2c940e615710" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Winnti.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Winnti.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "fb7b0ff4757dfc1ba2ca8585d5ddf14aae03063e10bdc2565443362c6ba37c30" score = 75 quality = 75 @@ -83542,8 +83679,8 @@ rule ELASTIC_Windows_Vulndriver_Echodrv_D17Ff31C : FILE date = "2023-10-31" modified = "2023-11-03" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_VulnDriver_EchoDrv.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_VulnDriver_EchoDrv.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "ea3c5569405ed02ec24298534a983bcb5de113c18bc3fd01a4dd0b5839cd17b9" logic_hash = "0b2eb3c5da8703749ee63662495d6e8738ccdc353f3ac3df48e25a77312c0da0" score = 75 @@ -83571,8 +83708,8 @@ rule ELASTIC_Windows_Ransomware_Clop_6A1670Aa : BETA FILE MEMORY date = "2020-05-03" modified = "2021-08-23" reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.clop" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Clop.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Clop.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "afe28000d50495bf2f2adc6cbf0159591ce87bff207f3c6a1d38e09f9ed328d7" score = 75 quality = 75 @@ -83600,8 +83737,8 @@ rule ELASTIC_Windows_Ransomware_Clop_E04959B5 : BETA FILE MEMORY date = "2020-05-03" modified = "2021-08-23" reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.clop" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Clop.yar#L22-L50" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Clop.yar#L22-L50" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "039fcb0e48898c7546588cd095fac16f06cf5e5568141aefb6db382a61e80a8d" score = 75 quality = 50 @@ -83638,8 +83775,8 @@ rule ELASTIC_Windows_Ransomware_Clop_9Ac9Ea3E : BETA FILE MEMORY date = "2020-05-03" modified = "2021-08-23" reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.clop" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Clop.yar#L52-L71" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Clop.yar#L52-L71" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "1228ee4b934faf1d5f8cf4518974cd2c80a73d84c8a354bde4813fb97ba516d7" score = 75 quality = 75 @@ -83667,8 +83804,8 @@ rule ELASTIC_Windows_Ransomware_Clop_606020E7 : BETA FILE MEMORY date = "2020-05-03" modified = "2021-08-23" reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.clop" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Clop.yar#L73-L92" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Clop.yar#L73-L92" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "f5169b324bc19f6f5a04c99f1d3326c97300d038ec383c3eab94eb258963ac30" score = 75 quality = 75 @@ -83696,8 +83833,8 @@ rule ELASTIC_Windows_Trojan_Grandoreiro_51236Ba2 : FILE MEMORY date = "2022-08-23" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Grandoreiro.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Grandoreiro.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "1bdf381e7080d9bed3f52f4b3db1991a80d3e58120a5790c3d1609617d1f439e" logic_hash = "9a8549a1dd82f56458ea8aee5c30243ac073d15c820de28d78a58d2c067b10d6" score = 75 @@ -83729,8 +83866,8 @@ rule ELASTIC_Windows_Vulndriver_Elby_65B09743 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_VulnDriver_Elby.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_VulnDriver_Elby.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "eea53103e7a5a55dc1df79797395a2a3e96123ebd71cdd2db4b1be80e7b3f02b" logic_hash = "7c7438520b238daf38d4ac91cbdee48bbfa9c85bd76208a436ce59edcfcecb80" score = 75 @@ -83760,8 +83897,8 @@ rule ELASTIC_Windows_Trojan_Gozi_Fd494041 : FILE MEMORY date = "2021-03-22" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Gozi.yar#L1-L32" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Gozi.yar#L1-L32" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "0a1c1557bdb8c1b99e2b764fc6b21a07e33dc777b492a25a55cbd8737031e237" logic_hash = "fdd18817e7377f1b4006d3bf135d924b8ead62a461ea56f57157b2856ba6846b" score = 75 @@ -83802,8 +83939,8 @@ rule ELASTIC_Windows_Trojan_Gozi_261F5Ac5 : FILE MEMORY date = "2019-08-02" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Gozi.yar#L34-L60" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Gozi.yar#L34-L60" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "31835c6350177eff88265e81335a50fcbe0dc46771bf031c836947851dcebb4f" logic_hash = "23a7427e162e2f77ee0a281fe4bc54eab29a3bdca8e51015147e8eb223e7e2f7" score = 75 @@ -83839,8 +83976,8 @@ rule ELASTIC_Linux_Ransomware_Limpdemon_95C748E0 : FILE MEMORY date = "2023-07-27" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Ransomware_LimpDemon.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Ransomware_LimpDemon.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "a4200e90a821a2f2eb3056872f06cf5b057be154dcc410274955b2aaca831651" logic_hash = "e66906725c0af657d91771642908ac0b2c72a97c4d4f651dcc907c2c1437f2da" score = 75 @@ -83871,8 +84008,8 @@ rule ELASTIC_Windows_PUP_Veriato_Fae5978C : FILE MEMORY date = "2022-06-08" modified = "2022-09-29" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_PUP_Veriato.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_PUP_Veriato.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "53f09e60b188e67cdbf28bda669728a1f83d47b0279debf3d0a8d5176479d17f" logic_hash = "8ae6f8b2b6e3849b33e6a477af52982efe137d7ebeff0c92cee5667d75f05145" score = 75 @@ -83902,8 +84039,8 @@ rule ELASTIC_Windows_Trojan_Blackwood_2B94Bce9 : FILE MEMORY date = "2024-03-22" modified = "2024-05-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Blackwood.yar#L1-L26" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Blackwood.yar#L1-L26" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "c37dd77f659059da7e12e13b063036ee69097a4d2f88c170832fff78f3788991" logic_hash = "279e85ce3bb974ce5af541e7307cb2fd1031f36c9da013756883172a765b0e19" score = 75 @@ -83938,8 +84075,8 @@ rule ELASTIC_Windows_Ransomware_Ragnarok_1Cab7Ea1 : BETA FILE MEMORY date = "2020-05-03" modified = "2021-08-23" reference = "https://twitter.com/malwrhunterteam/status/1256263426441125888?s=20" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Ragnarok.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Ragnarok.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "8bae3ea4304473209fc770673b680154bf227ce30f6299101d93fe830da0fe91" score = 75 quality = 73 @@ -83967,8 +84104,8 @@ rule ELASTIC_Windows_Ransomware_Ragnarok_7E802F95 : BETA FILE MEMORY date = "2020-05-03" modified = "2021-08-23" reference = "https://twitter.com/malwrhunterteam/status/1256263426441125888?s=20" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Ragnarok.yar#L22-L42" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Ragnarok.yar#L22-L42" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "8f293cdbdc3c395e18c304dfa43d0dcdb52b18bde5b5d084190ceec70aea6cbd" score = 75 quality = 75 @@ -83997,8 +84134,8 @@ rule ELASTIC_Windows_Ransomware_Ragnarok_Efafbe48 : BETA FILE MEMORY date = "2020-05-03" modified = "2021-08-23" reference = "https://twitter.com/malwrhunterteam/status/1256263426441125888?s=20" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Ragnarok.yar#L44-L71" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Ragnarok.yar#L44-L71" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "c9d203620e0e6e04d717595ca70a5e5efa74abfc11e4e732d729caab2d246c27" score = 75 quality = 75 @@ -84034,8 +84171,8 @@ rule ELASTIC_Windows_Ransomware_Ragnarok_5625D3F6 : BETA FILE MEMORY date = "2020-05-03" modified = "2021-08-23" reference = "https://twitter.com/malwrhunterteam/status/1256263426441125888?s=20" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Ragnarok.yar#L73-L95" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Ragnarok.yar#L73-L95" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "8c22cf9dfbeba7391f6d2370c88129650ef4c778464e676752de1d0fd9c5b34e" score = 75 quality = 75 @@ -84066,8 +84203,8 @@ rule ELASTIC_Windows_Ransomware_Darkside_D7Fc4594 : FILE MEMORY date = "2021-05-20" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Darkside.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Darkside.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "bfb31c96f9e6285f5bb60433f2e45898b8a7183a2591157dc1d766be16c29893" logic_hash = "0083fb64955973e7dbbb35d08cb780fa0b4ff4d064c102dc8f86e29af8358bad" score = 75 @@ -84095,8 +84232,8 @@ rule ELASTIC_Windows_Ransomware_Darkside_Aceac5D9 : FILE MEMORY date = "2021-05-20" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Darkside.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Darkside.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "bfb31c96f9e6285f5bb60433f2e45898b8a7183a2591157dc1d766be16c29893" logic_hash = "888ab06b55b07879ee6b9a45c04f1a09c570aeb4be55c698300566d57fd47252" score = 75 @@ -84124,8 +84261,8 @@ rule ELASTIC_Windows_Trojan_Solarmarker_D466E548 : FILE MEMORY date = "2023-12-12" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_SolarMarker.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_SolarMarker.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "330f5067c93041821be4e7097cf32fb569e2e1d00e952156c9aafcddb847b873" hash = "e2a620e76352fa7ac58407a711821da52093d97d12293ae93d813163c58eb84b" logic_hash = "c0792bc3c1a2f01ff4b8d0a12c95a74491c2805c876f95a26bbeaabecdff70e9" @@ -84154,8 +84291,8 @@ rule ELASTIC_Windows_Trojan_Solarmarker_08Bfc26B : FILE MEMORY date = "2024-05-29" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_SolarMarker.yar#L22-L42" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_SolarMarker.yar#L22-L42" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "c1a6d2d78cc50f080f1fe4cadc6043027bf201d194f2b73625ce3664433a3966" logic_hash = "b31b9f8460b606426c1101eba39a41a75c7ecaafc62388a6a5ac0f24057561ed" score = 75 @@ -84185,8 +84322,8 @@ rule ELASTIC_Linux_Trojan_Roopre_B6B9E71D : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Roopre.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Roopre.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "36ae2bf773135fdb0ead7fbbd46f90fd41d6f973569de1941c8723158fc6cfcc" logic_hash = "32294e476a014a919d2d738bdc940a7fc5f91e1b13c005f164a5b6bf84eb2635" score = 75 @@ -84214,8 +84351,8 @@ rule ELASTIC_Linux_Trojan_Roopre_05F7F237 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Roopre.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Roopre.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "36ae2bf773135fdb0ead7fbbd46f90fd41d6f973569de1941c8723158fc6cfcc" logic_hash = "12e14ac31932033f2448b7a3bfd6ce826fff17494547ac4baefb20f6713baf5f" score = 75 @@ -84243,8 +84380,8 @@ rule ELASTIC_Linux_Trojan_Bpfdoor_59E029C3 : FILE MEMORY date = "2022-05-10" modified = "2022-05-10" reference = "https://www.elastic.co/security-labs/a-peek-behind-the-bpfdoor" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_BPFDoor.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_BPFDoor.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "144526d30ae747982079d5d340d1ff116a7963aba2e3ed589e7ebc297ba0c1b3" logic_hash = "64620a3404b331855d0b8018c1626c88cb28380785beac1a391613ae8dc1b1bf" score = 75 @@ -84276,8 +84413,8 @@ rule ELASTIC_Linux_Trojan_Bpfdoor_0F768F60 : FILE MEMORY date = "2022-05-10" modified = "2022-05-10" reference = "https://www.elastic.co/security-labs/a-peek-behind-the-bpfdoor" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_BPFDoor.yar#L26-L50" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_BPFDoor.yar#L26-L50" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "3a1b174f0c19c28f71e1babde01982c56d38d3672ea14d47c35ae3062e49b155" logic_hash = "1aaa74c2d8fbb230cbfc0e08fd6865b5f7e90e4abcdb97121e52afb7569b2dbc" score = 75 @@ -84310,8 +84447,8 @@ rule ELASTIC_Linux_Trojan_Bpfdoor_8453771B : FILE MEMORY date = "2022-05-10" modified = "2022-05-10" reference = "https://www.elastic.co/security-labs/a-peek-behind-the-bpfdoor" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_BPFDoor.yar#L52-L78" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_BPFDoor.yar#L52-L78" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "591198c234416c6ccbcea6967963ca2ca0f17050be7eed1602198308d9127c78" logic_hash = "546e5c56ceb6b99db14dc225a2ec4872cb54859a0f2f6ad520d4f446793e031e" score = 75 @@ -84346,8 +84483,8 @@ rule ELASTIC_Linux_Trojan_Bpfdoor_F690Fe3B : FILE MEMORY date = "2022-05-10" modified = "2022-05-10" reference = "https://www.elastic.co/security-labs/a-peek-behind-the-bpfdoor" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_BPFDoor.yar#L80-L99" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_BPFDoor.yar#L80-L99" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "591198c234416c6ccbcea6967963ca2ca0f17050be7eed1602198308d9127c78" logic_hash = "35c6be75348a30f415a1a4bb94ae7e3a2f49f54a0fb3ddc4bae1aa3e03c1a909" score = 75 @@ -84375,8 +84512,8 @@ rule ELASTIC_Linux_Trojan_Bpfdoor_1A7D804B : FILE MEMORY date = "2022-05-10" modified = "2022-05-10" reference = "https://www.elastic.co/security-labs/a-peek-behind-the-bpfdoor" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_BPFDoor.yar#L101-L127" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_BPFDoor.yar#L101-L127" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "76bf736b25d5c9aaf6a84edd4e615796fffc338a893b49c120c0b4941ce37925" logic_hash = "b0c4b168d92947e599e8c74d0ae6a91766c8a034c34e9c07e2472620c9b61037" score = 75 @@ -84411,8 +84548,8 @@ rule ELASTIC_Linux_Trojan_Bpfdoor_E14B0B79 : FILE MEMORY date = "2022-05-10" modified = "2022-05-10" reference = "https://www.elastic.co/security-labs/a-peek-behind-the-bpfdoor" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_BPFDoor.yar#L129-L152" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_BPFDoor.yar#L129-L152" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "dc8346bf443b7b453f062740d8ae8d8d7ce879672810f4296158f90359dcae3a" logic_hash = "7cdf111ae253bffef7243ad3722f1a79f81f45d80f938f9542af8e056f75d3fc" score = 75 @@ -84444,8 +84581,8 @@ rule ELASTIC_Linux_Trojan_Bpfdoor_F1Cd26Ad : FILE MEMORY date = "2023-05-11" modified = "2023-05-16" reference = "https://www.elastic.co/security-labs/a-peek-behind-the-bpfdoor" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_BPFDoor.yar#L154-L175" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_BPFDoor.yar#L154-L175" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "afa8a32ec29a31f152ba20a30eb483520fe50f2dce6c9aa9135d88f7c9c511d7" logic_hash = "ad3e130d5a1203c55b5c8d369c7d9989f66f76c9bd57e2314a30f4c931e4b98d" score = 75 @@ -84475,8 +84612,8 @@ rule ELASTIC_Macos_Trojan_Thiefquest_9130C0F3 : FILE MEMORY date = "2021-09-30" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/MacOS_Trojan_Thiefquest.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/MacOS_Trojan_Thiefquest.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "bed3561210e44c290cd410adadcdc58462816a03c15d20b5be45d227cd7dca6b" logic_hash = "20e9ea15a437a17c4ef68f2472186f6d1ab3118d5b392f84fcb2bd376ec3863a" score = 75 @@ -84507,8 +84644,8 @@ rule ELASTIC_Macos_Trojan_Thiefquest_Fc2E1271 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/MacOS_Trojan_Thiefquest.yar#L24-L42" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/MacOS_Trojan_Thiefquest.yar#L24-L42" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "12fb0eca3903a3b39ecc3c2aa6c04fe5faa1f43a3d271154d14731d1eb196923" logic_hash = "a20c76e53874fc0fec5fd2660c63c6f1e7c1b2055cbd2a9efdfd114cd6bdda5c" score = 75 @@ -84536,8 +84673,8 @@ rule ELASTIC_Macos_Trojan_Thiefquest_86F9Ef0C : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/MacOS_Trojan_Thiefquest.yar#L44-L62" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/MacOS_Trojan_Thiefquest.yar#L44-L62" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "59fb018e338908eb69be72ab11837baebf8d96cdb289757f1f4977228e7640a0" logic_hash = "426d533d39e594123f742b15d0a93ded986b9b308685f7b2cfaf5de0b32cdbff" score = 75 @@ -84565,8 +84702,8 @@ rule ELASTIC_Macos_Trojan_Thiefquest_40F9C1C3 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/MacOS_Trojan_Thiefquest.yar#L64-L82" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/MacOS_Trojan_Thiefquest.yar#L64-L82" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "e402063ca317867de71e8e3189de67988e2be28d5d773bbaf75618202e80f9f6" logic_hash = "546edc2d6d715eac47e7a8d3ceb91cf314fa6dbee04f0475a5c4a84ba53fd722" score = 75 @@ -84594,8 +84731,8 @@ rule ELASTIC_Macos_Trojan_Thiefquest_0F9Fe37C : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/MacOS_Trojan_Thiefquest.yar#L84-L102" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/MacOS_Trojan_Thiefquest.yar#L84-L102" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "12fb0eca3903a3b39ecc3c2aa6c04fe5faa1f43a3d271154d14731d1eb196923" logic_hash = "84f9e8938d7e2b0210003fc8334b8fa781a40afffeda8d2341970b84ed5d3b5a" score = 75 @@ -84623,8 +84760,8 @@ rule ELASTIC_Macos_Trojan_Thiefquest_1F4Bac78 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/MacOS_Trojan_Thiefquest.yar#L104-L122" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/MacOS_Trojan_Thiefquest.yar#L104-L122" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "12fb0eca3903a3b39ecc3c2aa6c04fe5faa1f43a3d271154d14731d1eb196923" logic_hash = "96db33e135138846f978026867bb2536226539997d060f41e7081f7f29b66c85" score = 75 @@ -84652,8 +84789,8 @@ rule ELASTIC_Linux_Exploit_Iouring_D04C1C19 : FILE MEMORY date = "2024-04-07" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_IOUring.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_IOUring.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "29e6a5f7b36e271219601528f3fd70831aacb8b9f05722779faa40afc97b3b60" logic_hash = "b1d8d6090576b4b5bcd435eb69ee1dc1f1947115d38b62364cf1730a4f08d317" score = 75 @@ -84683,8 +84820,8 @@ rule ELASTIC_Linux_Virus_Gmon_E544D891 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Virus_Gmon.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Virus_Gmon.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "d0fe377664aa0bc0d1fd3a307650f211dd3ef2e2f04597abee465e836e6a6f32" logic_hash = "6dcfd51aaa79d7bac0100d9c891aa4275b8e1f7614cda46a5da4c738d376c729" score = 75 @@ -84712,8 +84849,8 @@ rule ELASTIC_Linux_Virus_Gmon_192Bd9B3 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Virus_Gmon.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Virus_Gmon.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "d0fe377664aa0bc0d1fd3a307650f211dd3ef2e2f04597abee465e836e6a6f32" logic_hash = "3df275349d14a845c73087375f96e0c9a069ff685beb89249590ef9448e50373" score = 75 @@ -84741,8 +84878,8 @@ rule ELASTIC_Windows_Trojan_Eagerbee_7029Ba21 : FILE MEMORY date = "2023-05-09" modified = "2023-06-13" reference = "https://www.elastic.co/security-labs/introducing-the-ref5961-intrusion-set" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_EagerBee.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_EagerBee.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "09005775fc587ac7bf150c05352e59dc01008b7bf8c1d870d1cea87561aa0b06" logic_hash = "874959361b14ba74e13e6e674da75c9bdb6b9475d8b286572825c940b41f679f" score = 75 @@ -84771,8 +84908,8 @@ rule ELASTIC_Windows_Trojan_Eagerbee_A64B323B : FILE MEMORY date = "2023-09-04" modified = "2023-09-20" reference = "https://www.elastic.co/security-labs/introducing-the-ref5961-intrusion-set" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_EagerBee.yar#L23-L45" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_EagerBee.yar#L23-L45" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "339e4fdbccb65b0b06a1421c719300a8da844789a2016d58e8ce4227cb5dc91b" logic_hash = "e1c25cf8ce0ff434727c9104c6b79110ff5cfa84eb3e939119fd05cf676727c6" score = 75 @@ -84803,8 +84940,8 @@ rule ELASTIC_Linux_Trojan_Generic_402Be6C5 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Generic.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Generic.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "d30a8f5971763831f92d9a6dd4720f52a1638054672a74fdb59357ae1c9e6deb" logic_hash = "b32111972bc21822f0f2c8e47198c90b70e78667410175257b9542c212fc3a1d" score = 75 @@ -84832,8 +84969,8 @@ rule ELASTIC_Linux_Trojan_Generic_5420D3E7 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Generic.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Generic.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "103b8fced0aebd73cb8ba9eff1a55e6b6fa13bb0a099c9234521f298ee8d2f9f" logic_hash = "8ba3566ec900e37f05f11d40c65ffe1dfc587c553fa9c28b71ced7a9a90f50c3" score = 75 @@ -84861,8 +84998,8 @@ rule ELASTIC_Linux_Trojan_Generic_4F4Cc3Ea : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Generic.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Generic.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "32e25641360dbfd50125c43754cd327cf024f1b3bfd75b617cdf8a17024e2da5" logic_hash = "9eb0d93b8c1a579ca8362d033edecbbe6a9ade82f6ae5688c183b97ed7b97faa" score = 75 @@ -84890,8 +85027,8 @@ rule ELASTIC_Linux_Trojan_Generic_703A0258 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Generic.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Generic.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "b086d0119042fc960fe540c23d0a274dd0fb6f3570607823895c9158d4f75974" logic_hash = "cb37930637b8da91188d199ee20f1b64a0b1f13e966a99e69b983e623dac51de" score = 75 @@ -84919,8 +85056,8 @@ rule ELASTIC_Linux_Trojan_Generic_378765E4 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Generic.yar#L81-L99" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Generic.yar#L81-L99" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "1ed42910e09e88777ae9958439d14176cb77271edf110053e1a29372fce21ec1" logic_hash = "dd10305f553fa94ff83fafa84cff3d544f097b617fca20760eef838902e1f7db" score = 75 @@ -84948,8 +85085,8 @@ rule ELASTIC_Linux_Trojan_Generic_F657Fb4F : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Generic.yar#L101-L119" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Generic.yar#L101-L119" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "1ed42910e09e88777ae9958439d14176cb77271edf110053e1a29372fce21ec1" logic_hash = "af4fa2c21b47f360b425ebbfea624e3728cd682e54e367d265b4f3a6515b0720" score = 75 @@ -84977,8 +85114,8 @@ rule ELASTIC_Linux_Trojan_Generic_Be1757Ef : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Generic.yar#L121-L139" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Generic.yar#L121-L139" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "f3e4e2b5af9d0c72aae83cec57e5c091a95c549f826e8f13559aaf7d300f6e13" logic_hash = "567d33c262e5f812c6a702bcc0a1f0cf576b67bf7cf67bb82b5f9ce9f233aaff" score = 75 @@ -85006,8 +85143,8 @@ rule ELASTIC_Linux_Trojan_Generic_7A95Ef79 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Generic.yar#L141-L159" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Generic.yar#L141-L159" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "f59340a740af8f7f4b96e3ea46d38dbe81f2b776820b6f53b7028119c5db4355" logic_hash = "6da43e4bab6b2024b49dfc943f099fb21c06d8d4a082a05594b07cb55989183c" score = 75 @@ -85035,8 +85172,8 @@ rule ELASTIC_Linux_Trojan_Generic_1C5E42B7 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Generic.yar#L161-L179" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Generic.yar#L161-L179" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "b078a02963610475217682e6e1d6ae0b30935273ed98743e47cc2553fbfd068f" logic_hash = "cd759b87a303fafb9461d0a73b6a6b3f468b1f3db0189ba0e584a629e5d78da1" score = 75 @@ -85064,8 +85201,8 @@ rule ELASTIC_Linux_Trojan_Generic_8Ca4B663 : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Generic.yar#L181-L199" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Generic.yar#L181-L199" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "1ddf479e504867dfa27a2f23809e6255089fa0e2e7dcf31b6ce7d08f8d88947e" logic_hash = "43b8cae2075f55a98b226f865d54e1c96345db0564815d849b3458d3f3ffee7f" score = 75 @@ -85093,8 +85230,8 @@ rule ELASTIC_Linux_Trojan_Generic_D3Fe3Fae : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Generic.yar#L201-L219" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Generic.yar#L201-L219" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "2a2542142adb05bff753e0652e119c1d49232d61c49134f13192425653332dc3" logic_hash = "0b980a0bcf8340410fe2b53d109f629c6e871ebe82af467153d7b50b73fd8644" score = 60 @@ -85122,8 +85259,8 @@ rule ELASTIC_Linux_Trojan_Generic_5E981634 : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Generic.yar#L221-L239" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Generic.yar#L221-L239" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "448e8d71e335cabf5c4e9e8d2d31e6b52f620dbf408d8cc9a6232a81c051441b" logic_hash = "4623c07a15588788ec8a484642a33f2d18127849302d57520a0dac875564f62c" score = 75 @@ -85151,8 +85288,8 @@ rule ELASTIC_Linux_Trojan_Generic_D8953Ca0 : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Generic.yar#L241-L259" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Generic.yar#L241-L259" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "552753661c3cc7b3a4326721789808482a4591cb662bc813ee50d95f101a3501" logic_hash = "cbc1a60a1d9525f7230336dff07f56e6a0b99e7c70c99d3f4363c06ed0071716" score = 75 @@ -85180,8 +85317,8 @@ rule ELASTIC_Linux_Trojan_Generic_181054Af : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Generic.yar#L261-L279" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Generic.yar#L261-L279" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "e677f1eed0dbb4c680549e0bf86d92b0a28a85c6d571417baaba0d0719da5f93" logic_hash = "e92807b603dd33fe7a083985644a213913a77e81c068623fdac7931148207b91" score = 75 @@ -85209,8 +85346,8 @@ rule ELASTIC_Linux_Trojan_Generic_C3D529A2 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Generic.yar#L281-L299" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Generic.yar#L281-L299" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "b46135ae52db6399b680e5c53f891d101228de5cd6c06b6ae115e4a763a5fb22" logic_hash = "a508acd95844a4385943166f715606199048d96be0098bc89f9be7b9db34833e" score = 75 @@ -85238,8 +85375,8 @@ rule ELASTIC_Linux_Trojan_Generic_4675Dffa : FILE MEMORY date = "2023-07-28" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Generic.yar#L301-L320" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Generic.yar#L301-L320" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "43e14c9713b1ca1f3a7f4bcb57dd3959d3a964be5121eb5aba312de41e2fb7a6" logic_hash = "d2865a869d0cf0bf784106fe6242a4c7f58e58a43c4d4ae0241b10569810904d" score = 75 @@ -85268,8 +85405,8 @@ rule ELASTIC_Windows_Trojan_Rudebird_3Cbf7Bc6 : FILE MEMORY date = "2023-05-09" modified = "2023-06-13" reference = "https://www.elastic.co/security-labs/introducing-the-ref5961-intrusion-set" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_RudeBird.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_RudeBird.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "2095c3b6bde779b5661c7796b5e33bb0c43facf791b272a603b786f889a06a95" score = 75 quality = 75 @@ -85296,8 +85433,8 @@ rule ELASTIC_Linux_Hacktool_Wipelog_Daea1Aa4 : FILE MEMORY date = "2022-03-17" modified = "2022-07-22" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Hacktool_Wipelog.yar#L1-L29" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Hacktool_Wipelog.yar#L1-L29" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "39b3a95928326012c3b2f64e2663663adde4b028d940c7e804ac4d3953677ea6" logic_hash = "e2483b7719f4a1e28ec3732120770066333d8db269c9c9711813a8eeb75176d6" score = 75 @@ -85335,8 +85472,8 @@ rule ELASTIC_Windows_Trojan_Lobshot_013C1B0B : FILE MEMORY date = "2023-04-18" modified = "2023-04-23" reference = "https://www.elastic.co/security-labs/elastic-security-labs-discovers-lobshot-malware" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Lobshot.yar#L1-L30" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Lobshot.yar#L1-L30" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "e4ea88887753a936eaf3361dcc00380b88b0c210dcbde24f8f7ce27991856bf6" logic_hash = "e1fb245c3441c9bd393a47a9bed01bf7f62aa3ec36d460584d75e326e7e92ad4" score = 75 @@ -85374,8 +85511,8 @@ rule ELASTIC_Windows_Vulndriver_Gvci_F5A35359 : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_VulnDriver_Gvci.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_VulnDriver_Gvci.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "42f0b036687cbd7717c9efed6991c00d4e3e7b032dc965a2556c02177dfdad0f" logic_hash = "beb0c324358a016e708dae30a222373113a7eab8e3d90dfa1bbde6c2f7874362" score = 75 @@ -85403,8 +85540,8 @@ rule ELASTIC_Windows_Virus_Floxif_493D1897 : FILE MEMORY date = "2023-09-26" modified = "2023-11-02" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Virus_Floxif.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Virus_Floxif.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "e628b7973ee25fdfd8f849fdf5923c6fba48141de802b0b4ce3e9ad2e40fe470" logic_hash = "d3f516966bd4423c49771251075a1ea2f725aec91615f7f44dd098da2a4f3574" score = 75 @@ -85432,8 +85569,8 @@ rule ELASTIC_Windows_Backdoor_Dragoncastling_4Ecf6F9F : FILE MEMORY date = "2022-11-08" modified = "2022-12-20" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Backdoor_DragonCastling.yar#L1-L27" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Backdoor_DragonCastling.yar#L1-L27" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "9776c7ae6ca73f87d7c838257a5bcd946372fbb77ebed42eebdfb633b13cd387" logic_hash = "26ff86354230f1006bd451eab5c1634b91888330d124a06dd2dfa5ab515d6e1a" score = 75 @@ -85469,8 +85606,8 @@ rule ELASTIC_Linux_Virus_Thebe_1Eb5985A : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Virus_Thebe.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Virus_Thebe.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "30af289be070f4e0f8761f04fb44193a037ec1aab9cc029343a1a1f2a8d67670" logic_hash = "7d4bc4b1615048dec1f1fac599afa667e06ccb369bb1242b25887e0ce2a5066a" score = 75 @@ -85498,8 +85635,8 @@ rule ELASTIC_Linux_Trojan_Getshell_98D002Bf : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Getshell.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Getshell.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "97b7650ab083f7ba23417e6d5d9c1d133b9158e2c10427d1f1e50dfe6c0e7541" logic_hash = "358575f55910b060bde94bbc55daa9650a43cf1470b77d1842ddcaa8b299700a" score = 75 @@ -85527,8 +85664,8 @@ rule ELASTIC_Linux_Trojan_Getshell_213D4D69 : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "05fc4dcce9e9e1e627ebf051a190bd1f73bc83d876c78c6b3d86fc97b0dfd8e8" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Getshell.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Getshell.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "2075def88b31ac32e44c270ab20273c8b91f37e25a837c0353f76bcf431cdcb3" score = 75 quality = 75 @@ -85555,8 +85692,8 @@ rule ELASTIC_Linux_Trojan_Getshell_3Cf5480B : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "0e41c0d6286fb7cd3288892286548eaebf67c16f1a50a69924f39127eb73ff38" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Getshell.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Getshell.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "87b0db74e81d4f236b11f51a72fba2e4263c988402292b2182d19293858c6126" score = 75 quality = 75 @@ -85583,8 +85720,8 @@ rule ELASTIC_Linux_Trojan_Getshell_8A79B859 : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "1154ba394176730e51c7c7094ff3274e9f68aaa2ed323040a94e1c6f7fb976a2" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Getshell.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Getshell.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "2aa3914ec4cc04e5daa2da1460410b4f0e5e7a37c5a2eae5a02ff5f55382f1fe" score = 75 quality = 75 @@ -85611,8 +85748,8 @@ rule ELASTIC_Linux_Rootkit_Arkd_Bbd56917 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Rootkit_Arkd.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Rootkit_Arkd.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "e0765f0e90839b551778214c2f9ae567dd44838516a3df2c73396a488227a600" logic_hash = "5e1ce9c37d92222e21b43f9e5f3275a70c6e8eb541c3762f9382c5d5c72fb50d" score = 75 @@ -85640,8 +85777,8 @@ rule ELASTIC_Windows_Trojan_Carberp_D6De82Ae : FILE MEMORY date = "2021-02-07" modified = "2021-08-23" reference = "https://github.com/m0n0ph1/malware-1/blob/master/Carberp%20Botnet/source%20-%20absource/pro/all%20source/hvnc_dll/HVNC%20Lib/vnc/xvnc.h#L342" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Carberp.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Carberp.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "f98fadb6feab71930bd5c08e85153898d686cc96c84fe349c00bf6d482de9b53" logic_hash = "085020755c77b299b2bfd18b34af6c68450c29de67b8ae32ddf2b26299b923ae" score = 75 @@ -85671,8 +85808,8 @@ rule ELASTIC_Windows_Ransomware_Avoslocker_7Ae4D4F2 : FILE MEMORY date = "2021-07-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Avoslocker.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Avoslocker.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "43b7a60c0ef8b4af001f45a0c57410b7374b1d75a6811e0dfc86e4d60f503856" logic_hash = "c87faf6f128fd6a8cabd68ec8de72fb10e6be42bdbe23ece374dd8f3cf0c1b15" score = 75 @@ -85704,8 +85841,8 @@ rule ELASTIC_Linux_Exploit_Abrox_5641Ba81 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_Abrox.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_Abrox.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "8de96c8e61536cae870f4a24127d28b86bd8122428bf13965c596f92182625aa" logic_hash = "29c894720c8d9134623427768ab1ab3d5e66fbeae86dd957f449d00091db9019" score = 75 @@ -85733,8 +85870,8 @@ rule ELASTIC_Windows_Vulndriver_BSMI_65223B8D : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_VulnDriver_BSMI.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_VulnDriver_BSMI.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "59626cac380d8fe0b80a6d4c4406d62ba0683a2f0f68d50ad506ca1b1cf25347" logic_hash = "c4fa65bbd9d374092137b65209f29744caeb8b04fbd364b1acc67b73c45604e8" score = 75 @@ -85764,8 +85901,8 @@ rule ELASTIC_Linux_Trojan_Pnscan_20E34E35 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Pnscan.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Pnscan.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "7dbd5b709f16296ba7dac66dc35b9c3373cf88452396d79d0c92d7502c1b0005" logic_hash = "1e69ef50d25ffd0f38ed0eb81ab3295822aa183c5e06f307caf02826b1dfa011" score = 75 @@ -85793,8 +85930,8 @@ rule ELASTIC_Windows_Trojan_Snakekeylogger_Af3Faa65 : FILE MEMORY date = "2021-04-06" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_SnakeKeylogger.yar#L1-L32" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_SnakeKeylogger.yar#L1-L32" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "54180a642d40b5366f1b400c347c25dc31397d662d6bb8af33c7d2319c97d3fb" score = 75 quality = 73 @@ -85835,8 +85972,8 @@ rule ELASTIC_Linux_Trojan_Ddostf_E4874Cd4 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Ddostf.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Ddostf.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "1015b9aef1f749dfc31eb33528c4a4169035b6d73542e068b617965d3e948ef2" logic_hash = "1523fe8f7bbbc7e42f8c2efe5b28dd381007846a1ba7078a6f1a30aedace884b" score = 75 @@ -85864,8 +86001,8 @@ rule ELASTIC_Linux_Trojan_Ddostf_32C35334 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Ddostf.yar#L21-L38" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Ddostf.yar#L21-L38" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "d62d450d48756c09f8788b27301de889c864e597924a0526a325fa602f91f376" score = 75 quality = 75 @@ -85892,8 +86029,8 @@ rule ELASTIC_Linux_Trojan_Ddostf_6Dc1Caab : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Ddostf.yar#L40-L58" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Ddostf.yar#L40-L58" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "f4587bd45e57d4106ebe502d2eaa1d97fd68613095234038d67490e74c62ba70" logic_hash = "fd70960ed6e06f4d152bbd211fbe491dad596010da12cd53c93b577b551b8053" score = 75 @@ -85921,8 +86058,8 @@ rule ELASTIC_Linux_Trojan_Ddostf_Dc47A873 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Ddostf.yar#L60-L78" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Ddostf.yar#L60-L78" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "1015b9aef1f749dfc31eb33528c4a4169035b6d73542e068b617965d3e948ef2" logic_hash = "2f5bd9e012fd778388074cf29b56c7cd59391840f994835d087b7b661445d316" score = 75 @@ -85950,8 +86087,8 @@ rule ELASTIC_Linux_Trojan_Ddostf_Cb0358A0 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Ddostf.yar#L80-L98" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Ddostf.yar#L80-L98" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "1015b9aef1f749dfc31eb33528c4a4169035b6d73542e068b617965d3e948ef2" logic_hash = "1f152b69bf0b2bfa539fdd42c432e456b9efb3766a450333a987313bb12c1826" score = 75 @@ -85979,8 +86116,8 @@ rule ELASTIC_Windows_Trojan_STRRAT_A3E48Cd2 : MEMORY date = "2024-03-13" modified = "2024-03-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_STRRAT.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_STRRAT.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "97e67ac77d80d26af4897acff2a3f6075e0efe7997a67d8194e799006ed5efc9" logic_hash = "32f79695829f703bf9996d212aeb563791aed28e1bbb9f700cb45325fd02db77" score = 75 @@ -86009,8 +86146,8 @@ rule ELASTIC_Windows_Vulndriver_Atillk_18316Dd9 : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_VulnDriver_Atillk.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_VulnDriver_Atillk.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "ad40e6d0f77c0e579fb87c5106bf6de3d1a9f30ee2fbf8c9c011f377fa05f173" logic_hash = "02d218d0a0ea447e4ad0b03bff50c307ca5f36b8ed268787cd73c88a05aa4214" score = 75 @@ -86040,8 +86177,8 @@ rule ELASTIC_Windows_Hacktool_Sharpdump_7C17D8B1 : FILE MEMORY date = "2022-10-20" modified = "2022-11-24" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Hacktool_SharpDump.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Hacktool_SharpDump.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "14c3ea569a1bd9ac3aced4f8dd58314532dbf974bfa359979e6c7b6a4bbf41ca" logic_hash = "10ca29b097d9f1cef27349751e8f1e584ead1056a636224a80f00823ca878c13" score = 75 @@ -86073,8 +86210,8 @@ rule ELASTIC_Linux_Trojan_Mech_D30Ec0A0 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mech.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mech.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "710d1a0a8c7eecc6d793933c8a97cec66d284b3687efee7655a2dc31d15c0593" logic_hash = "268aeb25d6468412d8123bab5eb2c8bd7704828d0ef3c3d771aa036e374127d7" score = 75 @@ -86102,8 +86239,8 @@ rule ELASTIC_Linux_Exploit_CVE_2022_0847_E831C285 : FILE MEMORY CVE_2022_0847 date = "2022-03-10" modified = "2022-03-14" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_CVE_2022_0847.yar#L1-L27" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_CVE_2022_0847.yar#L1-L27" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "c6b2cef2f2bc04e3ae33e0d368eb39eb5ea38d1bca390df47f7096117c1aecca" logic_hash = "e15daf5de9bf66060e373a6e772669eade543ed56bef6b6924a0ee44e59522e1" score = 75 @@ -86139,8 +86276,8 @@ rule ELASTIC_Linux_Exploit_Openssl_47C6Fad7 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_Openssl.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_Openssl.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "8024af0931dff24b5444f0b06a27366a776014358aa0b7fc073030958f863ef8" logic_hash = "4c60071ecd7b826e692710ae11b09be30e7df5833bcaa8642fea014e12b9abd7" score = 75 @@ -86168,8 +86305,8 @@ rule ELASTIC_Linux_Packer_Patched_UPX_62E11C64 : FILE date = "2021-06-08" modified = "2021-07-28" reference = "https://cujo.com/upx-anti-unpacking-techniques-in-iot-malware/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Packer_Patched_UPX.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Packer_Patched_UPX.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "02f81a1e1edcb9032a1d7256a002b11e1e864b2e9989f5d24ea1c9b507895669" logic_hash = "cb576fdd59c255234a96397460b81cbb2deeb38befaed101749b7bb515624028" score = 75 @@ -86197,8 +86334,8 @@ rule ELASTIC_Windows_Vulndriver_Hpportio_B31E3473 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_VulnDriver_HpPortIo.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_VulnDriver_HpPortIo.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "c5050a2017490fff7aa53c73755982b339ddb0fd7cef2cde32c81bc9834331c5" logic_hash = "e449b45f3cf2836254614bbdc957aa7093162fc1acd672edd931d5f240503963" score = 75 @@ -86228,8 +86365,8 @@ rule ELASTIC_Linux_Rootkit_Dakkatoni_010D3Ac2 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Rootkit_Dakkatoni.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Rootkit_Dakkatoni.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "38b2d033eb5ce87faa4faa7fcac943d9373e432e0d45e741a0c01d714ee9d4d3" logic_hash = "51119321f29aed695e09da22d3234eae96db93e8029d4525d018e56c7131f7b8" score = 75 @@ -86257,8 +86394,8 @@ rule ELASTIC_Windows_Trojan_Tofsee_26124Fe4 : FILE MEMORY date = "2022-03-31" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Tofsee.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Tofsee.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "e658fe6d3bd685f41eb0527432099ee01075bfdb523ef5aa3e5ebd42221c8494" logic_hash = "e765953dec7c7b2a1fbebf92c2fff46453c8258722ad5ca92ba4c7526a8b0c66" score = 75 @@ -86287,8 +86424,8 @@ rule ELASTIC_Windows_Hacktool_Cpulocker_73B41444 : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Hacktool_CpuLocker.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Hacktool_CpuLocker.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "dbfc90fa2c5dc57899cc75ccb9dc7b102cb4556509cdfecde75b36f602d7da66" logic_hash = "8fb33744326781c51bb6bd18d0574602256b813b62ec8344d5338e6442bb2de0" score = 75 @@ -86316,8 +86453,8 @@ rule ELASTIC_Windows_Hacktool_Physmem_Cc0978Df : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Hacktool_PhysMem.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Hacktool_PhysMem.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "c299063e3eae8ddc15839767e83b9808fd43418dc5a1af7e4f44b97ba53fbd3d" logic_hash = "e2fabf5889dbdc98dc6942be4fb0de4351d64a06bab945993b2a2c4afe89984e" score = 75 @@ -86346,8 +86483,8 @@ rule ELASTIC_Windows_Hacktool_Physmem_B3Fa382B : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Hacktool_PhysMem.yar#L22-L40" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Hacktool_PhysMem.yar#L22-L40" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "88df37ede18bea511f1782c1a6c4915690b29591cf2c1bf5f52201fbbb4fa2b9" logic_hash = "36a60b78de15a52721ad4830b37daffc33d7689e8b180fe148876da00562273a" score = 75 @@ -86375,8 +86512,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_D13544D7 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Malxmr.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Malxmr.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "85fa30ba59602199fd99463acf50bd607e755c2e18cd8843ffcfb6b1aca24bb3" logic_hash = "fcb2fc7a84fbcd23f9a9d9fd2750c45ff881689670a373fce0cc444183d11999" score = 75 @@ -86404,8 +86541,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_Ad09E090 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Malxmr.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Malxmr.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "cdd3d567fbcbdd6799afad241ae29acbe4ab549445e5c4fc0678d16e75b40dfa" logic_hash = "6c2d548ba9f01444e8fe4b0aa8a0556970acac06d39bb7c87446b6b91ab0d129" score = 75 @@ -86433,8 +86570,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_12299814 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Malxmr.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Malxmr.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "eb3802496bd2fef72bd2a07e32ea753f69f1c2cc0b5a605e480f3bbb80b22676" logic_hash = "52e8bcd0512cedf0fa048b6990a5d331f4302d99b00681c83a76587415894b1e" score = 75 @@ -86462,8 +86599,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_A47B77E4 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Malxmr.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Malxmr.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "995b43ccb20343494e314824343a567fd85f430e241fdeb43704d9d4937d76cc" logic_hash = "bd2b14c8b8e2649af837224fadb32bf0fb67ac403189063a8cb10ad344fb8015" score = 75 @@ -86491,8 +86628,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_21D0550B : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Malxmr.yar#L81-L99" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Malxmr.yar#L81-L99" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "07db41a4ddaac802b04df5e5bbae0881fead30cb8f6fa53a8a2e1edf14f2d36b" logic_hash = "c9a12eee281b1e944b5572142c5e18ff087989f45026a94268df22d483210178" score = 75 @@ -86520,8 +86657,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_C8Adb449 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Malxmr.yar#L101-L119" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Malxmr.yar#L101-L119" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "00ec7a6e9611b5c0e26c148ae5ebfedc57cf52b21e93c2fe3eac85bf88edc7ea" logic_hash = "9c43602dc752dd737a983874bee5ec6af145ce5fdd45d03864a1afdc2aec3ad4" score = 75 @@ -86549,8 +86686,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_Bcab1E8F : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Malxmr.yar#L121-L139" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Malxmr.yar#L121-L139" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "19df7fd22051abe3f782432398ea30f8be88cf42ef14bc301b1676f35b37cd7e" logic_hash = "72643b2860f40c7e901c671d7cc9992870b91912df5d75d2ffba0dfb8684f8d3" score = 75 @@ -86578,8 +86715,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_6671F33A : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Malxmr.yar#L141-L159" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Malxmr.yar#L141-L159" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "85fa30ba59602199fd99463acf50bd607e755c2e18cd8843ffcfb6b1aca24bb3" logic_hash = "a15c842c7c7ec3b11183a1502f8ec03ea786e3f0d47fbab58c62ffff7b018030" score = 75 @@ -86607,8 +86744,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_74418Ec5 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Malxmr.yar#L161-L179" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Malxmr.yar#L161-L179" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "d79ad967ac9fc0b1b6d54e844de60d7ba3eaad673ee69d30f9f804e5ccbf2880" logic_hash = "e74463f53611baaec7c8e126218d8353c6e3a5e71c20e98a7035df6b771b690b" score = 75 @@ -86636,8 +86773,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_979160F6 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Malxmr.yar#L181-L198" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Malxmr.yar#L181-L198" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "e70097fb263c90576e87e76cc7be391dbf9c9d73bbd7fb8e5ec282e6ac1f648d" score = 75 quality = 75 @@ -86664,8 +86801,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_Fe7139E5 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Malxmr.yar#L200-L218" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Malxmr.yar#L200-L218" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "8b13dc59db58b6c4cd51abf9c1d6f350fa2cb0dbb44b387d3e171eacc82a04de" logic_hash = "d1ef74f2a74950845091b2ebc2f7fd05980bcbd2aea4fdd9549c54cec1768501" score = 75 @@ -86693,8 +86830,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_F35A670C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Malxmr.yar#L220-L238" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Malxmr.yar#L220-L238" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "a73808211ba00b92f8d0027831b3aa74db15f068c53dd7f20fcadb294224f480" logic_hash = "95a8aeffb7193c3f4adfea5b7f0741a53528620c57cbdb4d471d756db03c6493" score = 75 @@ -86722,8 +86859,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_70E5946E : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Malxmr.yar#L240-L258" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Malxmr.yar#L240-L258" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "2c2729395805fc9d3c1e654c9a065bbafc4f28d8ab235afaae8d2c484060596b" logic_hash = "324deafee2b14c125100e49b90ea95bc1fc55020a7e81a69c7730a57430560f4" score = 75 @@ -86751,8 +86888,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_033F06Dd : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Malxmr.yar#L260-L278" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Malxmr.yar#L260-L278" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "3afc8d2d85aca61108d21f82355ad813eba7a189e81dde263d318988c5ea50bd" logic_hash = "a0c788dbcd43cab2af1614d5d90ed9e07a45b547241f729e09709d2a1ec24e60" score = 75 @@ -86780,8 +86917,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_Ce0C185F : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Malxmr.yar#L280-L298" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Malxmr.yar#L280-L298" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "cdd3d567fbcbdd6799afad241ae29acbe4ab549445e5c4fc0678d16e75b40dfa" logic_hash = "f88c5a295cc62f5a91e26731fc60aaf450376cbb282f43304ba2a5ac5d149dd4" score = 75 @@ -86809,8 +86946,8 @@ rule ELASTIC_Linux_Cryptominer_Malxmr_Da08E491 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Malxmr.yar#L300-L318" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Malxmr.yar#L300-L318" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "4638d9ece32cd1385121146378772d487666548066aecd7e40c3ba5231f54cc0" logic_hash = "f98252c33f8d76981bbc51de87a11a7edca7292a864fc2a305d29cd21961729e" score = 75 @@ -86838,8 +86975,8 @@ rule ELASTIC_Windows_Trojan_Revcoderat_8E6D4182 : FILE MEMORY date = "2021-09-02" modified = "2022-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Revcoderat.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Revcoderat.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "77732e74850050bb6f935945e510d32a0499d820fa1197752df8bd01c66e8210" logic_hash = "35626d752b291e343350534aece35f1d875068c2c050d12312a60e67753c71e1" score = 75 @@ -86870,8 +87007,8 @@ rule ELASTIC_Windows_Trojan_Warmcookie_7D32Fa90 : FILE MEMORY date = "2024-04-29" modified = "2024-05-08" reference = "https://www.elastic.co/security-labs/dipping-into-danger" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_WarmCookie.yar#L1-L32" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_WarmCookie.yar#L1-L32" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "ccde1ded028948f5cd3277d2d4af6b22fa33f53abde84ea2aa01f1872fad1d13" logic_hash = "ed3be6e5c6127ef87f9ef6fe35b17815b96706e8e73a393ee9b0a8e3b0cd8f66" score = 75 @@ -86911,8 +87048,8 @@ rule ELASTIC_Windows_Hacktool_Dcsyncer_425579C5 : FILE MEMORY date = "2021-09-15" modified = "2022-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Hacktool_Dcsyncer.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Hacktool_Dcsyncer.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "af7dbc84efeb186006d75d095f54a266f59e6b2348d0c20591da16ae7b7d509a" logic_hash = "b0330adf1d4420ddf1f302974d2e4179f52ab1c8dc2f294ddf52286d714e0463" score = 75 @@ -86944,8 +87081,8 @@ rule ELASTIC_Windows_Vulndriver_Asrock_986D2D3C : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_VulnDriver_Asrock.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_VulnDriver_Asrock.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "3943a796cc7c5352aa57ccf544295bfd6fb69aae147bc8235a00202dc6ed6838" logic_hash = "d767a1ecdff557753f80ac9d73f02364dd035f7a287d0f260316f807364af2d5" score = 75 @@ -86973,8 +87110,8 @@ rule ELASTIC_Windows_Vulndriver_Asrock_Cdf192F9 : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_VulnDriver_Asrock.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_VulnDriver_Asrock.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "2003b478b9fd1b3d76ec5bf4172c2e8915babbbee7ad1783794acbf8d4c2519d" logic_hash = "2f844b6d3fa19fd39097395175162578ad71d78c61dad104efd320cd8285fa6b" score = 75 @@ -87002,8 +87139,8 @@ rule ELASTIC_Windows_Vulndriver_Asrock_0Eca57Dc : FILE date = "2023-07-20" modified = "2023-07-20" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_VulnDriver_Asrock.yar#L41-L62" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_VulnDriver_Asrock.yar#L41-L62" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "9d9346e6f46f831e263385a9bd32428e01919cca26a035bbb8e9cb00bf410bc3" hash = "a0728184caead84f2e88777d833765f2d8af6a20aad77b426e07e76ef91f5c3f" logic_hash = "82a0cba571dc58ed8d3fd87d3650ec0c1016e6c8e972547f6120ba91c8febce1" @@ -87034,8 +87171,8 @@ rule ELASTIC_Windows_Trojan_Dcrat_1Aeea1Ac : FILE MEMORY date = "2022-01-15" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_DCRat.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_DCRat.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "6163e04a40ed52d5e94662131511c3ae08d473719c364e0f7de60dff7fa92cf7" score = 75 quality = 75 @@ -87068,8 +87205,8 @@ rule ELASTIC_Windows_Trojan_Fabookie_024F8759 : FILE MEMORY date = "2023-06-22" modified = "2023-07-10" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Fabookie.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Fabookie.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "6c6345c6f0a5beadc4616170c87ec8a577de185d53345581e1b00e72af24c13e" logic_hash = "9477406b718c6489161cf4636be66c4f72df923b9c5a7ee4069ef6a9552de485" score = 75 @@ -87098,8 +87235,8 @@ rule ELASTIC_Windows_Trojan_Zloader_5Dd0A0Bf : FILE MEMORY date = "2022-03-03" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Zloader.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Zloader.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "161e657587361b29cdb883a6836566a946d9d3e5175e166a9fe54981d0c667fa" logic_hash = "1446a4147e1b06fa66907de857011079c55a8e6bf84276eb8518d33468ba1f83" score = 75 @@ -87127,8 +87264,8 @@ rule ELASTIC_Windows_Trojan_Zloader_4Fe0F7F1 : FILE MEMORY date = "2022-03-03" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Zloader.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Zloader.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "161e657587361b29cdb883a6836566a946d9d3e5175e166a9fe54981d0c667fa" logic_hash = "b20fafc9db08c7668b49e18f45632594c3a69ec65fe865e79379c544fc424f8d" score = 75 @@ -87156,8 +87293,8 @@ rule ELASTIC_Windows_Trojan_Zloader_363C65Ed : FILE MEMORY date = "2022-03-03" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Zloader.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Zloader.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "161e657587361b29cdb883a6836566a946d9d3e5175e166a9fe54981d0c667fa" logic_hash = "d3c530f9929db709067a9e1cc59b9cda9dcd8e19352c79ddaf7af6c91b242afd" score = 75 @@ -87185,8 +87322,8 @@ rule ELASTIC_Windows_Trojan_Zloader_79535191 : FILE MEMORY date = "2022-03-03" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Zloader.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Zloader.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "161e657587361b29cdb883a6836566a946d9d3e5175e166a9fe54981d0c667fa" logic_hash = "c398a8ca46c6fe3e59481a092867be77a94809b1568cea918aa6450374063857" score = 75 @@ -87214,8 +87351,8 @@ rule ELASTIC_Windows_Vulndriver_Zam_928812A7 : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_VulnDriver_Zam.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_VulnDriver_Zam.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "543991ca8d1c65113dff039b85ae3f9a87f503daec30f46929fd454bc57e5a91" logic_hash = "82ca874d60d8a0ee04aca39f59415f22797e7e0337314c88dd8ebad1a823d200" score = 75 @@ -87244,8 +87381,8 @@ rule ELASTIC_Windows_Ransomware_Whispergate_C80F3B4B : FILE MEMORY date = "2022-01-17" modified = "2022-01-17" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_WhisperGate.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_WhisperGate.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "a196c6b8ffcb97ffb276d04f354696e2391311db3841ae16c8c9f56f36a38e92" logic_hash = "04452141a867d4f6fce618c21795cc142a1265b56c62ecb9e579003d36b4b2b9" score = 75 @@ -87274,8 +87411,8 @@ rule ELASTIC_Windows_Ransomware_Whispergate_3476008E : FILE MEMORY date = "2022-01-18" modified = "2022-01-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_WhisperGate.yar#L22-L43" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_WhisperGate.yar#L22-L43" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "9ef7dbd3da51332a78eff19146d21c82957821e464e8133e9594a07d716d892d" logic_hash = "729818df1b6b82fc00eba0fe1c9139ec4746e1775146ab7fdea9e25dec1cddea" score = 75 @@ -87306,8 +87443,8 @@ rule ELASTIC_Linux_Hacktool_Earthworm_4De7B584 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Hacktool_Earthworm.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Hacktool_Earthworm.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "9d61aabcf935121b4f7fc6b0d082d7d6c31cb43bf253a8603dd46435e66b7955" logic_hash = "019b2504df192e673f96a86464bb5e8ba5e89190e51bfe7d702753f76c00b979" score = 75 @@ -87335,8 +87472,8 @@ rule ELASTIC_Linux_Hacktool_Earthworm_E3Da43E2 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Hacktool_Earthworm.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Hacktool_Earthworm.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "da0cffc4222d11825778fe4fa985fef2945caa0cc3b4de26af0a06509ebafb21" logic_hash = "b129b7060b6af4ff2aae2678a455b969579132891fba44e4fdc2481a5437bdf9" score = 60 @@ -87364,8 +87501,8 @@ rule ELASTIC_Linux_Hacktool_Earthworm_82D5C4Cf : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Hacktool_Earthworm.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Hacktool_Earthworm.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "dc412d4f2b0e9ca92063a47adfb0657507d3f2a54a415619db5a7ccb59afb204" logic_hash = "81f35293bd3dd0cfbbf67f036773e16625bb74e06320fa1fff5bc428ef2f3a43" score = 60 @@ -87393,8 +87530,8 @@ rule ELASTIC_Linux_Hacktool_Earthworm_4Ec2Ec63 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Hacktool_Earthworm.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Hacktool_Earthworm.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "dc412d4f2b0e9ca92063a47adfb0657507d3f2a54a415619db5a7ccb59afb204" logic_hash = "25f616c5440a48aef0f824cb6859e88787db4f42c1ec904a3d3bd72f3a64116e" score = 75 @@ -87422,8 +87559,8 @@ rule ELASTIC_Linux_Trojan_Ngioweb_8Bd3002C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Ngioweb.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Ngioweb.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "5480bc02aeebd3062e6d19e50a5540536ce140d950327cce937ff7e71ebd15e2" logic_hash = "578fd1c3e6091df9550b3c2caf999d7a0432f037b0cc4b15642531e7fdffd7b7" score = 75 @@ -87451,8 +87588,8 @@ rule ELASTIC_Linux_Trojan_Ngioweb_A592A280 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Ngioweb.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Ngioweb.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "5480bc02aeebd3062e6d19e50a5540536ce140d950327cce937ff7e71ebd15e2" logic_hash = "b16cf5b527782680cc1da6f61dd537596792fed615993b19965ef2dbde701e64" score = 75 @@ -87480,8 +87617,8 @@ rule ELASTIC_Linux_Trojan_Ngioweb_D57Aa841 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Ngioweb.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Ngioweb.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "555d60bd863caff231700c5f606d0034d5aa8362862d1fd0c816615d59f582f7" logic_hash = "b0db72ad81d27f5b2ac2d2bb903ff10849c304d40619fd95a39e7d48c64c45ba" score = 75 @@ -87509,8 +87646,8 @@ rule ELASTIC_Linux_Trojan_Ngioweb_B97E0253 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Ngioweb.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Ngioweb.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "5480bc02aeebd3062e6d19e50a5540536ce140d950327cce937ff7e71ebd15e2" logic_hash = "dc11d50166a4d1b400c0df81295054192d42822dd3e065e374a92a31727d4dbd" score = 75 @@ -87538,8 +87675,8 @@ rule ELASTIC_Linux_Trojan_Ngioweb_66C465A0 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Ngioweb.yar#L81-L99" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Ngioweb.yar#L81-L99" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "7454ee074812d7fa49044de8190e17b5034b3f08625f547d1b04aae4054fd81a" logic_hash = "71f224e3ee1ff29787258a61f29a37a9ddc51e9cb5df0693ea52fd4b6f0b5ad8" score = 75 @@ -87567,8 +87704,8 @@ rule ELASTIC_Linux_Trojan_Ngioweb_D8573802 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Ngioweb.yar#L101-L119" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Ngioweb.yar#L101-L119" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "7454ee074812d7fa49044de8190e17b5034b3f08625f547d1b04aae4054fd81a" logic_hash = "b51ab7a7c26e889a4e8efc2b9883f709c17d82032b0c28ab3e30229d6f296367" score = 75 @@ -87596,8 +87733,8 @@ rule ELASTIC_Linux_Trojan_Ngioweb_7926Bc8E : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Ngioweb.yar#L121-L139" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Ngioweb.yar#L121-L139" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "555d60bd863caff231700c5f606d0034d5aa8362862d1fd0c816615d59f582f7" logic_hash = "ac42dd714696825d64402861e96122cce7cd09ae8d9c43a19dd9cf95d7b09610" score = 75 @@ -87625,8 +87762,8 @@ rule ELASTIC_Linux_Trojan_Ngioweb_E2377400 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Ngioweb.yar#L141-L159" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Ngioweb.yar#L141-L159" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "b88daf00a0e890b6750e691856b0fe7428d90d417d9503f62a917053e340228b" logic_hash = "71276698d1bdb9bc494fe6f1aa9755940583331836abc490e0b5ac3454d35de6" score = 75 @@ -87654,8 +87791,8 @@ rule ELASTIC_Linux_Trojan_Ngioweb_994F1E97 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Ngioweb.yar#L161-L178" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Ngioweb.yar#L161-L178" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "2384e787877b622445d7d14053a8340d2e97d3ab103a3fabfa08a40068726ad0" score = 75 quality = 75 @@ -87682,8 +87819,8 @@ rule ELASTIC_Macos_Hacktool_Jokerspy_58A6B26D : FILE MEMORY date = "2023-06-19" modified = "2023-06-19" reference = "https://www.elastic.co/security-labs/inital-research-of-jokerspy" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Macos_Hacktool_JokerSpy.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Macos_Hacktool_JokerSpy.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "d895075057e491b34b0f8c0392b44e43ade425d19eaaacea6ef8c5c9bd3487d8" logic_hash = "e9e1333c7172d5a0f06093a902edefd7f128963dbaadf77e829f032ccb04ce56" score = 75 @@ -87716,8 +87853,8 @@ rule ELASTIC_Windows_Trojan_Fickerstealer_Cc02E75E : FILE MEMORY date = "2021-07-22" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Fickerstealer.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Fickerstealer.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "a4113ccb55e06e783b6cb213647614f039aa7dbb454baa338459ccf37897ebd6" logic_hash = "ccfd7edf7625c13eea5b88fa29f9b8d3d873688f328f3e52c0500ac722c84511" score = 75 @@ -87746,8 +87883,8 @@ rule ELASTIC_Windows_Trojan_Fickerstealer_F2159Bec : FILE MEMORY date = "2021-07-22" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Fickerstealer.yar#L22-L40" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Fickerstealer.yar#L22-L40" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "a4113ccb55e06e783b6cb213647614f039aa7dbb454baa338459ccf37897ebd6" logic_hash = "d36cb90b526a291858291d615272baa78881309c83376f4d4cce1768c740ddbc" score = 75 @@ -87775,8 +87912,8 @@ rule ELASTIC_Linux_Exploit_Race_758A0884 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_Race.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_Race.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "a4966baaa34b05cb782071ef114a53cac164e6dece275c862fe96a2cff4a6f06" logic_hash = "ccba0e2ddefd53939cda6b4985def2d487ac5916cbad7374ac3143f02b9f7ff5" score = 75 @@ -87804,8 +87941,8 @@ rule ELASTIC_Windows_Trojan_Guloader_8F10Fa66 : FILE MEMORY date = "2021-08-17" modified = "2021-10-04" reference = "https://www.elastic.co/security-labs/getting-gooey-with-guloader-downloader" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Guloader.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Guloader.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "a3e2d5013b80cd2346e37460753eca4a4fec3a7941586cc26e049a463277562e" logic_hash = "f2cd08f6a32c075dc0294a0e26c51e686babc54ced4faa1873368c8821f0bfef" score = 75 @@ -87837,8 +87974,8 @@ rule ELASTIC_Windows_Trojan_Guloader_C4D9Dd33 : FILE MEMORY date = "2021-08-17" modified = "2021-10-04" reference = "https://www.elastic.co/security-labs/getting-gooey-with-guloader-downloader" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Guloader.yar#L26-L45" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Guloader.yar#L26-L45" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "a3e2d5013b80cd2346e37460753eca4a4fec3a7941586cc26e049a463277562e" logic_hash = "623ea751fc32648720bda40598024d4d5b6a9a11b3cce3c9427310ba17745643" score = 75 @@ -87866,8 +88003,8 @@ rule ELASTIC_Windows_Trojan_Guloader_2F1E44C8 : FILE MEMORY date = "2023-10-30" modified = "2023-11-02" reference = "https://www.elastic.co/security-labs/getting-gooey-with-guloader-downloader" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Guloader.yar#L47-L70" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Guloader.yar#L47-L70" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "6ae7089aa6beaa09b1c3aa3ecf28a884d8ca84f780aab39902223721493b1f99" logic_hash = "434b33c3fdc6bf4b0f59cd4aba66327d0b7ab524be603b256494d46b609cecd5" score = 75 @@ -87899,8 +88036,8 @@ rule ELASTIC_Multi_EICAR_Ac8F42D6 : FILE MEMORY date = "2021-01-21" modified = "2022-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Multi_EICAR.yar#L1-L18" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Multi_EICAR.yar#L1-L18" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "05c92058aab1229dfa31e006276c2c83fa484e813bdfe66edf387763797d9d57" score = 75 quality = 25 @@ -87927,8 +88064,8 @@ rule ELASTIC_Windows_Trojan_Jesterstealer_B35C6F4B : FILE MEMORY date = "2022-02-28" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_JesterStealer.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_JesterStealer.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "10c3846867f70dd26c5a54332ed22070c9e5e0e4f52f05fdae12ead801f7933b" logic_hash = "acc49348267e963af9ff6ba7afa053d4056d4068b4386a872e33e025790ba759" score = 75 @@ -87962,8 +88099,8 @@ rule ELASTIC_Windows_Trojan_Jesterstealer_8F657F58 : FILE MEMORY date = "2022-02-28" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_JesterStealer.yar#L27-L45" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_JesterStealer.yar#L27-L45" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "10c3846867f70dd26c5a54332ed22070c9e5e0e4f52f05fdae12ead801f7933b" logic_hash = "20a0d8be9c25d50d4dddd455ecb9739f772f57e988855c7fc2df597b2f67585b" score = 75 @@ -87991,8 +88128,8 @@ rule ELASTIC_Windows_Trojan_Njrat_30F3C220 : FILE MEMORY date = "2021-06-13" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Njrat.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Njrat.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b" logic_hash = "76347165829415646f943bb984cd17ca138cf238d03f114c498dbcec081d5ae3" score = 75 @@ -88025,8 +88162,8 @@ rule ELASTIC_Windows_Trojan_Njrat_Eb2698D2 : FILE MEMORY date = "2023-05-04" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Njrat.yar#L26-L44" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Njrat.yar#L26-L44" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "d537397bc41f0a1cb964fa7be6658add5fe58d929ac91500fc7770c116d49608" logic_hash = "c32a641f2d639f56a8137b3e0d0be3261fba30084eeba9d1205974713413af9f" score = 75 @@ -88054,8 +88191,8 @@ rule ELASTIC_Linux_Trojan_Bish_974B4B47 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Bish.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Bish.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "9171fd2bbe182f0a3cd35937f3ee0076c9358f52f5bc047498dd9e233ae11757" logic_hash = "c5a7d036c89fe50626da51486d19ee731ad28cbc8d36def075d8f33a7b68961f" score = 75 @@ -88083,8 +88220,8 @@ rule ELASTIC_Windows_Virus_Expiro_84E99Ff0 : FILE MEMORY date = "2023-09-26" modified = "2023-11-02" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Virus_Expiro.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Virus_Expiro.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "47107836ead700bddbe9e8a0c016b5b1443c785442b2addbb50a70445779bad7" logic_hash = "ce4847bf5850c1f30dca9603bfbbfbb69339285f096ac469c6d2d4b04f5562b4" score = 75 @@ -88113,8 +88250,8 @@ rule ELASTIC_Windows_Trojan_Siestagraph_8C36Ddc1 : FILE MEMORY date = "2022-12-14" modified = "2022-12-15" reference = "https://www.elastic.co/security-labs/siestagraph-new-implant-uncovered-in-asean-member-foreign-ministry" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_SiestaGraph.yar#L1-L28" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_SiestaGraph.yar#L1-L28" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "50c2f1bb99d742d8ae0ad7c049362b0e62d2d219b610dcf25ba50c303ccfef54" logic_hash = "17ce8090b88100f00c07df0599cd51dc7682f4c43de989ce58621df97eca42fb" score = 75 @@ -88150,8 +88287,8 @@ rule ELASTIC_Windows_Trojan_Siestagraph_Ad3Fe5C6 : FILE MEMORY date = "2023-09-12" modified = "2023-09-20" reference = "https://www.elastic.co/security-labs/siestagraph-new-implant-uncovered-in-asean-member-foreign-ministry" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_SiestaGraph.yar#L30-L56" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_SiestaGraph.yar#L30-L56" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "fe8f99445ad139160a47b109a8f3291eef9c6a23b4869c48d341380d608ed4cb" logic_hash = "b625221b77803c2c052db09c90a76666cf9e0ae34cb0d59ae303e890e646e94b" score = 75 @@ -88186,8 +88323,8 @@ rule ELASTIC_Windows_Trojan_Siestagraph_D801Ce71 : FILE MEMORY date = "2023-09-12" modified = "2023-09-20" reference = "https://www.elastic.co/security-labs/siestagraph-new-implant-uncovered-in-asean-member-foreign-ministry" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_SiestaGraph.yar#L58-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_SiestaGraph.yar#L58-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "fe8f99445ad139160a47b109a8f3291eef9c6a23b4869c48d341380d608ed4cb" logic_hash = "c2d00d64d69cb5d24d76f6c551b49aa1acef1e1bab96f7ed7facc148244a8370" score = 75 @@ -88217,8 +88354,8 @@ rule ELASTIC_Multi_Trojan_Merlin_32643F4C : FILE MEMORY date = "2024-03-01" modified = "2024-05-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Multi_Trojan_Merlin.yar#L1-L28" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Multi_Trojan_Merlin.yar#L1-L28" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "84b988c4656677bc021e23df2a81258212d9ceba13be204867ac1d9d706404e2" logic_hash = "7de2deec0e2c7fd3ce2b42762f88bfe87cb4ffb02b697953aa1716425d6f1612" score = 75 @@ -88255,8 +88392,8 @@ rule ELASTIC_Windows_Trojan_Zeus_E51C60D7 : FILE MEMORY date = "2021-02-07" modified = "2021-10-04" reference = "https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Zeus.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Zeus.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3" logic_hash = "cde738f95dbad1fbad59e20528b2f577e5e3ee5fcb37c68a45d53c689d2af525" score = 75 @@ -88289,8 +88426,8 @@ rule ELASTIC_Windows_Vulndriver_Powerprofiler_2Eedff78 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_VulnDriver_PowerProfiler.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_VulnDriver_PowerProfiler.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "0af5ccb3d33a9ba92071c9637be6254030d61998733a5eb3583e865e17844e05" logic_hash = "c4a7ae2ffdf70984cea5b543af93b202c78b6108da1e442186d24071b44d6259" score = 75 @@ -88320,8 +88457,8 @@ rule ELASTIC_Windows_Trojan_Pikabot_8C6750B5 : FILE MEMORY date = "2023-06-05" modified = "2023-06-19" reference = "https://www.elastic.co/security-labs/pikabot-i-choose-you" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_PikaBot.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_PikaBot.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "59f42ecde152f78731e54ea27e761bba748c9309a6ad1c2fd17f0e8b90f8aed1" logic_hash = "03e36f927513625d1dd997c79843b1b14e344e8411155740213d7aff9794c5c6" score = 75 @@ -88354,8 +88491,8 @@ rule ELASTIC_Windows_Trojan_Pikabot_5B220E9C : FILE MEMORY date = "2024-02-06" modified = "2024-02-08" reference = "https://www.elastic.co/security-labs/pikabot-i-choose-you" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_PikaBot.yar#L27-L52" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_PikaBot.yar#L27-L52" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "d836b06b0118e6d258e318b1cfdc509cacc0859c6a6b3d7c5f4d2525e00d97b2" logic_hash = "1d2158716b7c32734f12f8528352a3872e21fea2f9b21a36d6ac44fcd50a9f3c" score = 75 @@ -88389,8 +88526,8 @@ rule ELASTIC_Windows_Trojan_Pikabot_5441F511 : FILE MEMORY date = "2024-02-15" modified = "2024-02-21" reference = "https://www.elastic.co/security-labs/pikabot-i-choose-you" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_PikaBot.yar#L54-L78" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_PikaBot.yar#L54-L78" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "fa44408874c6a007212dfc206cbecbac7a3e50df94da4ce02de2e04e9119c79f" score = 75 quality = 75 @@ -88423,8 +88560,8 @@ rule ELASTIC_Windows_Trojan_Pikabot_95Db8B5A : FILE MEMORY date = "2024-02-15" modified = "2024-02-21" reference = "https://www.elastic.co/security-labs/pikabot-i-choose-you" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_PikaBot.yar#L80-L103" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_PikaBot.yar#L80-L103" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "74073ceae1b26b953b7644d56a2ec92993b83802a30ce82c6921df5448ebab06" score = 75 quality = 75 @@ -88456,8 +88593,8 @@ rule ELASTIC_Macos_Creddump_Keychainaccess_535C1511 : FILE MEMORY date = "2023-04-11" modified = "2024-01-30" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/MacOS_Creddump_KeychainAccess.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/MacOS_Creddump_KeychainAccess.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "5234dcab6c9ca994c3d40243d882bd50e51fd77bba107e37ef494a04f6bf6112" score = 75 quality = 49 @@ -88491,8 +88628,8 @@ rule ELASTIC_Windows_Exploit_Log4J_Dbac7698 : FILE MEMORY date = "2021-12-13" modified = "2022-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Exploit_Log4j.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Exploit_Log4j.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "b09d8dd9c422e7eb8aa23f8b1204d31fd290252925099300d6d19d73e562ca5e" score = 75 quality = 75 @@ -88525,8 +88662,8 @@ rule ELASTIC_Windows_Vulndriver_Gdrv_5368078B : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_VulnDriver_GDrv.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_VulnDriver_GDrv.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "31f4cfb4c71da44120752721103a16512444c13c2ac2d857a7e6f13cb679b427" logic_hash = "f4d43ac4a4b6d879ffb5ba637b38ec75c8b57f531db644015c1a71c2cdea45d5" score = 75 @@ -88556,8 +88693,8 @@ rule ELASTIC_Windows_Ransomware_Lockbit_89E64044 : FILE MEMORY date = "2021-08-06" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Lockbit.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Lockbit.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "0d6524b9a1d709ecd9f19f75fa78d94096e039b3d4592d13e8dbddf99867182d" logic_hash = "bd504b078704b9f307a50c8556c143eee061015a9727670137aadc47ae93e2a6" score = 75 @@ -88587,8 +88724,8 @@ rule ELASTIC_Windows_Ransomware_Lockbit_A1C60939 : FILE MEMORY date = "2021-08-06" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Lockbit.yar#L23-L41" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Lockbit.yar#L23-L41" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "0d6524b9a1d709ecd9f19f75fa78d94096e039b3d4592d13e8dbddf99867182d" logic_hash = "6e6d88251e93f69788ad22fc915133f3ba0267984d6a5004d5ca44dcd9f5f052" score = 75 @@ -88616,8 +88753,8 @@ rule ELASTIC_Windows_Ransomware_Lockbit_369E1E94 : FILE MEMORY date = "2022-07-05" modified = "2022-07-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Lockbit.yar#L43-L67" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Lockbit.yar#L43-L67" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee" logic_hash = "c34dafc024d85902b85fc3424573abb8781d6fab58edd86c255266db3635ce98" score = 75 @@ -88651,8 +88788,8 @@ rule ELASTIC_Linux_Trojan_Rotajakiro_Fb24F399 : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "023a7f9ed082d9dd7be6eba5942bfa77f8e618c2d15a8bc384d85223c5b91a0c" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Rotajakiro.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Rotajakiro.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "be33fdda50ef0ea1a0cf45835cc2b7a805cecb3fff371ed6d93e01c2d477d867" score = 75 quality = 75 @@ -88679,8 +88816,8 @@ rule ELASTIC_Windows_Trojan_Havoc_77F3D40E : FILE MEMORY date = "2022-10-20" modified = "2022-11-24" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Havoc.yar#L1-L35" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Havoc.yar#L1-L35" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "3427dac129b760a03f2c40590c01065c9bf2340d2dfa4a4a7cf4830a02e95879" logic_hash = "3d2733ed24d90e9e851ec36a08c497e9c90b47c3dcbb8755e3f6b6a6bd3a8b54" score = 75 @@ -88724,8 +88861,8 @@ rule ELASTIC_Windows_Trojan_Havoc_9C7Bb863 : FILE MEMORY date = "2023-04-28" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Havoc.yar#L37-L56" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Havoc.yar#L37-L56" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "261b92d9e8dcb9d0abf1627b791831ec89779f2b7973b1926c6ec9691288dd57" logic_hash = "c1245c38c54b0a72fb335680d9ea191390e4e2fe7e47a3ed776878c5e01a3e16" score = 75 @@ -88754,8 +88891,8 @@ rule ELASTIC_Windows_Trojan_Havoc_88053562 : FILE MEMORY date = "2024-01-04" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Havoc.yar#L58-L76" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Havoc.yar#L58-L76" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "2f0b59f8220edd0d34fba92905faf0b51aead95d53be8b5f022eed7e21bdb4af" logic_hash = "f79b39cc2ca4bbf6ad4b6585a9914a75797110d6fb68bcb7141c5c3d0429c412" score = 75 @@ -88783,8 +88920,8 @@ rule ELASTIC_Windows_Trojan_Havoc_Ffecc8Af : FILE MEMORY date = "2024-04-29" modified = "2024-05-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Havoc.yar#L78-L107" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Havoc.yar#L78-L107" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "495d323651c252e38814b77b9c6c913b9489e769252ac8bbaf8432f15e0efe44" logic_hash = "c9da6215db1de91a6cd52dd6558dc5a60bbd69abc6fa0db8714f001cdae20ddb" score = 75 @@ -88823,8 +88960,8 @@ rule ELASTIC_Macos_Hacktool_Swiftbelt_Bc62Ede6 : FILE MEMORY date = "2021-10-12" modified = "2021-10-25" reference = "https://www.elastic.co/security-labs/inital-research-of-jokerspy" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/MacOS_Hacktool_Swiftbelt.yar#L1-L44" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/MacOS_Hacktool_Swiftbelt.yar#L1-L44" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "452c832a17436f61ad5f32ee1c97db05575160105ed1dcd0d3c6db9fb5a9aea1" logic_hash = "51481baa6ddb09cf8463d989637319cb26b23fef625cc1a44c96d438c77362ca" score = 75 @@ -88876,8 +89013,8 @@ rule ELASTIC_Linux_Ransomware_Noescape_6De58E0C : FILE MEMORY date = "2023-07-27" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Ransomware_NoEscape.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Ransomware_NoEscape.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "46f1a4c77896f38a387f785b2af535f8c29d40a105b63a259d295cb14d36a561" logic_hash = "c275d0cfdadcaabe57c432956e96b4bb344d947899fa5ad55b872e02b4d44274" score = 75 @@ -88907,8 +89044,8 @@ rule ELASTIC_Windows_Exploit_Perfusion_5Ab5Ddee : FILE MEMORY date = "2024-02-28" modified = "2024-03-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Exploit_Perfusion.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Exploit_Perfusion.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "7fdef25acb0d1447203b9768ae58a8e21db24816c602b160d105dab86ae34728" logic_hash = "490f3fc89cf78dbe82f1feb012a147a8d187612720efb6e1eb4e97720b26ee59" score = 75 @@ -88939,8 +89076,8 @@ rule ELASTIC_Windows_Trojan_Protects_9F6Eaa90 : FILE date = "2022-04-04" modified = "2022-06-09" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_ProtectS.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_ProtectS.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "c0330e072b7003f55a3153ac3e0859369b9c3e22779b113284e95ce1e2ce2099" logic_hash = "ddc8c97598b2d961dc51bdf2c7ab96abcec63824acd39b767bc175371844c1e5" score = 75 @@ -88968,8 +89105,8 @@ rule ELASTIC_Windows_Trojan_Vidar_9007Feb2 : FILE MEMORY date = "2021-06-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Vidar.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Vidar.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec" logic_hash = "fcdef7397f17ee402155e526c6fa8b51f3ea96e203a095b0b4c36cb7d3cc83d1" score = 75 @@ -88997,8 +89134,8 @@ rule ELASTIC_Windows_Trojan_Vidar_114258D5 : FILE MEMORY date = "2021-06-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Vidar.yar#L21-L44" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Vidar.yar#L21-L44" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec" logic_hash = "9ea3ea0533d14edd0332fa688497efd566a890d1507214fc8591a0a11433d060" score = 75 @@ -89031,8 +89168,8 @@ rule ELASTIC_Windows_Trojan_Vidar_32Fea8Da : FILE MEMORY date = "2023-05-04" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Vidar.yar#L46-L66" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Vidar.yar#L46-L66" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "6f5c24fc5af2085233c96159402cec9128100c221cb6cb0d1c005ced7225e211" logic_hash = "1a18cdc3bd533c34eb05b239830ecec418dc76ee9f4fcfc48afc73b07d55b3cd" score = 75 @@ -89062,8 +89199,8 @@ rule ELASTIC_Windows_Trojan_Azorult_38Fce9Ea : FILE MEMORY date = "2021-08-05" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Azorult.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Azorult.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "405d1e6196dc5be1f46a1bd07c655d1d4b36c32f965d9a1b6d4859d3f9b84491" logic_hash = "e23b21992b7ff577d4521c733929638522f4bf57b54c72e5e46196d028d6be26" score = 75 @@ -89095,8 +89232,8 @@ rule ELASTIC_Linux_Cryptominer_Zexaf_B90E7683 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Zexaf.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Zexaf.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "98650ebb7e463a06e737bcea4fd2b0f9036fafb0638ba8f002e6fe141b9fecfe" logic_hash = "d8485d8fbf00d5c828d7c6c80fef61f228f308e3d27a762514cfb3f00053b30b" score = 75 @@ -89124,8 +89261,8 @@ rule ELASTIC_Windows_Trojan_Lokibot_1F885282 : FILE MEMORY date = "2021-06-22" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Lokibot.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Lokibot.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409" logic_hash = "c76941a83e18f11ed5af701e89616d324ddba613a95069997ea8f1830f328307" score = 75 @@ -89153,8 +89290,8 @@ rule ELASTIC_Windows_Trojan_Lokibot_0F421617 : FILE MEMORY date = "2021-07-20" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Lokibot.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Lokibot.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080" logic_hash = "0076ccbe43ae77e3a80164d43832643f077e659a595fff01c87694e2274c5e86" score = 75 @@ -89182,8 +89319,8 @@ rule ELASTIC_Windows_Vulndriver_Asio_5F9F29Be : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_VulnDriver_AsIo.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_VulnDriver_AsIo.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "52a90fd1546c068b92add52c29fbb8a87d472a57e609146bbcb34862f9dcec15" logic_hash = "a901d81737c7e6d00e87f0eec758dd063eade59d9883e85e04a33bb18f2f99de" score = 75 @@ -89211,8 +89348,8 @@ rule ELASTIC_Windows_Trojan_Spectralviper_43Abeeeb : FILE MEMORY date = "2023-04-13" modified = "2023-05-26" reference = "https://www.elastic.co/security-labs/elastic-charms-spectralviper" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_SpectralViper.yar#L1-L27" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_SpectralViper.yar#L1-L27" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "7e35ba39c2c77775b0394712f89679308d1a4577b6e5d0387835ac6c06e556cb" logic_hash = "976e5b5b4ba73f1b392c2f6b32a86b09b5fd9e5a3510c60b77a39f1e0d705822" score = 75 @@ -89247,8 +89384,8 @@ rule ELASTIC_Windows_Trojan_Spectralviper_368C36A0 : FILE MEMORY date = "2023-05-10" modified = "2023-05-10" reference = "https://www.elastic.co/security-labs/elastic-charms-spectralviper" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_SpectralViper.yar#L29-L53" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_SpectralViper.yar#L29-L53" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "d1c32176b46ce171dbce46493eb3c5312db134b0a3cfa266071555c704e6cff8" logic_hash = "6182bde93e18dc6a83a94b50b193f5f29ed9abfa89b53c290818e7dab5bbb334" score = 75 @@ -89281,8 +89418,8 @@ rule ELASTIC_Windows_Trojan_Falsefont_D1F0D357 : FILE MEMORY date = "2024-03-26" modified = "2024-05-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_FalseFont.yar#L1-L26" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_FalseFont.yar#L1-L26" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "364275326bbfc4a3b89233dabdaf3230a3d149ab774678342a40644ad9f8d614" logic_hash = "af356dec77f773cec01626a3823dbea7e9d3719b9d152ec4057c0b97efabf0df" score = 75 @@ -89317,8 +89454,8 @@ rule ELASTIC_Windows_Trojan_Jupyter_56152E31 : FILE MEMORY date = "2021-07-22" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Jupyter.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Jupyter.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "ce486097ad2491aba8b1c120f6d0aa23eaf59cf698b57d2113faab696d03c601" logic_hash = "7b32e9caca744f4f6b48aefa5fda111e6b7ac81a62dd1fb8873d2c800ac3c42b" score = 75 @@ -89349,8 +89486,8 @@ rule ELASTIC_Windows_Trojan_Legionloader_F91120C6 : FILE MEMORY date = "2024-06-05" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_LegionLoader.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_LegionLoader.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "45670ffa9b24542ae84e3c9eb5ce609c2bcd29129215a7f37eb74b6211e32b22" logic_hash = "760402587a9ca3d3e6602fe57d3346ea6f60ba5c8d3a902bf493233baab597b0" score = 75 @@ -89378,8 +89515,8 @@ rule ELASTIC_Windows_Trojan_Hijackloader_A8444812 : FILE MEMORY date = "2023-11-15" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_HijackLoader.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_HijackLoader.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "065c379a33ef1539e8a68fd4b7638fe8a30ec19fc128642ed0c68539656374b9" logic_hash = "6cd88adc7a0d35013a26d1135efb294ee6f9ddab99b4549e82d3d6f5f65509b6" score = 75 @@ -89412,8 +89549,8 @@ rule ELASTIC_Linux_Trojan_Malxmr_7054A0D0 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Malxmr.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Malxmr.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "3a6b3552ffac13aa70e24fef72b69f683ac221105415efb294fb9a2fc81c260a" logic_hash = "f7153fb11e0e4bf422021cc0fab99536c2a193198bf70d7f2af2fa5c1971c028" score = 75 @@ -89441,8 +89578,8 @@ rule ELASTIC_Linux_Trojan_Malxmr_144994A5 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Malxmr.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Malxmr.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "07db41a4ddaac802b04df5e5bbae0881fead30cb8f6fa53a8a2e1edf14f2d36b" logic_hash = "4d40337895e63d3dc6f0d94889863f0f5017533658210b902b08d84cf3588cab" score = 75 @@ -89470,8 +89607,8 @@ rule ELASTIC_Windows_Trojan_Rhadamanthys_21B60705 : FILE MEMORY date = "2023-03-19" modified = "2023-04-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Rhadamanthys.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Rhadamanthys.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "3ba97c51ba503fa4bdcfd5580c75436bc88794b4ae883afa1d92bb0b2a0f5efe" logic_hash = "ef3f60689d72553111b42b27e0a1a0316288ae07fbfaf159eea8c76380d528fa" score = 75 @@ -89505,8 +89642,8 @@ rule ELASTIC_Windows_Trojan_Rhadamanthys_1Da1C2C2 : FILE MEMORY date = "2023-03-28" modified = "2023-04-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Rhadamanthys.yar#L27-L52" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Rhadamanthys.yar#L27-L52" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "9bfc4fed7afc79a167cac173bf3602f9d1f90595d4e41dab68ff54973f2cedc1" logic_hash = "bf5d45fe79dacfc6aee5cfd788ec6ce77e99e55d5a6d294da57c126bedf75ee9" score = 75 @@ -89541,8 +89678,8 @@ rule ELASTIC_Windows_Trojan_Rhadamanthys_Ae00F48C : FILE MEMORY date = "2023-05-05" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Rhadamanthys.yar#L54-L74" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Rhadamanthys.yar#L54-L74" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "56b5ff5132ec1c5836223ced287d51a9ecee8d2b081f449245e136b1262a8714" logic_hash = "423b68717a7aead3c871e7fc744e35dad1cfd7727bfba2bdaec69fb782540380" score = 75 @@ -89572,8 +89709,8 @@ rule ELASTIC_Windows_Trojan_Rhadamanthys_Cf5Dd2E2 : FILE MEMORY date = "2024-04-03" modified = "2024-05-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Rhadamanthys.yar#L76-L97" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Rhadamanthys.yar#L76-L97" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "39ccc224c2c6d89d0bce3d9e2c677465cbc7524f2d2aa903f79ad26b340dec3d" logic_hash = "039d6de0d072be6717ba3eb90735d7b4898d3bbac83db4feb75efcdbca8fd98b" score = 75 @@ -89604,8 +89741,8 @@ rule ELASTIC_Windows_Trojan_Rhadamanthys_C4760266 : FILE MEMORY date = "2024-06-05" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Rhadamanthys.yar#L99-L117" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Rhadamanthys.yar#L99-L117" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "05074675b07feb8e7556c5af449f5e677e0fabfb09b135971afbb11743bf3165" logic_hash = "b8c1c56681aac4e1b1741dfa3ea929677214873b6f1795423a80742f699249de" score = 75 @@ -89633,8 +89770,8 @@ rule ELASTIC_Linux_Exploit_CVE_2019_13272_583Dd2C0 : FILE MEMORY CVE_2019_13272 date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_CVE_2019_13272.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_CVE_2019_13272.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "3191b9473f3e59f55e062e6bdcfe61b88974602c36477bfa6855ccd92ff7ca83" logic_hash = "0b25f0d979d2fc3f7d646a9b3eccf2a293b41181b499c790d3e99515fcd09603" score = 75 @@ -89662,8 +89799,8 @@ rule ELASTIC_Windows_Hacktool_Coffloader_81Ba13B8 : FILE MEMORY date = "2024-04-22" modified = "2024-05-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Hacktool_COFFLoader.yar#L1-L43" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Hacktool_COFFLoader.yar#L1-L43" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "c2e03659eb1594dc958e01344cfa9ba126d66736b089db5e3dd1b1c3e3e7d2f7" logic_hash = "d4f061af200a0ae9f3276fd6dfcb09ecdf662f29b7c43ea47c69a53d9fe66793" score = 75 @@ -89715,8 +89852,8 @@ rule ELASTIC_Linux_Trojan_Morpes_D2Ae1Edf : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Morpes.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Morpes.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "14c4c297388afe4be47be091146aea6c6230880e9ea43759ef29fc1471c4b86b" logic_hash = "27eb8b4d0f91477c2ac26a5e25bfc52903faf5501300ec40773d3fc6797c3218" score = 75 @@ -89744,8 +89881,8 @@ rule ELASTIC_Windows_Trojan_Bughatch_21269Be4 : FILE MEMORY date = "2022-05-09" modified = "2022-06-09" reference = "https://www.elastic.co/security-labs/bughatch-malware-analysis" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Bughatch.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Bughatch.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "b495456a2239f3ba48e43ef295d6c00066473d6a7991051e1705a48746e8051f" logic_hash = "a8a2cae51a31e48ffe729df61ec96e3257f9c997ad5234075f85ed55de96f11d" score = 75 @@ -89775,8 +89912,8 @@ rule ELASTIC_Windows_Trojan_Bughatch_98F3C0Be : FILE MEMORY date = "2022-05-09" modified = "2022-06-09" reference = "https://www.elastic.co/security-labs/bughatch-malware-analysis" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Bughatch.yar#L24-L51" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Bughatch.yar#L24-L51" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "b495456a2239f3ba48e43ef295d6c00066473d6a7991051e1705a48746e8051f" logic_hash = "d578515fece7bd464bb09cc5ddb5caf70f4022e8b10388db689e67e662d57f66" score = 75 @@ -89812,8 +89949,8 @@ rule ELASTIC_Windows_Trojan_Raspberryrobin_4B4D6899 : FILE MEMORY date = "2023-12-13" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_RaspberryRobin.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_RaspberryRobin.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "2f0451f38adb74cb96c857de455887b00c5038b68210294c7f52b0b5ff64cc1e" logic_hash = "bbafad9509b367e811e86cb8f2f64d9c1d59f82b5cd58a7af43325bb7fa9d9c3" score = 75 @@ -89841,8 +89978,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_01365E46 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Trickbot.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Trickbot.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "5c450d4be39caef1d9ec943f5dfeb6517047175fec166a52970c08cd1558e172" logic_hash = "4d61de2cb37e12f62326c1717f6ed44554f5d2aa7ede6033d0c988e5e64df54d" score = 75 @@ -89870,8 +90007,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_06Fd4Ac4 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Trickbot.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Trickbot.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "bde387f1e22d1399fb99f6d41732a37635d8e90f29626f2995914a073a7cac89" score = 75 quality = 75 @@ -89899,8 +90036,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_Ce4305D1 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Trickbot.yar#L41-L58" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Trickbot.yar#L41-L58" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "c547114475383e5d84f6b8cb72585ddd5778ae3afa491deddeef8a5ec56be1b5" score = 75 quality = 75 @@ -89927,8 +90064,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_1E56Fad7 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Trickbot.yar#L60-L77" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Trickbot.yar#L60-L77" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "815b37804f79fb4607e6b84294882d818233c3df13aececb3d341244900a2e44" score = 75 quality = 75 @@ -89955,8 +90092,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_93C9A2A4 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Trickbot.yar#L79-L96" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Trickbot.yar#L79-L96" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "dadeeba6147b118b80e014ab067eac7a2c3c2990958a6c7016562d8b64fef53c" score = 75 quality = 75 @@ -89983,8 +90120,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_5340Afa3 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Trickbot.yar#L98-L115" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Trickbot.yar#L98-L115" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "8b9d3c978f0c4a04ee5b3446b990172206b17496036bc1cc04180ea7e9b99734" score = 75 quality = 75 @@ -90011,8 +90148,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_E7932501 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Trickbot.yar#L117-L134" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Trickbot.yar#L117-L134" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "f82704a408a0cf1def2a5926dc4c02fa56afea1422c88ba41af50d44c60edb07" score = 75 quality = 75 @@ -90039,8 +90176,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_Cd0868D5 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Trickbot.yar#L136-L153" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Trickbot.yar#L136-L153" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "053a99e5e722fd2aa1cae96266cc344954f9c3a12d0851fa9d5e95a6420651f4" score = 75 quality = 75 @@ -90067,8 +90204,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_515504E2 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Trickbot.yar#L155-L172" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Trickbot.yar#L155-L172" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "5410068e09de4a1283f98f6364ddf243373e228ba060b00699db6323f1167684" score = 75 quality = 75 @@ -90095,8 +90232,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_A0Fc8F35 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Trickbot.yar#L174-L191" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Trickbot.yar#L174-L191" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "7ab2b45ddfc1d7fa409a6ea3dfd8d4940e1bdf3fc0cb6c7e8d49c60e7bda5b1b" score = 75 quality = 75 @@ -90123,8 +90260,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_Cb95Dc06 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Trickbot.yar#L193-L210" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Trickbot.yar#L193-L210" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "563b2311d37ace2d09601a70325352db3fcbf135e7ce518965f5410081b5d626" score = 75 quality = 75 @@ -90151,8 +90288,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_9D4D3Fa4 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Trickbot.yar#L212-L229" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Trickbot.yar#L212-L229" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "7c3c9917a95248fd990b6947a0304ded473bf1bcceec8f4498a7955e879d348b" score = 75 quality = 75 @@ -90179,8 +90316,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_34F00046 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Trickbot.yar#L231-L248" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Trickbot.yar#L231-L248" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "f9d646645d6726e3aac5cc3eaea9edf1c89c7e743aff7cfa73998a72f3446711" score = 75 quality = 75 @@ -90207,8 +90344,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_F2A18B09 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Trickbot.yar#L250-L267" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Trickbot.yar#L250-L267" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "c4c4b0b1df1e8fde87284fb27d46e917c47b479a675fec60faeca6185511907d" score = 75 quality = 75 @@ -90235,8 +90372,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_D916Ae65 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Trickbot.yar#L269-L286" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Trickbot.yar#L269-L286" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "e0aafe498cd9f0e8addfef78027943a754ca797aafae0cb40f1c6425de501339" score = 75 quality = 75 @@ -90263,8 +90400,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_52722678 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Trickbot.yar#L288-L305" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Trickbot.yar#L288-L305" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "6340171fdde68b32de480f1f410aa4c491a8fffa7c1f699bf5fa72a12ecb77b8" score = 75 quality = 75 @@ -90291,8 +90428,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_28A60148 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Trickbot.yar#L307-L324" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Trickbot.yar#L307-L324" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "20a26ed3f0da3a77867597494bf0069a2093ec19b1c5e179c0e7934c1b69d4b9" score = 75 quality = 75 @@ -90319,8 +90456,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_997B25A0 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Trickbot.yar#L326-L343" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Trickbot.yar#L326-L343" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "ca688086c4628c64c32a99083d620bcb5373e3100d154331451a3e9f86081aca" score = 75 quality = 75 @@ -90347,8 +90484,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_B17B33A1 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Trickbot.yar#L345-L362" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Trickbot.yar#L345-L362" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "7fa69674d1e985bafe310597f23ae80113136768141f0a1931baf88b2509e6ef" score = 75 quality = 75 @@ -90375,8 +90512,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_23D77Ae5 : FILE MEMORY date = "2021-03-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Trickbot.yar#L364-L396" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Trickbot.yar#L364-L396" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "844974a2d3266e1f9ba275520c0e8a5d176df69a0ccd5135b99facf798a5d209" logic_hash = "e5f5cf854ebd0e25fffbd6796217f22223a06937e1cacb33baa105ac41731256" score = 75 @@ -90418,8 +90555,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_5574Be7D : FILE MEMORY date = "2021-03-29" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Trickbot.yar#L398-L432" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Trickbot.yar#L398-L432" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "8c5c0d27153f60ef8aec57def2f88e3d5f9a7385b5e8b8177bab55fa7fac7b18" logic_hash = "ed0fc98c5d628ce38b923e1410eaf7a4a65ecffea42bed35314e30c99a52219b" score = 75 @@ -90463,8 +90600,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_1473F0B4 : FILE MEMORY date = "2021-03-29" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Trickbot.yar#L434-L459" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Trickbot.yar#L434-L459" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "9cfb441eb5c60ab1c90b58d4878543ee554ada2cceee98d6b867e73490d30fec" logic_hash = "dc13625e58c029c60b8670f8e63cd7786bf3e9705c462f3cbbf5b39e7c02f9a1" score = 75 @@ -90499,8 +90636,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_Dcf25Dde : FILE MEMORY date = "2021-03-29" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Trickbot.yar#L461-L502" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Trickbot.yar#L461-L502" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "ba2a255671d33677cab8d93531eb25c0b1f1ac3e3085b95365a017463662d787" logic_hash = "64d15d92faf0919a8fa1ce6772750cde47eaa24b09cf4243393777334bad9712" score = 75 @@ -90551,8 +90688,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_46Dc12Dd : FILE MEMORY date = "2021-03-29" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Trickbot.yar#L504-L528" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Trickbot.yar#L504-L528" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "bf38a787aee5afdcab00b95ccdf036bc7f91f07151b4444b54165bb70d649ce5" logic_hash = "e01209a83f4743cbad7dda01595c053277868bd47208e48214b557ae339b5b3c" score = 50 @@ -90586,8 +90723,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_78A26074 : FILE MEMORY date = "2021-03-29" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Trickbot.yar#L530-L564" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Trickbot.yar#L530-L564" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "8cd75fa8650ebcf0a6200283e474a081cc0be57307e54909ee15f4d04621dde0" logic_hash = "3837c22f7f9d55f03cb0bc1336798f0e2a91549c187b9f5136491cbafd26ce6e" score = 75 @@ -90631,8 +90768,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_217B9C97 : FILE MEMORY date = "2021-03-29" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Trickbot.yar#L566-L601" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Trickbot.yar#L566-L601" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "1e90a73793017720c9a020069ed1c87879174c19c3b619e5b78db8220a63e9b7" logic_hash = "9b2b8a8154d4aba06029fd35d896331449f7baa961f183fb0cb47e890610ff99" score = 75 @@ -90677,8 +90814,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_D2110921 : FILE MEMORY date = "2021-03-29" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Trickbot.yar#L603-L632" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Trickbot.yar#L603-L632" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "05ef40f7745db836de735ac73d6101406e1d9e58c6b5f5322254eb75b98d236a" logic_hash = "39ef17836f29c358f596e0047d582b5f1d1af523c8f6354ac8a783eda9969554" score = 75 @@ -90717,8 +90854,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_0114D469 : FILE MEMORY date = "2021-03-29" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Trickbot.yar#L634-L667" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Trickbot.yar#L634-L667" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "083cb35a7064aa5589efc544ac1ed1b04ec0f89f0e60383fcb1b02b63f4117e9" logic_hash = "6ca8e73f758d3fa956fe53cc83abb43806359f93df05c42a58e2f394a1a3c117" score = 75 @@ -90761,8 +90898,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_07239Dad : FILE MEMORY date = "2021-03-29" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Trickbot.yar#L669-L703" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Trickbot.yar#L669-L703" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "dbd534f2b5739f89e99782563062169289f23aa335639a9552173bedc98bb834" logic_hash = "231592d1a45798de6d22c922626ca28ef4019bae95d552a0f2822823d8dec384" score = 75 @@ -90806,8 +90943,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_Fd7A39Af : FILE MEMORY date = "2021-03-29" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Trickbot.yar#L705-L739" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Trickbot.yar#L705-L739" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "d5bb8d94b71d475b5eb9bb4235a428563f4104ea49f11ef02c8a08d2e859fd68" logic_hash = "15cb286504e6167c78e194488555f565965a03e7714fe16692a115df26985a01" score = 75 @@ -90851,8 +90988,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_2D89E9Cd : FILE MEMORY date = "2021-03-29" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Trickbot.yar#L741-L785" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Trickbot.yar#L741-L785" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "3963649ebfabe8f6277190be4300ecdb68d4b497ac5f81f38231d3e6c862a0a8" logic_hash = "c15833687c2aed55aae0bb5de83c088cb66edeb4ad1964543522f5477c1f1942" score = 75 @@ -90906,8 +91043,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_32930807 : FILE MEMORY date = "2021-03-30" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Trickbot.yar#L787-L808" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Trickbot.yar#L787-L808" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "e999b83629355ec7ff3b6fda465ef53ce6992c9327344fbf124f7eb37808389d" logic_hash = "e98503696bd72cab4d0d1633991bdb87c0537fd1e2d95507ccd474125328f318" score = 75 @@ -90938,8 +91075,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_618B27D2 : FILE MEMORY date = "2021-03-30" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Trickbot.yar#L810-L843" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Trickbot.yar#L810-L843" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "d3ec8f4a46b21fb189fc3d58f3d87bf9897653ecdf90b7952dcc71f3b4023b4e" logic_hash = "e66a9dd7efdbff8b9e30119d0e99187e3dfa4ca1c1bc1ade0f8f1003d10e2620" score = 75 @@ -90982,8 +91119,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_6Eb31E7B : FILE MEMORY date = "2021-03-30" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Trickbot.yar#L845-L872" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Trickbot.yar#L845-L872" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "3e3d82ea4764b117b71119e7c2eecf46b7c2126617eafccdfc6e96e13da973b1" logic_hash = "5b6902c8644c79bd183725f0e41bf2f7ae425bf0eb1dddea6fd1a38b77f176ba" score = 75 @@ -91020,8 +91157,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_91516Cf4 : FILE MEMORY date = "2021-03-30" modified = "2021-08-31" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Trickbot.yar#L874-L896" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Trickbot.yar#L874-L896" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "6cd0d4666553fd7184895502d48c960294307d57be722ebb2188b004fc1a8066" logic_hash = "6c0bdd6827bebb337c0012cdb6e931cd96ce2ad61f3764f288b96ff049b2d007" score = 75 @@ -91053,8 +91190,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_Be718Af9 : FILE MEMORY date = "2021-03-30" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Trickbot.yar#L898-L921" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Trickbot.yar#L898-L921" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "c1f1bc58456cff7413d7234e348d47a8acfdc9d019ae7a4aba1afc1b3ed55ffa" logic_hash = "d020f7d1637fc4ee3246e97c9acae0be1782e688154bd109f53f807211beebd7" score = 75 @@ -91087,8 +91224,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_F8Dac4Bc : FILE MEMORY date = "2021-03-30" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Trickbot.yar#L923-L954" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Trickbot.yar#L923-L954" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "13d102d546b9384f944f2a520ba32fb5606182bed45a8bba681e4374d7e5e322" logic_hash = "d4536aac0ee402abcb87826e45c892d6f39562bc1e39b72ae8880dc077f230d9" score = 75 @@ -91129,8 +91266,8 @@ rule ELASTIC_Windows_Trojan_Trickbot_9C0Fa8Fe : FILE MEMORY date = "2021-07-13" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Trickbot.yar#L956-L974" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Trickbot.yar#L956-L974" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "f528c3ea7138df7c661d88fafe56d118b6ee1d639868212378232ca09dc9bfad" logic_hash = "23aebc3139c34ecd609db7920fa0d5e194173409e1862555e4c468dad6c46299" score = 75 @@ -91158,8 +91295,8 @@ rule ELASTIC_Linux_Exploit_Enoket_79B52A4C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_Enoket.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_Enoket.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "3ae8f7e7df62316400d0c5fe0139d7a48c9f184e92706b552aad3d827d3dbbbf" logic_hash = "204082a3be602b3f6aebb013a46e6f9c98b5dad2476350afa60c1954b13598fe" score = 75 @@ -91187,8 +91324,8 @@ rule ELASTIC_Linux_Exploit_Enoket_5969A348 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_Enoket.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_Enoket.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "4b4d7ca9e1ffa2c46cb097d4a014c59b1a9feb93b3adcb5936ef6a1dfef9b0ae" logic_hash = "e47af0fba86c9152d17911b984070a8419b98da8916538ebb1065a5348da6e31" score = 75 @@ -91216,8 +91353,8 @@ rule ELASTIC_Linux_Exploit_Enoket_80Fac3E9 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_Enoket.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_Enoket.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "3355ad81c566914a7d7734b40c46ded0cfa53aa22c6e834d42e185bf8bbe6128" logic_hash = "19cb7f02ca80095293c4a09f7ea616c31364af1e4189a9211aaba54aaa2db14e" score = 75 @@ -91245,8 +91382,8 @@ rule ELASTIC_Linux_Exploit_Enoket_7Da5F86A : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_Enoket.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_Enoket.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "406b003978d79d453d3e2c21b991b113bf2fc53ffbf3a1724c5b97a4903ef550" logic_hash = "df5769a87230f5e563849302f32673b5f5de2595e12de72c27921d45edc58928" score = 75 @@ -91274,8 +91411,8 @@ rule ELASTIC_Linux_Exploit_Enoket_C77C0D6D : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_Enoket.yar#L81-L99" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_Enoket.yar#L81-L99" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "3ae8f7e7df62316400d0c5fe0139d7a48c9f184e92706b552aad3d827d3dbbbf" logic_hash = "504d61715bd5dba7f777fcb2d62eb53d8d54dad2dcf93f2fc2d7dcd359c4b994" score = 75 @@ -91303,8 +91440,8 @@ rule ELASTIC_Linux_Exploit_Enoket_Fbf508E1 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_Enoket.yar#L101-L119" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_Enoket.yar#L101-L119" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "d1fa8520d3c3811d29c3d5702e7e0e7296b3faef0553835c495223a2bc015214" logic_hash = "21b1d69677c3fddb210dcf5947e8321abccd5a1ebbde8438a83fee5d4b29443d" score = 75 @@ -91332,8 +91469,8 @@ rule ELASTIC_Linux_Trojan_Patpooty_E2E0Dff1 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Patpooty.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Patpooty.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "d38b9e76cbc863f69b29fc47262ceafd26ac476b0ae6283d3fa50985f93bedf3" logic_hash = "ec7d12296383ca0ed20e3221fb96b9dbdaf6cc7f07f5c8383e43489a9fd6fcfe" score = 75 @@ -91361,8 +91498,8 @@ rule ELASTIC_Linux_Trojan_Patpooty_F90C7E43 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Patpooty.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Patpooty.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "79475a66be8741d9884bc60f593c81a44bdb212592cd1a7b6130166a724cb3d3" logic_hash = "2d995722b06ce51a5378e395896764421f84afcf6b13855a87ed43d9b9e38982" score = 75 @@ -91390,8 +91527,8 @@ rule ELASTIC_Linux_Trojan_Psybnc_563Ecb11 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Psybnc.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Psybnc.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "f77216b169e8d12f22ef84e625159f3a51346c2b6777a1fcfb71268d17b06d39" logic_hash = "b93e6ab097ccd4c348d228a48df098594e560e62256bfe019669ca9488221214" score = 75 @@ -91419,8 +91556,8 @@ rule ELASTIC_Linux_Trojan_Psybnc_Ab3396D5 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Psybnc.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Psybnc.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "c5ec84e7cc891af25d6319abb07b1cedd90b04cbb6c8656c60bcb07e60f0b620" logic_hash = "8c083f66fc252a88395bb954a67d710d64f5b68efb9df4b60b260302874b400a" score = 75 @@ -91448,8 +91585,8 @@ rule ELASTIC_Linux_Trojan_Psybnc_F07357F1 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Psybnc.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Psybnc.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "f77216b169e8d12f22ef84e625159f3a51346c2b6777a1fcfb71268d17b06d39" logic_hash = "cfe217fe108de787600d1ef06ac6738d84aedfc46e5632143692a9f83cb62df7" score = 75 @@ -91477,8 +91614,8 @@ rule ELASTIC_Windows_Vulndriver_Procid_86605Fa9 : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_VulnDriver_ProcId.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_VulnDriver_ProcId.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "b03f26009de2e8eabfcf6152f49b02a55c5e5d0f73e01d48f5a745f93ce93a29" logic_hash = "882cdbd267d812e77e68e7080f1fca0ca3d7e75ab84c583c3ec148894b1cf644" score = 75 @@ -91506,8 +91643,8 @@ rule ELASTIC_Linux_Backdoor_Generic_Babf9101 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Backdoor_Generic.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Backdoor_Generic.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "9ea73d2c2a5f480ae343846e2b6dd791937577cb2b3d8358f5b6ede8f3696b86" logic_hash = "40084f3bed66c1d4a1cd2ffca99fd6789c8ed2db04031e4d4a4926b41d622355" score = 75 @@ -91535,8 +91672,8 @@ rule ELASTIC_Linux_Backdoor_Generic_5776Ae49 : FILE MEMORY date = "2021-04-06" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Backdoor_Generic.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Backdoor_Generic.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "e247a5decb5184fd5dee0d209018e402c053f4a950dae23be59b71c082eb910c" logic_hash = "b606f12c47182d80e07f8715639c3cc73753274bd8833cb9f6380879356a2b12" score = 75 @@ -91564,8 +91701,8 @@ rule ELASTIC_Windows_Infostealer_Phemedronestealer_Bed8Ea8A : FILE MEMORY date = "2024-03-21" modified = "2024-05-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Infostealer_PhemedroneStealer.yar#L1-L30" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Infostealer_PhemedroneStealer.yar#L1-L30" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "38279fdad25c7972be9426cadb5ad5e3ee7e9761b0a41ed617945cb9a3713702" logic_hash = "88fc33abfe6c7a611aa0c354645b06e9e74121ffc9a5acd20b4d3a59287489d6" score = 75 @@ -91604,8 +91741,8 @@ rule ELASTIC_Linux_Backdoor_Python_00606Bac : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Backdoor_Python.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Backdoor_Python.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "b3e3728d43535f47a1c15b915c2d29835d9769a9dc69eb1b16e40d5ba1b98460" logic_hash = "92ad2cf4aa848c8f3bcedd319654bf5ef873cd4daba62572381c7e20f0296b82" score = 75 @@ -91633,8 +91770,8 @@ rule ELASTIC_Linux_Trojan_Cerbu_69D5657E : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Cerbu.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Cerbu.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "f10bf3cf2fdfbd365d3c2d8dedb2d01b85236eaa97d15370dbcb5166149d70e9" logic_hash = "644e8d5a1b5c8618e71497f21b0244215924e293e274b9164692dd927cd74ba8" score = 75 @@ -91662,8 +91799,8 @@ rule ELASTIC_Multi_Hacktool_Rakshasa_D5D3Ef21 : FILE MEMORY date = "2024-01-24" modified = "2024-01-29" reference = "https://www.elastic.co/security-labs/unmasking-financial-services-intrusion-ref0657" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Multi_Hacktool_Rakshasa.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Multi_Hacktool_Rakshasa.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "ccfa30a40445d5237aaee1e015ecfcd9bdbe7665a6dc2736b28e5ebf07ec4597" logic_hash = "123cbea0ce02012a9b22a4a241d11aa9acbb58b50a1bd9228da7cadbf0fa1b4e" score = 75 @@ -91695,8 +91832,8 @@ rule ELASTIC_Linux_Trojan_Backegmm_B59712E6 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Backegmm.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Backegmm.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "d6c8e15cb65102b442b7ee42186c58fa69cd0cb68f4fd47eb5ad23763371e0be" logic_hash = "a2e6016bfd8475880c28c89b5f5beeef1335de9529d44bbe7c5aaa352aab9a29" score = 75 @@ -91724,8 +91861,8 @@ rule ELASTIC_Windows_Trojan_Bandook_38497690 : FILE MEMORY date = "2022-08-10" modified = "2022-09-29" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Bandook.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Bandook.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "4d079586a51168aac708a9ab7d11a5a49dfe7a16d9ced852fbbc5884020c0c97" logic_hash = "199614993f63636764808313f25199348afdf4d537c8dca06f673559e34636b8" score = 75 @@ -91758,8 +91895,8 @@ rule ELASTIC_Windows_Trojan_Doorme_246Eda61 : FILE MEMORY date = "2022-12-09" modified = "2022-12-15" reference = "https://www.elastic.co/security-labs/update-to-the-REF2924-intrusion-set-and-related-campaigns" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_DoorMe.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_DoorMe.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "96b226e1dcfb8ea2155c2fa508125472c8c767569d009a881ab4c39453e4fe7f" logic_hash = "01240f2e23904498c34ec805cc8bc3e9ac7b76c6519685ef6b367066f1a0bc5b" score = 75 @@ -91792,8 +91929,8 @@ rule ELASTIC_Windows_Trojan_Limerat_24269A79 : FILE MEMORY date = "2021-08-17" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Limerat.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Limerat.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "ec781a714d6bc6fac48d59890d9ae594ffd4dbc95710f2da1f1aa3d5b87b9e01" logic_hash = "053a6abe589db23c4b9baed24729c8bcdd9019535fd0d9efc60ab4035c9779f3" score = 75 @@ -91821,8 +91958,8 @@ rule ELASTIC_Windows_Vulndriver_Viragt_5F92F226 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_VulnDriver_Viragt.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_VulnDriver_Viragt.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "e05eeb2b8c18ad2cb2d1038c043d770a0d51b96b748bc34be3e7fc6f3790ce53" logic_hash = "e7ade7aec563c1dc602dfd7fda8c063058f47ae2a915959468792fce389b38f1" score = 75 @@ -91852,8 +91989,8 @@ rule ELASTIC_Windows_Vulndriver_Viragt_84D508Ad : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_VulnDriver_Viragt.yar#L23-L43" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_VulnDriver_Viragt.yar#L23-L43" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "58a74dceb2022cd8a358b92acd1b48a5e01c524c3b0195d7033e4bd55eff4495" logic_hash = "a3e1b41155c7dd347976a1057cb763ab60c50c34e981fef050bd54f060a412fc" score = 75 @@ -91883,8 +92020,8 @@ rule ELASTIC_Linux_Hacktool_Fontonlake_68Ad8568 : FILE MEMORY date = "2021-10-12" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Hacktool_Fontonlake.yar#L1-L30" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Hacktool_Fontonlake.yar#L1-L30" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "717953f52318e7687fc95626561cc607d4875d77ff7e3cf5c7b21cf91f576fa4" logic_hash = "63dd5769305c715e27e3c62160f7b0f65b57204009ed46383b5b477c67cfac8e" score = 75 @@ -91923,8 +92060,8 @@ rule ELASTIC_Linux_Exploit_Moogrey_81131B66 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_Moogrey.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_Moogrey.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "cc27b9755bd9feb1fb2c510f66e36c20a1503e6769cdaeee2bea7fe962d22ccc" logic_hash = "dc2fe7caa38f665d24bbc673ff63491ebdeec8d56a420092243ce241238846cf" score = 75 @@ -91952,8 +92089,8 @@ rule ELASTIC_Linux_Trojan_Godropper_Bae099Bd : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Godropper.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Godropper.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "704643f3fd11cda1d52260285bf2a03bccafe59cfba4466427646c1baf93881e" logic_hash = "ef6274928f7cfc0312122ac3e4153fb0a78dc7d5fb2d68db6cbe4974f5497210" score = 75 @@ -91981,8 +92118,8 @@ rule ELASTIC_Windows_Trojan_Netwire_6A7Df287 : FILE MEMORY date = "2021-06-28" modified = "2021-08-23" reference = "https://www.elastic.co/security-labs/netwire-dynamic-configuration-extraction" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Netwire.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Netwire.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "e6f446dbefd4469b6c4d24988dd6c9ccd331c8b36bdbc4aaf2e5fc49de2c3254" logic_hash = "d5f36e2a81cf0a9037267d39266b4c31ca9c07b05fb9772e296aeac2da6051a5" score = 75 @@ -92010,8 +92147,8 @@ rule ELASTIC_Windows_Trojan_Netwire_1B43Df38 : FILE MEMORY date = "2021-06-28" modified = "2021-08-23" reference = "https://www.elastic.co/security-labs/netwire-dynamic-configuration-extraction" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Netwire.yar#L22-L43" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Netwire.yar#L22-L43" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "e6f446dbefd4469b6c4d24988dd6c9ccd331c8b36bdbc4aaf2e5fc49de2c3254" logic_hash = "bb0eb1c1969bc1416e933822843293c5d41bf9bc3d402fa5dbdc3cdf2f4b394a" score = 75 @@ -92041,8 +92178,8 @@ rule ELASTIC_Windows_Trojan_Netwire_F85E4Abc : FILE MEMORY date = "2022-08-14" modified = "2022-09-29" reference = "https://www.elastic.co/security-labs/netwire-dynamic-configuration-extraction" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Netwire.yar#L45-L64" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Netwire.yar#L45-L64" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "ab037c87d8072c63dc22b22ff9cfcd9b4837c1fee2f7391d594776a6ac8f6776" logic_hash = "af8fc8fff2e1a0b6c87ac6d24fecf2e1cefe6313ec66da13fddd1be25c1c3d92" score = 75 @@ -92070,8 +92207,8 @@ rule ELASTIC_Windows_Trojan_Netwire_F42Cb379 : FILE MEMORY date = "2022-08-14" modified = "2022-09-29" reference = "https://www.elastic.co/security-labs/netwire-dynamic-configuration-extraction" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Netwire.yar#L66-L90" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Netwire.yar#L66-L90" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "ab037c87d8072c63dc22b22ff9cfcd9b4837c1fee2f7391d594776a6ac8f6776" logic_hash = "fc1436596987d3971a464e707ee6fd5689e7d2800df471c125c1e3f748537f5d" score = 75 @@ -92104,8 +92241,8 @@ rule ELASTIC_Windows_Hacktool_Processhacker_3D01069E : FILE date = "2022-03-30" modified = "2022-03-30" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Hacktool_ProcessHacker.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Hacktool_ProcessHacker.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "70211a3f90376bbc61f49c22a63075d1d4ddd53f0aefa976216c46e6ba39a9f4" logic_hash = "bcba74aa20b62329c48060bfebaf49ab12f89f9ec3a09fc0c0cb702de5e2b940" score = 75 @@ -92133,8 +92270,8 @@ rule ELASTIC_Windows_Hacktool_Askcreds_34E3E3D4 : FILE MEMORY date = "2023-05-16" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Hacktool_AskCreds.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Hacktool_AskCreds.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "d911566ca546a8546928cd0ffa838fd344b35f75a4a7e80789d20e52c7cd38d0" score = 75 quality = 75 @@ -92163,8 +92300,8 @@ rule ELASTIC_Windows_Trojan_Shadowpad_Be71209D : FILE MEMORY date = "2023-01-31" modified = "2023-02-01" reference = "https://www.elastic.co/security-labs/update-to-the-REF2924-intrusion-set-and-related-campaigns" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_ShadowPad.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_ShadowPad.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "452b08d6d2aa673fb6ccc4af6cebdcb12b5df8722f4d70d1c3491479e7b39c05" logic_hash = "24e035bbcd5d44877e6e582a995d0035ad26c53e832c34b0c8a3836cb1a11637" score = 75 @@ -92193,8 +92330,8 @@ rule ELASTIC_Windows_Trojan_Shadowpad_0D899241 : MEMORY date = "2023-01-31" modified = "2023-02-01" reference = "https://www.elastic.co/security-labs/update-to-the-REF2924-intrusion-set-and-related-campaigns" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_ShadowPad.yar#L23-L48" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_ShadowPad.yar#L23-L48" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "cb3a425565b854f7b892e6ebfb3734c92418c83cd590fc1ee9506bcf4d8e02ea" logic_hash = "57385e149c6419aed2dcd3ecbbe26d8598918395a6480dd5cdb799ce7328901a" score = 75 @@ -92228,8 +92365,8 @@ rule ELASTIC_Windows_PUP_Mediaarena_A9E3B4A1 : FILE MEMORY date = "2023-06-02" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_PUP_MediaArena.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_PUP_MediaArena.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "c071e0b67e4c105c87b876183900f97a4e8bc1a7c18e61c028dee59ce690b1ac" logic_hash = "8e52b29f2848498aae2fd7ad35494362d6c07f0e752b628840a256923aca32c7" score = 75 @@ -92263,8 +92400,8 @@ rule ELASTIC_Windows_Trojan_Formbook_1112E116 : FILE MEMORY date = "2021-06-14" modified = "2021-08-23" reference = "https://www.elastic.co/security-labs/formbook-adopts-cab-less-approach" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Formbook.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Formbook.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a" logic_hash = "ec307a8681fa01fc0c7c0579b0e3eff10e7f373159ad58dae0a358ff16fbc10b" score = 75 @@ -92295,8 +92432,8 @@ rule ELASTIC_Windows_Trojan_Formbook_772Cc62D : FILE MEMORY date = "2022-05-23" modified = "2022-07-18" reference = "https://www.elastic.co/security-labs/formbook-adopts-cab-less-approach" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Formbook.yar#L25-L46" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Formbook.yar#L25-L46" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "db9ab8df029856fc1c210499ed8e1b92c9722f7aa2264363670c47b51ec8fa83" score = 75 quality = 25 @@ -92326,8 +92463,8 @@ rule ELASTIC_Windows_Trojan_Formbook_5799D1F2 : FILE MEMORY date = "2022-06-08" modified = "2022-09-29" reference = "https://www.elastic.co/security-labs/formbook-adopts-cab-less-approach" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Formbook.yar#L48-L67" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Formbook.yar#L48-L67" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "8555a6d313cb17f958fc2e08d6c042aaff9ceda967f8598ac65ab6333d14efd9" logic_hash = "8e61eabd11beb9fb35c016983cfb3085f5ceddfc8268522f3b48d20be5b5df6a" score = 75 @@ -92355,8 +92492,8 @@ rule ELASTIC_Windows_Trojan_Generic_A681F24A : FILE MEMORY date = "2021-06-10" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Generic.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Generic.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "a796f316b1ed7fa809d9ad5e9b25bd780db76001345ea83f5035a33618f927fa" logic_hash = "72bfefc8f92dbe65d197e02bf896315dcbc54d7b68d0434f43de026ccf934f40" score = 75 @@ -92386,8 +92523,8 @@ rule ELASTIC_Windows_Trojan_Generic_Ae824B13 : REF1296 FILE MEMORY date = "2022-02-03" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Generic.yar#L23-L43" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Generic.yar#L23-L43" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "cee46c1efdaa1815606f932a4f79b316e02c1b481e73c4c2f8b7c72023e8684c" score = 75 quality = 67 @@ -92417,8 +92554,8 @@ rule ELASTIC_Windows_Trojan_Generic_Eb47E754 : REF1296 FILE MEMORY date = "2022-02-03" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Generic.yar#L45-L65" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Generic.yar#L45-L65" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "1d96e813ed0261bd0d7caca2803ed8d5fe4d77ea00efc9130eef86aa872c4656" score = 75 quality = 67 @@ -92448,8 +92585,8 @@ rule ELASTIC_Windows_Trojan_Generic_C7Fd8D38 : FILE MEMORY date = "2022-02-17" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Generic.yar#L67-L89" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Generic.yar#L67-L89" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "a1702ec12c2bf4a52e11fbdab6156358084ad2c662c8b3691918ef7eabacde96" logic_hash = "81c56cd741692a7f2a894c2b8f2676aad47f14221228b9466a2ab0f05d76c623" score = 75 @@ -92481,8 +92618,8 @@ rule ELASTIC_Windows_Trojan_Generic_Bbe6C282 : FILE MEMORY date = "2022-03-02" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Generic.yar#L91-L109" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Generic.yar#L91-L109" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "a44c46d4b9cf1254aaabd1e689f84c4d2c3dd213597f827acabface03a1ae6d1" logic_hash = "fe874d69ae71775cf997845c90e731479569e2ac1ac882a4b8c3c73d015b1f30" score = 75 @@ -92510,8 +92647,8 @@ rule ELASTIC_Windows_Trojan_Generic_889B1248 : FILE MEMORY date = "2022-03-11" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Generic.yar#L111-L132" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Generic.yar#L111-L132" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "a48d57a139c7e3efa0c47f8699e2cf6159dc8cdd823b16ce36257eb8c9d14d53" logic_hash = "b3bb93b95377d6c6606d29671395b78c0954cc47d5cc450436799638d0458469" score = 75 @@ -92542,8 +92679,8 @@ rule ELASTIC_Windows_Trojan_Generic_02A87A20 : FILE MEMORY date = "2022-03-04" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Generic.yar#L134-L152" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Generic.yar#L134-L152" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "13037b749aa4b1eda538fda26d6ac41c8f7b1d02d83f47b0d187dd645154e033" logic_hash = "610db1b429ed2ecfc552f73ed4782cb56254e6fc98b728ffeff6938fbcce9616" score = 75 @@ -92571,8 +92708,8 @@ rule ELASTIC_Windows_Trojan_Generic_4Fbff084 : FILE MEMORY date = "2023-02-28" modified = "2023-04-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Generic.yar#L154-L175" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Generic.yar#L154-L175" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "7010a69ba77e65e70f4f3f4a10af804e6932c2218ff4abd5f81240026822b401" logic_hash = "47d1a01e0edee3239d99ff1f32eb4cfc77d6e38823fed799a562e142d3d3a22d" score = 75 @@ -92603,8 +92740,8 @@ rule ELASTIC_Windows_Trojan_Generic_73Ed7375 : FILE MEMORY date = "2023-05-09" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Generic.yar#L177-L196" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Generic.yar#L177-L196" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "2b17328a3ef0e389419c9c86f81db4118cf79640799e5c6fdc97de0fc65ad556" logic_hash = "7e27c9377d0b2058a2a36da4ac7d37a54c566f3246e69aa356171edae6b478c5" score = 75 @@ -92633,8 +92770,8 @@ rule ELASTIC_Windows_Trojan_Generic_96Cdf3C4 : FILE MEMORY date = "2023-05-09" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Generic.yar#L198-L217" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Generic.yar#L198-L217" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "9a4d68de36f1706a3083de7eb41f839d8c7a4b8b585cc767353df12866a48c81" logic_hash = "f92e5549aca320d71e1eec8daa82e8bbf3517c7f23f376bb355fdfa32da2e7a9" score = 75 @@ -92663,8 +92800,8 @@ rule ELASTIC_Windows_Trojan_Generic_F0C79978 : FILE MEMORY date = "2023-07-27" modified = "2023-09-20" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Generic.yar#L219-L238" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Generic.yar#L219-L238" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "8f800b35bfbc8474f64b76199b846fe56b24a3ffd8c7529b92ff98a450d3bd38" logic_hash = "b16971ed0947660dda8d79c11531a9498a80e00f2dbc2c0eb63895b7f5c5f980" score = 75 @@ -92693,8 +92830,8 @@ rule ELASTIC_Windows_Trojan_Generic_40899C85 : FILE MEMORY date = "2023-12-15" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Generic.yar#L240-L260" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Generic.yar#L240-L260" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "88eb4f2e7085947bfbd03c69573fdca0de4a74bab844f09ecfcf88e358af20cc" logic_hash = "317034add0343baa26548712de8b2acc04946385fbee048cea0bd8d7ae642b36" score = 75 @@ -92724,8 +92861,8 @@ rule ELASTIC_Windows_Trojan_Generic_9997489C : FILE MEMORY date = "2024-01-31" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Generic.yar#L262-L290" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Generic.yar#L262-L290" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "857bbf64ced06f76eb50afbfbb699c62e11625196213c2e5267b828cca911b74" score = 75 quality = 75 @@ -92763,8 +92900,8 @@ rule ELASTIC_Windows_Trojan_Generic_2993E5A5 : FILE MEMORY date = "2024-03-18" modified = "2024-03-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Generic.yar#L292-L310" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Generic.yar#L292-L310" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "9f9b926cef69e879462d9fa914dda8c60a01f3d409b55afb68c3fb94bf1a339b" logic_hash = "37a10597d1afeb9411f6c652537186628291cbe6af680abe12bb96591add7e78" score = 75 @@ -92792,8 +92929,8 @@ rule ELASTIC_Windows_Trojan_Generic_0E135D58 : FILE MEMORY date = "2024-03-19" modified = "2024-03-19" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Generic.yar#L312-L330" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Generic.yar#L312-L330" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c" logic_hash = "bc10218b1d761f72836bb5f9bb41d3f0fe13c4baa1109025269f938ec642aec4" score = 75 @@ -92821,8 +92958,8 @@ rule ELASTIC_Linux_Exploit_Alie_E69De1Ee : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_Alie.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_Alie.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "882839549f062ab4cbe6df91336ed320eaf6c2300fc2ed64d1877426a0da567d" logic_hash = "bb4625751c924b9ff5d32cc044fcff68892e82d9e94d679c4e4c8286f680a854" score = 75 @@ -92850,8 +92987,8 @@ rule ELASTIC_Windows_Hacktool_Sharpmove_05E28928 : FILE MEMORY date = "2022-11-20" modified = "2023-01-11" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Hacktool_SharpMove.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Hacktool_SharpMove.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "051f60f9f4665b96f764810defe9525ae7b4f9898249b83a23094cee63fa0c3b" logic_hash = "021a56dd47d9929e71b82b00d24aa8969a31945681dcf414c69b8d175fb0b6eb" score = 75 @@ -92883,8 +93020,8 @@ rule ELASTIC_Linux_Hacktool_Portscan_A40C7Ef0 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Hacktool_Portscan.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Hacktool_Portscan.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "c389c42bac5d4261dbca50c848f22c701df4c9a2c5877dc01e2eaa81300bdc29" logic_hash = "6118ea86d628450e79ee658f4b95bae40080764a25240698d8ca7fcb7e6adaaf" score = 75 @@ -92912,8 +93049,8 @@ rule ELASTIC_Linux_Hacktool_Portscan_6C6000C2 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Hacktool_Portscan.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Hacktool_Portscan.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "8877009fc8ee27ba3b35a7680b80d21c84ee7296bcabe1de51aeeafcc8978da7" logic_hash = "0cae81cbc0fdf48b4e7ac09865f05e2ad93d79b7a6f1af76a632727127ab050f" score = 75 @@ -92941,8 +93078,8 @@ rule ELASTIC_Linux_Hacktool_Portscan_E191222D : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Hacktool_Portscan.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Hacktool_Portscan.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "e2f4313538c3ef23adbfc50f37451c318bfd1ffd0e5aaa346cce4cc37417f812" logic_hash = "6ffb2add4a76214ffd555cf1fe356371acd3638216094097b355670ecfe02ecd" score = 75 @@ -92970,8 +93107,8 @@ rule ELASTIC_Linux_Hacktool_Portscan_E57B0A0C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Hacktool_Portscan.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Hacktool_Portscan.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "f8ee385316b60ee551565876287c06d76ac5765f005ca584d1ca6da13a6eb619" logic_hash = "b2f67805e9381864591fdf61846284da97f8dd2f5c60484ce9c6e76d2f6f3872" score = 75 @@ -92999,8 +93136,8 @@ rule ELASTIC_Linux_Cryptominer_Stak_05088561 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Stak.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Stak.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "d0d2bab33076121cf6a0a2c4ff1738759464a09ae4771c39442a865a76daff59" logic_hash = "2b0f8a4efdfb13abcc2a1b43e9c39828ea1de6015fef0ef613bd754da5aa3e9a" score = 75 @@ -93028,8 +93165,8 @@ rule ELASTIC_Linux_Cryptominer_Stak_Ae8B98A9 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Stak.yar#L21-L38" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Stak.yar#L21-L38" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "aade76488aa2f557de9082647153cca374a4819cd8e539ebba4bfef2334221b0" score = 75 quality = 75 @@ -93056,8 +93193,8 @@ rule ELASTIC_Linux_Cryptominer_Stak_D707Fd3A : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Stak.yar#L40-L58" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Stak.yar#L40-L58" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "d0d2bab33076121cf6a0a2c4ff1738759464a09ae4771c39442a865a76daff59" logic_hash = "b825247372aace6e3ce0ff1d9685b6bb041b7277f8967d5f5926b49813cfadc9" score = 75 @@ -93085,8 +93222,8 @@ rule ELASTIC_Linux_Cryptominer_Stak_52Dc7Af3 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Stak.yar#L60-L78" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Stak.yar#L60-L78" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "a9c14b51f95d0c368bf90fb10e7d821a2fbcc79df32fd9f068a7fc053cbd7e83" logic_hash = "81998164f517b6f1ef72b10227cfff86aa8bbd2b4e2668f946c8ed59696ae74d" score = 75 @@ -93114,8 +93251,8 @@ rule ELASTIC_Linux_Cryptominer_Stak_Bb3153Ac : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Stak.yar#L80-L98" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Stak.yar#L80-L98" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "5b974b6e6a239bcdc067c53cc8a6180c900052d7874075244dc49aaaa9414cca" logic_hash = "e8516a24358b12863fe52c823ca67f0004457017334fe77dabf5f08d6bf2d907" score = 75 @@ -93143,8 +93280,8 @@ rule ELASTIC_Windows_Exploit_CVE_2022_38028_31Fdb122 : FILE MEMORY CVE_2022_3802 date = "2024-06-06" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Exploit_CVE_2022_38028.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Exploit_CVE_2022_38028.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "6b311c0a977d21e772ac4e99762234da852bbf84293386fbe78622a96c0b052f" logic_hash = "df0ef11ce8e840c331d1db8f98917367dc2a33b6f1be48adb9d0b86729ecbe99" score = 75 @@ -93172,8 +93309,8 @@ rule ELASTIC_Linux_Ransomware_Conti_53A640F4 : FILE MEMORY date = "2022-09-22" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Ransomware_Conti.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Ransomware_Conti.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "8b57e96e90cd95fc2ba421204b482005fe41c28f506730b6148bcef8316a3201" logic_hash = "b83a47664d8acce7de17ac5972d9fd5e708c8cd3d8ebedc2bacf1397fd25f5d3" score = 75 @@ -93201,8 +93338,8 @@ rule ELASTIC_Linux_Ransomware_Conti_A89C26Cf : FILE MEMORY date = "2023-07-30" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Ransomware_Conti.yar#L21-L42" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Ransomware_Conti.yar#L21-L42" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "95776f31cbcac08eb3f3e9235d07513a6d7a6bf9f1b7f3d400b2cf0afdb088a7" logic_hash = "301f3f3ece06a1cd6788db6e3003497b27470780eaaad95f40ed926e7623793e" score = 75 @@ -93233,8 +93370,8 @@ rule ELASTIC_Windows_Backdoor_Teamviewer_Df8E7326 : FILE MEMORY date = "2022-10-29" modified = "2022-12-20" reference = "https://vms.drweb.com/virus/?i=8172096" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Backdoor_TeamViewer.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Backdoor_TeamViewer.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "68d9ffb6e00c2694d0d827108d0410d5a66d4f8cf839afddd17c5887b0149350" logic_hash = "3d42c76626c76959e450a81001c73d8d47b52789cab324e0cc7af09303c1367d" score = 75 @@ -93267,8 +93404,8 @@ rule ELASTIC_Linux_Rootkit_Adore_Fe3Fd09F : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Rootkit_Adore.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Rootkit_Adore.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "f4e532b840e279daf3d206e9214a1b065f97deb7c1487a34ac5cbd7cbbf33e1a" logic_hash = "cc07efb9484562cd870649a38126f08aa4e99ed5ad4662ece0488d9ffd97520e" score = 75 @@ -93296,8 +93433,8 @@ rule ELASTIC_Windows_Trojan_Avemaria_31D2Bce9 : FILE MEMORY date = "2021-05-30" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_AveMaria.yar#L1-L31" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_AveMaria.yar#L1-L31" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "5767bca39fa46d32a6cb69ef7bd1feaac949874768dac192dbf1cf43336b3d7b" logic_hash = "7ba59c3be07e35b415719b60b14a0f629619e5729c20f50f00dbea0c2f8bd026" score = 75 @@ -93337,8 +93474,8 @@ rule ELASTIC_Windows_Ransomware_Haron_A1C12E7E : FILE MEMORY date = "2021-08-03" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Haron.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Haron.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "6e6b78a1df17d6718daa857827a2a364b7627d9bfd6672406ad72b276014209c" logic_hash = "84df5a13495acee5dc2007cf1d6e1828a832d46fcbad2ca8676643fd47756248" score = 75 @@ -93367,8 +93504,8 @@ rule ELASTIC_Windows_Ransomware_Haron_23B76Cb7 : FILE MEMORY date = "2021-08-03" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Haron.yar#L22-L41" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Haron.yar#L22-L41" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "6e6b78a1df17d6718daa857827a2a364b7627d9bfd6672406ad72b276014209c" logic_hash = "e53c92be617444da0057680ee1ac45cbc1f707194281644bececa44e4ebe3580" score = 75 @@ -93397,8 +93534,8 @@ rule ELASTIC_Linux_Exploit_Criscras_Fc505C1D : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_Criscras.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_Criscras.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "7399f6b8fbd6d6c6fb56ab350c84910fe19cc5da67e4de37065ff3d4648078ab" logic_hash = "4d84570c13c584fb7360e798df9f3e6039ee74fdb6ad597add0ea150e3deaa80" score = 75 @@ -93426,8 +93563,8 @@ rule ELASTIC_Windows_Vulndriver_Vmdrv_7C674F8E : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_VulnDriver_Vmdrv.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_VulnDriver_Vmdrv.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "32cccc4f249499061c0afa18f534c825d01034a1f6815f5506bf4c4ff55d1351" logic_hash = "87f29b861d5239c60e44541fe31ed90696068225b1b6d824dc9b06fcdb1597ae" score = 75 @@ -93457,8 +93594,8 @@ rule ELASTIC_Windows_Hacktool_Sharphound_5Adf9D6D : FILE MEMORY date = "2022-10-20" modified = "2022-11-24" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Hacktool_SharpHound.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Hacktool_SharpHound.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "1f74ed6e61880d19e53cde5b0d67a0507bfda0be661860300dcb0f20ea9a45f4" logic_hash = "2c9f38187866985109a42ffdf8940b5d195aadd3815b2de952b190d4b0b95c3c" score = 75 @@ -93490,8 +93627,8 @@ rule ELASTIC_Windows_Ransomware_Makop_3Ac2C13C : FILE MEMORY date = "2021-08-05" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Makop.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Makop.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "854226fc4f5388d40cd9e7312797dd63739444d69a67e4126ef60817fa6972ad" logic_hash = "3fa7c506010a87ac97f415db32c21af091dff26fd912a8f9f5bb5e8d43a8da9e" score = 75 @@ -93519,8 +93656,8 @@ rule ELASTIC_Windows_Ransomware_Makop_3E388338 : FILE MEMORY date = "2021-08-05" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Makop.yar#L21-L44" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Makop.yar#L21-L44" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "854226fc4f5388d40cd9e7312797dd63739444d69a67e4126ef60817fa6972ad" logic_hash = "5a6e5fd725f3d042c0c95b42ad00c93965a49aa6bda6ec5383a239f18d74742e" score = 75 @@ -93553,8 +93690,8 @@ rule ELASTIC_Linux_Exploit_Courier_190258Dd : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_Courier.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_Courier.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "349866d0fb81d07a35b53eac6f11176721629bbd692526851e483eaa83d690c3" logic_hash = "c318d78a11a021334c84a21db2be6d7df57440a1f3ad6feaaff9cc95ebf6f716" score = 75 @@ -93582,8 +93719,8 @@ rule ELASTIC_Linux_Trojan_Asacub_D3C4Aa41 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Asacub.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Asacub.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "15044273a506f825859e287689a57c6249b01bb0a848f113c946056163b7e5f1" logic_hash = "3645e10e5ef8c50e5e82d749da07f5669c5162cb95aa5958ce45a414b870f619" score = 75 @@ -93611,8 +93748,8 @@ rule ELASTIC_Linux_Trojan_Bluez_50E87Fa9 : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "1e526b6e3be273489afa8f0a3d50be233b97dc07f85815cc2231a87f5a651ef1" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Bluez.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Bluez.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "53754c538a7dea6f06e37980901350feddc3517821ea42544cb96e371709752f" score = 75 quality = 75 @@ -93639,8 +93776,8 @@ rule ELASTIC_Windows_Ransomware_Blackbasta_494D3C54 : FILE MEMORY date = "2022-08-06" modified = "2022-08-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_BlackBasta.yar#L1-L27" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_BlackBasta.yar#L1-L27" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "357fe8c56e246ffacd54d12f4deb9f1adb25cb772b5cd2436246da3f2d01c222" logic_hash = "1ecb3c95a2d3f91d267f0b625fffc8477612fde9de3942eff8eb13115c0af6b8" score = 75 @@ -93676,8 +93813,8 @@ rule ELASTIC_Windows_Ransomware_Royal_B7D42109 : FILE MEMORY date = "2022-11-04" modified = "2022-12-20" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Royal.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Royal.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "491c2b32095174b9de2fd799732a6f84878c2e23b9bb560cd3155cbdc65e2b80" logic_hash = "06f4a1487e97e0b8c1f5df380ab4f90b37ef0a508aba7dac272c16c8371d8143" score = 75 @@ -93708,8 +93845,8 @@ rule ELASTIC_Multi_Hacktool_Nps_C6Eb4A27 : FILE MEMORY date = "2024-01-24" modified = "2024-01-29" reference = "https://www.elastic.co/security-labs/unmasking-financial-services-intrusion-ref0657" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Multi_Hacktool_Nps.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Multi_Hacktool_Nps.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "4714e8ad9c625070ca0a151ffc98d87d8e5da7c8ef42037ca5f43baede6cfac1" logic_hash = "53baf04f4ab8967761c6badb24f6632cc1bf4a448abf0049318b96855f30feea" score = 75 @@ -93742,8 +93879,8 @@ rule ELASTIC_Multi_Hacktool_Nps_F76F257D : FILE MEMORY date = "2024-01-24" modified = "2024-01-29" reference = "https://www.elastic.co/security-labs/unmasking-financial-services-intrusion-ref0657" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Multi_Hacktool_Nps.yar#L27-L50" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Multi_Hacktool_Nps.yar#L27-L50" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "80721b20a8667536a33fca50236f5c8e0c0d07aa7805b980e40818ab92cd9f4a" logic_hash = "0bbd7f86bfd2967dc390510c2e403d05e1b56551b965ea716b9e5330f75c9bd5" score = 75 @@ -93775,8 +93912,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_83715433 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Gafgyt.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Gafgyt.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "3648a407224634d76e82eceec84250a7506720a7f43a6ccf5873f478408fedba" logic_hash = "7a7328322c2c1e128e267e92de0964e78ad9f49b7de8ec69d7f0632c69723a7d" score = 75 @@ -93804,8 +93941,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_28A2Fe0C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Gafgyt.yar#L21-L38" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Gafgyt.yar#L21-L38" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "04bbc6c40cdd71b4185222a822d18b96ec8427006221f213a1c9e4d9c689ce5c" score = 75 quality = 73 @@ -93832,8 +93969,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_Eb96Cc26 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Gafgyt.yar#L40-L58" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Gafgyt.yar#L40-L58" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "440318179ba2419cfa34ea199b49ee6bdecd076883d26329bbca6dca9d39c500" logic_hash = "3d8740a6cca4856a73ea745877a3eb39cbf3ad4ca612daabd197f551116efa04" score = 75 @@ -93861,8 +93998,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_5008Aee6 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Gafgyt.yar#L60-L78" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Gafgyt.yar#L60-L78" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "b32cd71fcfda0a2fcddad49d8c5ba8d4d68867b2ff2cb3b49d1a0e358346620c" logic_hash = "538bae17dcf0298e379f656e1dba794b75af6c7448a23253a51994bde9d30524" score = 75 @@ -93890,8 +94027,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_6321B565 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Gafgyt.yar#L80-L98" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Gafgyt.yar#L80-L98" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "cd48addd392e7912ab15a5464c710055f696990fab564f29f13121e7a5e93730" logic_hash = "ad5c73ab68059101acf2fd8cfb3d676fd1ff58811e1c4b9008c291361ee951b8" score = 75 @@ -93919,8 +94056,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_A6A2Adb9 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Gafgyt.yar#L100-L118" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Gafgyt.yar#L100-L118" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df" logic_hash = "8f5fc4cb1ad51178701509a44a793e119fe7e7fad97eafcac8be14fce64e3b7b" score = 75 @@ -93948,8 +94085,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_C573932B : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Gafgyt.yar#L120-L138" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Gafgyt.yar#L120-L138" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68" logic_hash = "174a3fcebc1e17cc35ddc11fde1798164b5783fc51fdf16581a9690c3b4d6549" score = 75 @@ -93977,8 +94114,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_A10161Ce : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Gafgyt.yar#L140-L157" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Gafgyt.yar#L140-L157" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "12ba13a746300d1ab1d0386b86ec224eebf4e6d0b3688495c2fee6a7eccc361d" score = 75 quality = 75 @@ -94005,8 +94142,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_Ae01D978 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Gafgyt.yar#L159-L176" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Gafgyt.yar#L159-L176" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "c6c22b11dc1f0d4996e5da92c6edf58b7d21d7be40da87ddd39ed0e2d4c84072" score = 75 quality = 75 @@ -94033,8 +94170,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_9E9530A7 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Gafgyt.yar#L178-L196" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Gafgyt.yar#L178-L196" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961" logic_hash = "6a5a80e58c86a80f8954e678a2cc26b258d7d7c50047a3e71f3580f1780e3454" score = 75 @@ -94062,8 +94199,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_5Bf62Ce4 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Gafgyt.yar#L198-L216" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Gafgyt.yar#L198-L216" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68" logic_hash = "848e0c796584cfa21afc182da5f417f5467ae84c74f52cabc13e0f5de4990232" score = 75 @@ -94091,8 +94228,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_F3D83A74 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Gafgyt.yar#L218-L236" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Gafgyt.yar#L218-L236" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df" logic_hash = "2db46180e66c9268a97d63cd1c4eb8439e6882b4e3277bc4848e940e4d25482f" score = 75 @@ -94120,8 +94257,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_807911A2 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Gafgyt.yar#L238-L255" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Gafgyt.yar#L238-L255" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "66b15304d5ed22daea666bd0e2b18726b8a058361ff8d69b974bfded933a4d8c" score = 75 quality = 75 @@ -94148,8 +94285,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_9C18716C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Gafgyt.yar#L257-L274" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Gafgyt.yar#L257-L274" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "0e70dc82b2049a6f5efcc501e18e6f87e04a2d50efcb5143240c68c4a924de52" score = 75 quality = 75 @@ -94176,8 +94313,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_Fbed4652 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Gafgyt.yar#L276-L294" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Gafgyt.yar#L276-L294" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "2ea21358205612f5dc0d5f417c498b236c070509531621650b8c215c98c49467" logic_hash = "fc1f501123ab7421034e183186b077f65838b475f883d4ff04e8fc8a283424ef" score = 75 @@ -94205,8 +94342,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_94A44Aa5 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Gafgyt.yar#L296-L314" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Gafgyt.yar#L296-L314" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "a7694202f9c32a9d73a571a30a9e4a431d5dfd7032a500084756ba9a48055dba" logic_hash = "deb46c2960dc4868b7bac1255d8753895950bc066dec03674a714860ff72ef2c" score = 60 @@ -94234,8 +94371,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_E0673A90 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Gafgyt.yar#L316-L334" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Gafgyt.yar#L316-L334" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "c5a317d0d8470814ff343ce78ad2428ebb3f036763fcf703a589b6c4d33a3ec6" logic_hash = "149147eedd66f9ca2dad9cb69f37abc849d44331ec1b5d2917ab3867ced0b274" score = 75 @@ -94263,8 +94400,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_821173Df : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Gafgyt.yar#L336-L354" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Gafgyt.yar#L336-L354" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "de7d1aff222c7d474e1a42b2368885ef16317e8da1ca3a63009bf06376026163" logic_hash = "1c6c7666983c43176aa1a9628fb4352f8f11729e02dda13669ca2e62aed5f4ee" score = 75 @@ -94292,8 +94429,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_31796A40 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Gafgyt.yar#L356-L374" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Gafgyt.yar#L356-L374" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "227c7f13f7bdadf6a14cc85e8d2106b9d69ab80abe6fc0056af5edef3621d4fb" logic_hash = "0e0e901d12edd77e77a205f8547f891f483fc8676493e9b7a324e970225af3c9" score = 75 @@ -94321,8 +94458,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_750Fe002 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Gafgyt.yar#L376-L394" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Gafgyt.yar#L376-L394" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68" logic_hash = "eb9907d8a63822c2e3ab57d43dca8ede7876610f029e2f9c10c9eeace9ea0078" score = 75 @@ -94350,8 +94487,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_6122Acdf : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Gafgyt.yar#L396-L413" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Gafgyt.yar#L396-L413" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "140b32a8f2b7493b068e63a05b3d9baec6ec14c9f2062c7e760dde96335e29f1" score = 75 quality = 75 @@ -94378,8 +94515,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_A0A4De11 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Gafgyt.yar#L415-L433" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Gafgyt.yar#L415-L433" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "cf1ca1d824c8687e87a5b0275a0e39fa101442b4bbf470859ddda9982f9b3417" logic_hash = "220c6ba82b906f070123b3bae9aafa72c0fb3bc8d5858a4f4bd65567076eb73d" score = 75 @@ -94407,8 +94544,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_A473Dcb6 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Gafgyt.yar#L435-L453" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Gafgyt.yar#L435-L453" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "7ba74e3cb0d633de0e8dbe6cfc49d4fc77dd0c02a5f1867cc4a1f1d575def97d" logic_hash = "106ee9cd9c368674ae08b835f54dbb6918b553e3097aae9b0de88f55420f046b" score = 75 @@ -94436,8 +94573,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_30444846 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Gafgyt.yar#L455-L473" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Gafgyt.yar#L455-L473" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "c84b81d79d437bb9b8a6bad3646aef646f2a8e1f1554501139648d2f9de561da" logic_hash = "26bc95efb2ea69fece52cf3ab38ce35891c77fc0dac3e26e5580ba3a88e112e9" score = 75 @@ -94465,8 +94602,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_Ea92Cca8 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Gafgyt.yar#L475-L492" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Gafgyt.yar#L475-L492" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "5a9598b3fd37b15444063403a481df1a43894ddcbbd343961e1c770cb74180c9" score = 75 quality = 73 @@ -94493,8 +94630,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_D4227Dbf : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Gafgyt.yar#L494-L512" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Gafgyt.yar#L494-L512" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961" logic_hash = "7953b8d08834315a6ca2c0c8ac1ec7b74a6ffcb71cec4fc053c24e1b59232c0c" score = 75 @@ -94522,8 +94659,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_09C3070E : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Gafgyt.yar#L514-L532" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Gafgyt.yar#L514-L532" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df" logic_hash = "f8f8e8883cf1e51fbaef81b8334ac5fa45a54682d285282da62c80e4aa50a48d" score = 75 @@ -94551,8 +94688,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_Fa19B8Fc : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Gafgyt.yar#L534-L552" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Gafgyt.yar#L534-L552" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "a7cfc16ec33ec633cbdcbff3c4cefeed84d7cbe9ca1f4e2a3b3e43d39291cd6b" logic_hash = "cddf3b9948b9bc685ff7d4c00377d0f80861169707777022297e549bd166dbf0" score = 75 @@ -94580,8 +94717,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_Eaa9A668 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Gafgyt.yar#L554-L572" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Gafgyt.yar#L554-L572" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "409c55110d392aed1a9ec98a6598fb8da86ab415534c8754aa48e3949e7c4b62" logic_hash = "05e9047342a9d081a09f8514f0ec32d72bc43a286035014ada90b0243f92cfa8" score = 75 @@ -94609,8 +94746,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_46Eec778 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Gafgyt.yar#L574-L592" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Gafgyt.yar#L574-L592" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "9526277255a8d632355bfe54d53154c9c54a4ab75e3ba24333c73ad0ed7cadb1" logic_hash = "08e77a31005e14a06197857301e22d20334c1f2ef7fc06a4208643438377f4c4" score = 75 @@ -94638,8 +94775,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_F51C5Ac3 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Gafgyt.yar#L594-L612" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Gafgyt.yar#L594-L612" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "899c072730590003b98278bdda21c15ecaa2f49ad51e417ed59e88caf054a72d" logic_hash = "e82b5ddb760d5bdcd146e1de12ec34c4764e668543420765146e22dee6f5732b" score = 75 @@ -94667,8 +94804,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_71E487Ea : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Gafgyt.yar#L614-L632" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Gafgyt.yar#L614-L632" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "b8d044f2de21d20c7e4b43a2baf5d8cdb97fba95c3b99816848c0f214515295b" logic_hash = "3de9e0e3334e9e6e5906886f95ff8ce3596f85772dc25021fb0ee148281cf81c" score = 75 @@ -94696,8 +94833,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_6620Ec67 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Gafgyt.yar#L634-L652" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Gafgyt.yar#L634-L652" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "b91eb196605c155c98f824abf8afe122f113d1fed254074117652f93d0c9d6b2" logic_hash = "2df2c8cdc2cb545f916159d44a800708b55a2993cd54a4dcf920a6a8dc6361e7" score = 75 @@ -94725,8 +94862,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_D996D335 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Gafgyt.yar#L654-L672" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Gafgyt.yar#L654-L672" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda" logic_hash = "212c75ab61eac8b3ed2049966628dfc81ae5a620b4a4b38aaa0696d594910dea" score = 75 @@ -94754,8 +94891,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_D0C57A2E : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Gafgyt.yar#L674-L691" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Gafgyt.yar#L674-L691" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "2ac51f0943d573fdc9a39837aeefd9158c27a4b3f35fbbb0a058a88392a53c14" score = 75 quality = 75 @@ -94782,8 +94919,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_751Acb94 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Gafgyt.yar#L693-L710" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Gafgyt.yar#L693-L710" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "1963351d209168f4ae2268d245cfd5320e4442d00746d021088ffae98e5da454" score = 75 quality = 75 @@ -94810,8 +94947,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_656Bf077 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Gafgyt.yar#L712-L730" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Gafgyt.yar#L712-L730" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "c5a317d0d8470814ff343ce78ad2428ebb3f036763fcf703a589b6c4d33a3ec6" logic_hash = "0c9728304e720eb2cd00afad8d16f309514473dece48fa94af6a72ca41705a36" score = 75 @@ -94839,8 +94976,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_E6D75E6F : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Gafgyt.yar#L732-L750" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Gafgyt.yar#L732-L750" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "48b15093f33c18778724c48c34199a420be4beb0d794e36034097806e1521eb8" logic_hash = "339dd33a3313a4a94d2515cd4c2100ac6b9d5e0029881494c28dc3e7c8a05798" score = 75 @@ -94868,8 +95005,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_7167D08F : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Gafgyt.yar#L752-L770" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Gafgyt.yar#L752-L770" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68" logic_hash = "88c07bf06801192f38ef66229a0aa5c1ef6242caeb080ce1c7cd13ad0d540c82" score = 75 @@ -94897,8 +95034,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_27De1106 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Gafgyt.yar#L772-L790" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Gafgyt.yar#L772-L790" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "899c072730590003b98278bdda21c15ecaa2f49ad51e417ed59e88caf054a72d" logic_hash = "4e266e1ae31d7d86866b112a04ca38c0a8185c18ebb10ac6497bbaa69f51b2fd" score = 75 @@ -94926,8 +95063,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_148B91A2 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Gafgyt.yar#L792-L810" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Gafgyt.yar#L792-L810" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "d5b2bde0749ff482dc2389971e2ac76c4b1e7b887208a538d5555f0fe6984825" logic_hash = "1a974c0882c2d088c978a52e5b535807c86f117cf2f05c40c084e849b1849f5b" score = 75 @@ -94955,8 +95092,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_20F5E74F : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Gafgyt.yar#L812-L830" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Gafgyt.yar#L812-L830" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "9084b00f9bb71524987dc000fb2bc6f38e722e2be2832589ca4bb1671e852f5b" logic_hash = "067f1c15961c1ddceecb490b338db9f5b8501d89b38e870edfa628d21527dc1c" score = 75 @@ -94984,8 +95121,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_1B2E2A3A : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Gafgyt.yar#L832-L850" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Gafgyt.yar#L832-L850" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "899c072730590003b98278bdda21c15ecaa2f49ad51e417ed59e88caf054a72d" logic_hash = "6f40f868d20f0125721eb2a7934b356d69b695d4a558155a2ddcd0107d3f8c30" score = 75 @@ -95013,8 +95150,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_620087B9 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Gafgyt.yar#L852-L870" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Gafgyt.yar#L852-L870" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961" logic_hash = "411451ea326498a25af8be5cd43fe0b98973af354706268c89828b88ece5e497" score = 75 @@ -95042,8 +95179,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_Dd0D6173 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Gafgyt.yar#L872-L890" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Gafgyt.yar#L872-L890" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "c5a317d0d8470814ff343ce78ad2428ebb3f036763fcf703a589b6c4d33a3ec6" logic_hash = "7061edef1981e2b93bcdd8be47c0f6067acc140a543eed748bf0513f182e0a59" score = 75 @@ -95071,8 +95208,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_779E142F : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Gafgyt.yar#L892-L910" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Gafgyt.yar#L892-L910" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df" logic_hash = "80ba5a1cf333fafc6a1d7823ca4a8d5c30c1c07a01d6d681c22dd29e197089f1" score = 75 @@ -95100,8 +95237,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_Cf84C9F2 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Gafgyt.yar#L912-L930" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Gafgyt.yar#L912-L930" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df" logic_hash = "9af164ece7e7e0f33dc32f18735a8f655593ae6cde34e05108f3221b71aa8676" score = 75 @@ -95129,8 +95266,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_0Cd591Cd : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Gafgyt.yar#L932-L949" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Gafgyt.yar#L932-L949" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "4300bdd173dfb33ca34c0f2fe4fa6ee071e99d5db201262e914721aad0ad433b" score = 75 quality = 75 @@ -95157,8 +95294,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_859042A0 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Gafgyt.yar#L951-L969" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Gafgyt.yar#L951-L969" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "41615d3f3f27f04669166fdee3996d77890016304ee87851a5f90804d6d4a0b0" logic_hash = "b8daa4a136a6511472703687fe56fbca2bd005a1373802a46c8d211b6d039d75" score = 75 @@ -95186,8 +95323,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_33B4111A : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Gafgyt.yar#L971-L989" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Gafgyt.yar#L971-L989" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961" logic_hash = "a08c0f7be26e2e9abfaa392712895bb3ce1d12583da4060ebe41e1a9c1491b7c" score = 75 @@ -95215,8 +95352,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_4F43B164 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Gafgyt.yar#L991-L1009" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Gafgyt.yar#L991-L1009" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "f0fdb3de75f85e199766bbb39722865cac578cde754afa2d2f065ef028eec788" logic_hash = "79a17e70e9b7af6e53f62211c33355a4c46a82e7c4e80c20ffe9684e24155808" score = 75 @@ -95244,8 +95381,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_E4A1982B : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Gafgyt.yar#L1011-L1028" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Gafgyt.yar#L1011-L1028" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "4cd7aa205b3571cffca208e315d6311fa92a5993e2a8e40d342d6184811f42f0" score = 75 quality = 75 @@ -95272,8 +95409,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_862C4E0E : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Gafgyt.yar#L1030-L1048" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Gafgyt.yar#L1030-L1048" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "9526277255a8d632355bfe54d53154c9c54a4ab75e3ba24333c73ad0ed7cadb1" logic_hash = "a1dce44e76f9d2a517c4849c58dfecb07e1ef0d78fddff10af601184d636583f" score = 75 @@ -95301,8 +95438,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_9127F7Be : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Gafgyt.yar#L1050-L1068" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Gafgyt.yar#L1050-L1068" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "899c072730590003b98278bdda21c15ecaa2f49ad51e417ed59e88caf054a72d" logic_hash = "2b1fa115598561e081dfb9b5f24f6728b0d52cb81ac7933728d81646f461bcae" score = 75 @@ -95330,8 +95467,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_0E03B7D3 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Gafgyt.yar#L1070-L1087" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Gafgyt.yar#L1070-L1087" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "845be03fac893f8e914aabda5206000dc07947ade0b8f46cc5d58d8458f035f6" score = 75 quality = 75 @@ -95358,8 +95495,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_32Eb0C81 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Gafgyt.yar#L1089-L1107" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Gafgyt.yar#L1089-L1107" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "275cbd5d3b3d8c521649b95122d90d1ca9b7ae1958b721bdc158aaa2d31d49df" logic_hash = "a06d9e1190ba79b0e19cab7468f01a49359629a6feb27b7d72f3d1d52d1483d7" score = 75 @@ -95387,8 +95524,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_9Abf7E0C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Gafgyt.yar#L1109-L1126" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Gafgyt.yar#L1109-L1126" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "00276330e388d07368577c4134343cb9fc11957dba6cff5523331199f1ed04aa" score = 75 quality = 75 @@ -95415,8 +95552,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_33801844 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Gafgyt.yar#L1128-L1146" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Gafgyt.yar#L1128-L1146" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "2ceff60e88c30c02c1c7b12a224aba1895669aad7316a40b575579275b3edbb3" logic_hash = "20b8ebce14776e48310be099afd0dca0f28778d0024318b339b75e2689f70128" score = 75 @@ -95444,8 +95581,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_A33A8363 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Gafgyt.yar#L1148-L1165" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Gafgyt.yar#L1148-L1165" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "3fe17dc43f07dacdad6ababf141983854b977e244c0af824fea0ab953ad70fee" score = 75 quality = 75 @@ -95472,8 +95609,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_9A62845F : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Gafgyt.yar#L1167-L1185" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Gafgyt.yar#L1167-L1185" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "f67f8566beab9d7494350923aceb0e76cd28173bdf2c4256e9d45eff7fc8cb41" logic_hash = "b3ab125c8bfb5b7a0be0e92cf5a50057e403ab3597698ec2e7a8bafa0d3a8b80" score = 75 @@ -95501,8 +95638,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_4D81Ad42 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Gafgyt.yar#L1187-L1205" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Gafgyt.yar#L1187-L1205" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "3021a861e6f03df3e7e3919e6255bdae6e48163b9a8ba4f1a5c5dced3e3e368b" logic_hash = "57b54eed37690949ba2d4eff713691f16f00207d7b374beb7dfa2e368588dbb0" score = 75 @@ -95530,8 +95667,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_6A510422 : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "14cc92b99daa0c91aa09d9a7996ee5549a5cacd7be733960b2cf3681a7c2b628" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Gafgyt.yar#L1207-L1225" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Gafgyt.yar#L1207-L1225" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "4384536817bf5df223d4cf145892b7714f2dbd1748930b6cd43152d4e35c9e56" score = 75 quality = 75 @@ -95558,8 +95695,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_D2953F92 : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "14cc92b99daa0c91aa09d9a7996ee5549a5cacd7be733960b2cf3681a7c2b628" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Gafgyt.yar#L1227-L1245" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Gafgyt.yar#L1227-L1245" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "d0af462d26f6ffe469c57d63f1f7d551e3fb9cc39c7e4c35b3e71f659c01c076" score = 75 quality = 75 @@ -95586,8 +95723,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_6Ae4B580 : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "14cc92b99daa0c91aa09d9a7996ee5549a5cacd7be733960b2cf3681a7c2b628" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Gafgyt.yar#L1247-L1265" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Gafgyt.yar#L1247-L1265" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "eb0fe44df1c995c5d4e3a361c3e466f78cb70bffbc76d1b7b345ee651b313b9e" score = 75 quality = 75 @@ -95614,8 +95751,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_D608Cf3B : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "14cc92b99daa0c91aa09d9a7996ee5549a5cacd7be733960b2cf3681a7c2b628" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Gafgyt.yar#L1267-L1285" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Gafgyt.yar#L1267-L1285" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "ad5b7d32c85adc7f778a8f4815e595b90a6f15dec048bcf97c6ab179582eb4f7" score = 75 quality = 75 @@ -95642,8 +95779,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_3F8Cf56E : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "1878f0783085cc6beb2b81cfda304ec983374264ce54b6b98a51c09aea9f750d" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Gafgyt.yar#L1287-L1305" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Gafgyt.yar#L1287-L1305" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "b2cf8b1913a88e6a6346f0ac8cd2e7c33b41d44bf60ff7327ae40a2d54748bd9" score = 75 quality = 75 @@ -95670,8 +95807,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_Fb14E81F : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "0fd07e6068a721774716eb4940e2c19faef02d5bdacf3b018bf5995fa98a3a27" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Gafgyt.yar#L1307-L1325" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Gafgyt.yar#L1307-L1325" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "2efb958c269640c374485502611372f4404cf35d7ab704d20ce37b8c1f69645d" score = 75 quality = 75 @@ -95698,8 +95835,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_E09726Dc : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "1e64187b5e3b5fe71d34ea555ff31961404adad83f8e0bd1ce0aad056a878d73" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Gafgyt.yar#L1327-L1345" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Gafgyt.yar#L1327-L1345" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "ebd00e593a7fcd46e36fd0ca213e1f82c0f4a94448b6fd605d35cea45a490493" score = 75 quality = 75 @@ -95726,8 +95863,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_Ad12B9B6 : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "f0411131acfddb40ac8069164ce2808e9c8928709898d3fb5dc88036003fe9c8" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Gafgyt.yar#L1347-L1365" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Gafgyt.yar#L1347-L1365" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "72a85d14eb8ab78364ea2e8b89d9409c0046b14602f4a3415d829f4985fb2de3" score = 75 quality = 75 @@ -95754,8 +95891,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_0535Ebf7 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Gafgyt.yar#L1367-L1385" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Gafgyt.yar#L1367-L1385" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "77e18bb5479b644ba01d074057c9e2bd532717f6ab3bb88ad2b7497b85d2a5de" logic_hash = "eb574468e9d371def0da74e6aba827272181399a84388a14ffb167ec6ebd40d1" score = 75 @@ -95783,8 +95920,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_32A7Edd2 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Gafgyt.yar#L1387-L1405" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Gafgyt.yar#L1387-L1405" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "79a75c8aa5aa0d1edef5965e1bcf8ba2f2a004a77833a74870b8377d7fde89cf" logic_hash = "af26549c1cad0975735e2c233bc71e5e1b0e283d02552fdaea02656332ecd854" score = 75 @@ -95812,8 +95949,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_D7F35B54 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Gafgyt.yar#L1407-L1425" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Gafgyt.yar#L1407-L1425" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "79a75c8aa5aa0d1edef5965e1bcf8ba2f2a004a77833a74870b8377d7fde89cf" logic_hash = "d827e21c09b8dce65db293aa57b39f49f034537bb708471989ad64e653c479be" score = 75 @@ -95841,8 +95978,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_F11E98Be : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Gafgyt.yar#L1427-L1445" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Gafgyt.yar#L1427-L1445" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "79a75c8aa5aa0d1edef5965e1bcf8ba2f2a004a77833a74870b8377d7fde89cf" logic_hash = "9b9122f0897610dff6b37446b3cecbfcec3dce8dc7e1934e78cc32d5f6ac9648" score = 75 @@ -95870,8 +96007,8 @@ rule ELASTIC_Linux_Trojan_Gafgyt_8D4E4F4A : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Gafgyt.yar#L1447-L1465" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Gafgyt.yar#L1447-L1465" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "79a75c8aa5aa0d1edef5965e1bcf8ba2f2a004a77833a74870b8377d7fde89cf" logic_hash = "11ee101a936f8e6949701e840ef48a0fe102099ea3b71c790b9a5128e5c59029" score = 75 @@ -95899,8 +96036,8 @@ rule ELASTIC_Linux_Ransomware_Akira_02237952 : FILE MEMORY date = "2023-07-28" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Ransomware_Akira.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Ransomware_Akira.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "1d3b5c650533d13c81e325972a912e3ff8776e36e18bca966dae50735f8ab296" logic_hash = "a9b3cdddb3387251d7da90f32b08b9c1eedcdff1fe90d51f4732183666a6d467" score = 75 @@ -95931,8 +96068,8 @@ rule ELASTIC_Windows_Trojan_Farfli_85D1Bcc9 : FILE MEMORY date = "2022-02-17" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Farfli.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Farfli.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "e3e9ea1b547cc235e6f1a78b4ca620c69a54209f84c7de9af17eb5b02e9b58c3" logic_hash = "746eb5a2583077189d82d1a96b499ff383f31220845bd8a6df5b7a7ceb11e6fb" score = 75 @@ -95960,8 +96097,8 @@ rule ELASTIC_Macos_Hacktool_Bifrost_39Bcbdf8 : FILE MEMORY date = "2021-10-12" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/MacOS_Hacktool_Bifrost.yar#L1-L27" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/MacOS_Hacktool_Bifrost.yar#L1-L27" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "e2b64df0add316240b010db7d34d83fc9ac7001233259193e5a72b6e04aece46" logic_hash = "a2ff4f1aca51e80f2b277e9171e99a80a75177d1d17d487de2eb8872832cb0d5" score = 75 @@ -95997,8 +96134,8 @@ rule ELASTIC_Linux_Cryptominer_Ccminer_18Fc60E5 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Ccminer.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Ccminer.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "dbb403a00c75ef2a74b41b8b58d08a6749f37f922de6cc19127a8f244d901c60" logic_hash = "75db45ccbeb558409ee9398065591472d4aee0382be5980adb9d0fb41e557789" score = 75 @@ -96026,8 +96163,8 @@ rule ELASTIC_Linux_Cryptominer_Ccminer_3C593Bc3 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Ccminer.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Ccminer.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "dbb403a00c75ef2a74b41b8b58d08a6749f37f922de6cc19127a8f244d901c60" logic_hash = "94a0d33b474b3c60e926eaf06147eb0fdc56beac525f25326448bf2a5177d9c0" score = 75 @@ -96055,8 +96192,8 @@ rule ELASTIC_Linux_Exploit_CVE_2017_100011_21025F50 : FILE MEMORY CVE_2017_10001 date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_CVE_2017_100011.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_CVE_2017_100011.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "32db88b2c964ce48e6d1397ca655075ea54ce298340af55ea890a2411a67d554" logic_hash = "3ec54a7639ccfc019e01fa287f69a93af57087e2d67d0c8574a646afb9043db5" score = 75 @@ -96084,8 +96221,8 @@ rule ELASTIC_Windows_Vulndriver_Microstar_D72B85B2 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_VulnDriver_MicroStar.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_VulnDriver_MicroStar.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "3ed15a390d8dfbd8a8fb99e8367e19bfd1cced0e629dfe43ccdb46c863394b59" logic_hash = "04e9c1f318acae5544cdc826938383bf8f6c6b838cb5828a7097383ac564f404" score = 75 @@ -96115,8 +96252,8 @@ rule ELASTIC_Windows_Trojan_Buerloader_C8A60F46 : FILE MEMORY date = "2021-08-16" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Buerloader.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Buerloader.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "3abed86f46c8be754239f8c878f035efaae91c33b8eb8818c5bbed98c4d9a3ac" logic_hash = "d11b117efc10547e77ce8979f8a1d42f34937101e58a0e36228baa37cd30d2aa" score = 75 @@ -96149,8 +96286,8 @@ rule ELASTIC_Linux_Trojan_Kinsing_196523Fa : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Kinsing.yar#L1-L18" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Kinsing.yar#L1-L18" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "baa5808fcf22700ae96844dbf8cb3bec52425eec365d2ba4c71b73ece11a69a2" score = 75 quality = 75 @@ -96177,8 +96314,8 @@ rule ELASTIC_Linux_Trojan_Kinsing_7Cdbe9Fa : FILE MEMORY date = "2021-12-13" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Kinsing.yar#L20-L38" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Kinsing.yar#L20-L38" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "b3527e3d03a30fcf1fdaa73a1b3743866da6db088fbfa5f51964f519e22d05e6" logic_hash = "c6f5d2cf0430301ec0eae57808100203b69428f258e0e6882fecbc762d73f4bf" score = 75 @@ -96206,8 +96343,8 @@ rule ELASTIC_Linux_Trojan_Kinsing_2C1Ffe78 : FILE MEMORY date = "2021-12-13" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Kinsing.yar#L40-L58" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Kinsing.yar#L40-L58" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "b3527e3d03a30fcf1fdaa73a1b3743866da6db088fbfa5f51964f519e22d05e6" logic_hash = "9561511710eef5877c5afa49890b77fbad31a6e312b5cd33fc01f91ff2a73583" score = 75 @@ -96235,8 +96372,8 @@ rule ELASTIC_Linux_Trojan_Kinsing_85276Fb4 : FILE MEMORY date = "2021-12-13" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Kinsing.yar#L60-L78" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Kinsing.yar#L60-L78" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "b3527e3d03a30fcf1fdaa73a1b3743866da6db088fbfa5f51964f519e22d05e6" logic_hash = "6919afd133e7e369eece10ea79d9d17a1a3fbb6210593395e0be157f8c262811" score = 75 @@ -96264,8 +96401,8 @@ rule ELASTIC_Windows_Hacktool_Sharpup_E5C87C9A : FILE MEMORY date = "2022-10-20" modified = "2022-11-24" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Hacktool_SharpUp.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Hacktool_SharpUp.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "45e92b991b3633b446473115f97366d9f35acd446d00cd4a05981a056660ad27" logic_hash = "62e9aafd308aacbc7a124c707e230c5a9ffde4f6929a5feada5497e3eae7668c" score = 75 @@ -96299,8 +96436,8 @@ rule ELASTIC_Linux_Virus_Rst_1214E2Ae : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Virus_Rst.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Virus_Rst.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "b0e4f44d2456960bb6b20cb468c4ca1390338b83774b7af783c3d03e49eebe44" logic_hash = "82de4a97f414d591daba2d5d49b941ec4c51d6a6af36f97f062eaac5c74ebe30" score = 75 @@ -96328,8 +96465,8 @@ rule ELASTIC_Linux_Hacktool_Aduh_6Cae7C78 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Hacktool_Aduh.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Hacktool_Aduh.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "9c67207546ad274dc78a0819444d1c8805537f9ac36d3c53eba9278ed44b360c" logic_hash = "130df108de5b6cdfb9227f96301bdaa1e272d47b8cb9ad96c3aa574bf65870b2" score = 75 @@ -96357,8 +96494,8 @@ rule ELASTIC_Linux_Exploit_Sorso_Ecf99F8F : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_Sorso.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_Sorso.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "c0f0a7b45fb91bc18264d901c20539dd32bc03fa5b7d839a0ef5012fb0d895cd" logic_hash = "c771ff109e548e37134cd76ac668f0d4abafcf262de12b00236ad94fc11a99d1" score = 75 @@ -96386,8 +96523,8 @@ rule ELASTIC_Linux_Exploit_Sorso_91A4D487 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_Sorso.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_Sorso.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "c0f0a7b45fb91bc18264d901c20539dd32bc03fa5b7d839a0ef5012fb0d895cd" logic_hash = "bb58c78ae3cc730aa1ef32974f65adabd63972ef181696aeb79954f904f2f405" score = 75 @@ -96415,8 +96552,8 @@ rule ELASTIC_Linux_Exploit_Sorso_61Eae7Dd : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_Sorso.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_Sorso.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "c0f0a7b45fb91bc18264d901c20539dd32bc03fa5b7d839a0ef5012fb0d895cd" logic_hash = "a8bc8a2c8405b80b160ad21898003781405a762c0e627f13b34e9362e0aa51a1" score = 75 @@ -96444,8 +96581,8 @@ rule ELASTIC_Linux_Trojan_Truncpx_894D60F8 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Truncpx.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Truncpx.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "2f09f2884fd5d3f5193bfc392656005bce6b935c12b3049ac8eb96862e4645ba" logic_hash = "9bc0a7fbddac532b53c72681f349bca0370b1fe6fb2d16f539560085b3ec4be3" score = 75 @@ -96473,8 +96610,8 @@ rule ELASTIC_Linux_Exploit_Foda_F41E9Ef9 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_Foda.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_Foda.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "6059a6dd039b5efa36ce97acbb01406128aaf6062429474e422624ee69783ca8" logic_hash = "7b15fef304b91601a76c6fcf48a892105d6eedf5a3e2395ab7c2937a84709d9f" score = 75 @@ -96502,8 +96639,8 @@ rule ELASTIC_Windows_Trojan_Icedid_1Cd868A6 : FILE MEMORY date = "2021-02-28" modified = "2021-08-23" reference = "https://www.fireeye.com/blog/threat-research/2021/02/melting-unc2198-icedid-to-ransomware-operations.html" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_IcedID.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_IcedID.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "68dce9f214e7691db77a2f03af16a669a3cb655699f31a6c1f5aaede041468ff" logic_hash = "4765b2b1d463f09d7e21367c2832b3ad668aa67d8078798a14295b6e6c846c1c" score = 75 @@ -96531,8 +96668,8 @@ rule ELASTIC_Windows_Trojan_Icedid_237E9Fb6 : FILE MEMORY date = "2021-02-28" modified = "2021-08-23" reference = "https://www.fireeye.com/blog/threat-research/2021/02/melting-unc2198-icedid-to-ransomware-operations.html" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_IcedID.yar#L23-L43" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_IcedID.yar#L23-L43" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "b21f9afc6443548427bf83b5f93e7a54ac3af306d9d71b8348a6f146b2819457" logic_hash = "31479eae077b2d78cb1770eef3b37bec941f35c9ceb329e01dd65a32e785fa74" score = 75 @@ -96560,8 +96697,8 @@ rule ELASTIC_Windows_Trojan_Icedid_F1Ce2F0A : FILE MEMORY date = "2021-02-28" modified = "2021-08-23" reference = "https://www.fireeye.com/blog/threat-research/2021/02/melting-unc2198-icedid-to-ransomware-operations.html" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_IcedID.yar#L45-L65" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_IcedID.yar#L45-L65" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "b21f9afc6443548427bf83b5f93e7a54ac3af306d9d71b8348a6f146b2819457" logic_hash = "a1f1824a7208201616dde40bea514dfc2cdf908bd8ed24b9f96c2bcad2c8107f" score = 75 @@ -96589,8 +96726,8 @@ rule ELASTIC_Windows_Trojan_Icedid_08530E24 : FILE MEMORY date = "2021-03-21" modified = "2021-08-23" reference = "https://www.elastic.co/security-labs/thawing-the-permafrost-of-icedid-summary" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_IcedID.yar#L67-L99" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_IcedID.yar#L67-L99" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "31db92c7920e82e49a968220480e9f130dea9b386083b78a79985b554ecdc6e4" logic_hash = "a63511edde9d873e184ddb4720b4752b0e7df4bdb2114b05c16f2ca0594eb6b8" score = 75 @@ -96631,8 +96768,8 @@ rule ELASTIC_Windows_Trojan_Icedid_11D24D35 : FILE MEMORY date = "2022-02-16" modified = "2022-04-06" reference = "https://www.elastic.co/security-labs/thawing-the-permafrost-of-icedid-summary" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_IcedID.yar#L101-L121" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_IcedID.yar#L101-L121" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "b8d794f6449669ff2d11bc635490d9efdd1f4e92fcb3be5cdb4b40e4470c0982" logic_hash = "4a5d0f37e3e80e370ae79fd45256dbd274ed8f8bcd021e8d6f95a0bc0bc5321f" score = 75 @@ -96661,8 +96798,8 @@ rule ELASTIC_Windows_Trojan_Icedid_0B62E783 : FILE MEMORY date = "2022-04-06" modified = "2022-06-09" reference = "https://www.elastic.co/security-labs/thawing-the-permafrost-of-icedid-summary" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_IcedID.yar#L123-L142" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_IcedID.yar#L123-L142" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "b9fb0a4c28613c556fb67a0b0e7c9d4c1236b60a161ad935e7387aec5911413a" logic_hash = "aca126529dfa8047ed7dfdc60d970759ab5307448d7d764f88e402cd8d2a016f" score = 75 @@ -96690,8 +96827,8 @@ rule ELASTIC_Windows_Trojan_Icedid_91562D18 : FILE MEMORY date = "2022-04-06" modified = "2022-06-09" reference = "https://www.elastic.co/security-labs/thawing-the-permafrost-of-icedid-summary" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_IcedID.yar#L144-L163" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_IcedID.yar#L144-L163" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "b9fb0a4c28613c556fb67a0b0e7c9d4c1236b60a161ad935e7387aec5911413a" logic_hash = "81c87d0d6726bc2dde42fe93c77af53cdd29bb6437fe3d47d1b4550140722c88" score = 75 @@ -96719,8 +96856,8 @@ rule ELASTIC_Windows_Trojan_Icedid_2086Aecb : FILE MEMORY date = "2022-04-06" modified = "2022-03-02" reference = "https://www.elastic.co/security-labs/thawing-the-permafrost-of-icedid-summary" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_IcedID.yar#L165-L184" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_IcedID.yar#L165-L184" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "b9fb0a4c28613c556fb67a0b0e7c9d4c1236b60a161ad935e7387aec5911413a" logic_hash = "561bf7eacfbbf1b4e0c111347f0d6ff4325bdbce8db73bee1ba836b610569c0d" score = 75 @@ -96748,8 +96885,8 @@ rule ELASTIC_Windows_Trojan_Icedid_48029E37 : FILE MEMORY date = "2022-04-06" modified = "2022-06-09" reference = "https://www.elastic.co/security-labs/thawing-the-permafrost-of-icedid-summary" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_IcedID.yar#L186-L205" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_IcedID.yar#L186-L205" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "b9fb0a4c28613c556fb67a0b0e7c9d4c1236b60a161ad935e7387aec5911413a" logic_hash = "1fe337d7a0607938aaf57cf25c1373aadf315b7a8cec133d6d30a38bd58e1027" score = 75 @@ -96777,8 +96914,8 @@ rule ELASTIC_Windows_Trojan_Icedid_56459277 : FILE MEMORY date = "2022-08-21" modified = "2023-03-02" reference = "https://www.elastic.co/security-labs/thawing-the-permafrost-of-icedid-summary" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_IcedID.yar#L207-L237" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_IcedID.yar#L207-L237" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "21b1a635db2723266af4b46539f67253171399830102167c607c6dbf83d6d41c" logic_hash = "a18557217c69a3bb8c3da7725d2e0ed849741f8e36341a4ea80eea09d47a5b45" score = 75 @@ -96817,8 +96954,8 @@ rule ELASTIC_Windows_Trojan_Icedid_7C1619E3 : FILE MEMORY date = "2022-12-20" modified = "2023-02-01" reference = "https://www.elastic.co/security-labs/thawing-the-permafrost-of-icedid-summary" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_IcedID.yar#L239-L261" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_IcedID.yar#L239-L261" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "4f6de748628b8b06eeef3a5fabfe486bfd7aaa92f50dc5a8a8c70ec038cd33b1" logic_hash = "24ddaf474dabc5e91cce08734a035feced9048a3faac4ff236bc97e6caabd642" score = 75 @@ -96849,8 +96986,8 @@ rule ELASTIC_Windows_Trojan_Icedid_D8B23Cd6 : FILE MEMORY date = "2023-01-03" modified = "2023-01-03" reference = "https://www.elastic.co/security-labs/thawing-the-permafrost-of-icedid-summary" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_IcedID.yar#L263-L294" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_IcedID.yar#L263-L294" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "bd4da2f84c29437bc7efe9599a3a41f574105d449ac0d9b270faaca8795153ab" logic_hash = "47e427a4f088de523115f438cad9fc26233158b0518d87703c282df351110762" score = 75 @@ -96890,8 +97027,8 @@ rule ELASTIC_Windows_Trojan_Icedid_A2Ca5F80 : FILE MEMORY date = "2023-01-16" modified = "2023-04-23" reference = "https://www.elastic.co/security-labs/thawing-the-permafrost-of-icedid-summary" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_IcedID.yar#L296-L323" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_IcedID.yar#L296-L323" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "e36266cd66b9542f2eb9d38f9a01f7b480f2bcdbe61fe20944dca33e22bd3281" score = 75 quality = 75 @@ -96927,8 +97064,8 @@ rule ELASTIC_Windows_Trojan_Icedid_B8C59889 : FILE MEMORY date = "2023-05-05" modified = "2023-06-13" reference = "https://www.elastic.co/security-labs/thawing-the-permafrost-of-icedid-summary" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_IcedID.yar#L325-L349" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_IcedID.yar#L325-L349" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "a63d08cd53053bfda17b8707ab3a94cf3d6021097335dc40d5d211fb9faed045" logic_hash = "08c6c604d1791c35a8494e5ec8a96e8c5dd2ca3d6c57971da20057ce8960fa1d" score = 75 @@ -96961,8 +97098,8 @@ rule ELASTIC_Windows_Trojan_Icedid_81Eff9A3 : FILE MEMORY date = "2023-05-05" modified = "2023-06-13" reference = "https://www.elastic.co/security-labs/thawing-the-permafrost-of-icedid-summary" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_IcedID.yar#L351-L371" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_IcedID.yar#L351-L371" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "96dacdf50d1db495c8395d7cf454aa3a824801cf366ac368fe496f89b5f98fe7" logic_hash = "923dd8166cce0ec32b3b8b20cad192b3c15b7ce7c17fd44ddda739ad205a6c06" score = 75 @@ -96991,8 +97128,8 @@ rule ELASTIC_Multi_Ransomware_Blackcat_Aaf312C3 : FILE MEMORY date = "2022-02-02" modified = "2023-09-20" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Multi_Ransomware_BlackCat.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Multi_Ransomware_BlackCat.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "0c6f444c6940a3688ffc6f8b9d5774c032e3551ebbccb64e4280ae7fc1fac479" logic_hash = "0771ab5a795af164a568bda036cccf08afeb33458f2cd5a7240349fca9b60ead" score = 75 @@ -97021,8 +97158,8 @@ rule ELASTIC_Multi_Ransomware_Blackcat_00E525D7 : FILE MEMORY date = "2022-02-02" modified = "2022-08-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Multi_Ransomware_BlackCat.yar#L22-L43" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Multi_Ransomware_BlackCat.yar#L22-L43" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "0c6f444c6940a3688ffc6f8b9d5774c032e3551ebbccb64e4280ae7fc1fac479" logic_hash = "e44625d0fa8308b9d4d63a9e6920b4da4a2ce124437f122b2c8fe5cf0ab85a6b" score = 75 @@ -97053,8 +97190,8 @@ rule ELASTIC_Multi_Ransomware_Blackcat_C4B043E6 : FILE MEMORY date = "2022-09-12" modified = "2022-09-29" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Multi_Ransomware_BlackCat.yar#L45-L63" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Multi_Ransomware_BlackCat.yar#L45-L63" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "45b8678f74d29c87e2d06410245ab6c2762b76190594cafc9543fb9db90f3d4f" logic_hash = "1262ca76581920f08a6482ead68023fdfff08a9ddd19e00230054e3167dc184c" score = 75 @@ -97082,8 +97219,8 @@ rule ELASTIC_Multi_Ransomware_Blackcat_70171625 : FILE MEMORY date = "2023-01-05" modified = "2023-09-20" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Multi_Ransomware_BlackCat.yar#L65-L91" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Multi_Ransomware_BlackCat.yar#L65-L91" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "0c6f444c6940a3688ffc6f8b9d5774c032e3551ebbccb64e4280ae7fc1fac479" logic_hash = "fd07acd7c8627754f000c44827848bf65bcaa96f2dfb46e41542f3c9b40eee78" score = 75 @@ -97119,8 +97256,8 @@ rule ELASTIC_Multi_Ransomware_Blackcat_E066D802 : FILE MEMORY date = "2023-07-27" modified = "2023-09-20" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Multi_Ransomware_BlackCat.yar#L93-L113" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Multi_Ransomware_BlackCat.yar#L93-L113" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "00360830bf5886288f23784b8df82804bf6f22258e410740db481df8a7701525" logic_hash = "00fbb8013faf26c35b6cd8a72ebc246444c37c5ec7a0df2295830e96c01c8720" score = 75 @@ -97150,8 +97287,8 @@ rule ELASTIC_Macos_Backdoor_Fakeflashlxk_06Fd8071 : FILE MEMORY date = "2021-11-11" modified = "2022-07-22" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/MacOS_Backdoor_Fakeflashlxk.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/MacOS_Backdoor_Fakeflashlxk.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "107f844f19e638866d8249e6f735daf650168a48a322d39e39d5e36cfc1c8659" logic_hash = "853d44465a472786bb48bbe1009e0ff925f79e4fd72f0eac537dd271c1ec3703" score = 75 @@ -97181,8 +97318,8 @@ rule ELASTIC_Linux_Trojan_Merlin_Bbad69B8 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Merlin.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Merlin.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "d9955487f7d08f705e41a5ff848fb6f02d6c88286a52ec837b7b555fb422d1b6" logic_hash = "e18079c9f018dc8d7f2fdf5c950b405f9f84ad2a5b18775dbef829fe1cb770c3" score = 75 @@ -97210,8 +97347,8 @@ rule ELASTIC_Linux_Trojan_Merlin_C6097296 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Merlin.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Merlin.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "d9955487f7d08f705e41a5ff848fb6f02d6c88286a52ec837b7b555fb422d1b6" logic_hash = "f48ed7f19ab29633600fde4bfea274bf36e7f60d700c9806b334d38a51d28b92" score = 75 @@ -97239,8 +97376,8 @@ rule ELASTIC_Windows_Ransomware_Rook_Ee21Fa67 : FILE MEMORY date = "2022-01-14" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Rook.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Rook.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "c2d46d256b8f9490c9599eea11ecef19fde7d4fdd2dea93604cee3cea8e172ac" logic_hash = "6fe19cfc572a3dceba5e26615d111a3c0fa1036e275a5640a5c5a8f8cdaf6dc1" score = 75 @@ -97268,8 +97405,8 @@ rule ELASTIC_Windows_Virus_Neshta_2A5A14C8 : FILE MEMORY date = "2024-01-22" modified = "2024-02-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Virus_Neshta.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Virus_Neshta.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "f298214764ee9ab690cb4b376d8a7893edcd9c05a3c4e6f3a56010974a130bd7" logic_hash = "0b5d0603f4c20a2368f697dd84cfe1790a5d0e5904c76066601c9e3d1b5ed1e1" score = 75 @@ -97298,8 +97435,8 @@ rule ELASTIC_Linux_Exploit_Pulse_2Bea17E8 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_Pulse.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_Pulse.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "c29cb4c2d83127cf4731573a7fac531f90f27799857f5e250b9f71362108f559" logic_hash = "bc71efa6cc79171666d89fe3e755411ee8032f56ae5bd73e0de440eee5b718ab" score = 75 @@ -97327,8 +97464,8 @@ rule ELASTIC_Linux_Exploit_Pulse_246E6F31 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_Pulse.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_Pulse.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "c29cb4c2d83127cf4731573a7fac531f90f27799857f5e250b9f71362108f559" logic_hash = "f6755f10863b78303899cefcd81f609884fbbf2dffabd9219686ed869f2cc7e3" score = 75 @@ -97356,8 +97493,8 @@ rule ELASTIC_Windows_Trojan_Squirrelwaffle_88033Ff1 : FILE MEMORY date = "2021-09-20" modified = "2022-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Squirrelwaffle.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Squirrelwaffle.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "00d045c89934c776a70318a36655dcdd77e1fedae0d33c98e301723f323f234c" logic_hash = "695d7d411a4de23ba1517a06bda3ce73add37dca1e6fe9046e7c2dcae237389e" score = 75 @@ -97388,8 +97525,8 @@ rule ELASTIC_Windows_Trojan_Squirrelwaffle_D3B685A1 : FILE MEMORY date = "2021-09-21" modified = "2022-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Squirrelwaffle.yar#L24-L42" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Squirrelwaffle.yar#L24-L42" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "00d045c89934c776a70318a36655dcdd77e1fedae0d33c98e301723f323f234c" logic_hash = "7d187aa75fc767f5009f3090852de4894776f4b3f99f189478e7e9fd9c3acbe7" score = 75 @@ -97417,8 +97554,8 @@ rule ELASTIC_Windows_Trojan_P8Loader_E478A831 : FILE MEMORY date = "2023-04-13" modified = "2023-05-26" reference = "https://www.elastic.co/security-labs/elastic-charms-spectralviper" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_P8Loader.yar#L1-L26" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_P8Loader.yar#L1-L26" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "f1a7de6bb4477ea82c18aea1ddc4481de2fc362ce5321f4205bb3b74c1c45a7e" score = 75 quality = 75 @@ -97452,8 +97589,8 @@ rule ELASTIC_Linux_Trojan_Adlibrary_2E908E5F : FILE MEMORY date = "2022-08-23" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Adlibrary.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Adlibrary.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "acb22b88ecfb31664dc07b2cb3490b78d949cd35a67f3fdcd65b1a4335f728f1" logic_hash = "0d0df636876adf0268b7a409bfc9d8bfad298793d11297596ef91aeba86889da" score = 75 @@ -97481,8 +97618,8 @@ rule ELASTIC_Windows_Trojan_Kronos_Cdd2E2C5 : FILE MEMORY date = "2021-02-07" modified = "2021-08-23" reference = "https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Kronos.yar#L1-L27" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Kronos.yar#L1-L27" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "baa9cedbbe0f5689be8f8028a6537c39e9ea8b0815ad76cb98f365ca5a41653f" logic_hash = "a8943c5ef166446629cb46517d35db39c97a1e3efa3a7a0b5cb3d3ee9d1e6e9c" score = 75 @@ -97517,8 +97654,8 @@ rule ELASTIC_Windows_Vulndriver_Marvinhw_37326842 : FILE date = "2022-07-21" modified = "2022-07-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_VulnDriver_MarvinHW.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_VulnDriver_MarvinHW.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "6a4875ae86131a594019dec4abd46ac6ba47e57a88287b814d07d929858fe3e5" logic_hash = "f37290912ab7d997d718c074eef48a67a36444e9e97592b6be65855ade2ba246" score = 50 @@ -97549,8 +97686,8 @@ rule ELASTIC_Windows_Trojan_Ghostengine_8Ea2Aa65 : FILE MEMORY date = "2024-05-07" modified = "2024-05-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_GhostEngine.yar#L1-L26" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_GhostEngine.yar#L1-L26" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "2fe78941d74d35f721556697491a438bf3573094d7ac091b42e4f59ecbd25753" logic_hash = "3bddd2ac79d92d34df5d2df4a11cf96cc44ca39c3baece1b5c67b75a682778ff" score = 75 @@ -97585,8 +97722,8 @@ rule ELASTIC_Windows_Trojan_Raccoon_Af6Decc6 : FILE MEMORY date = "2021-06-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Raccoon.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Raccoon.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "fe09bef10b21f085e9ca411e24e0602392ab5044b7268eaa95fb88790f1a124d" logic_hash = "50ec446e8fd51129c7333c943dfe62db099fe1379530441f6b102fcbe3bc0dbd" score = 75 @@ -97615,8 +97752,8 @@ rule ELASTIC_Windows_Trojan_Raccoon_58091F64 : FILE MEMORY date = "2021-06-28" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Raccoon.yar#L22-L40" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Raccoon.yar#L22-L40" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "fe09bef10b21f085e9ca411e24e0602392ab5044b7268eaa95fb88790f1a124d" logic_hash = "8a7388e9c3dd0dd1a79215dbabcd964a0afa883490611afb6bb500635fbfff9a" score = 75 @@ -97644,8 +97781,8 @@ rule ELASTIC_Windows_Trojan_Raccoon_Deb6325C : FILE MEMORY date = "2022-06-28" modified = "2022-07-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Raccoon.yar#L42-L63" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Raccoon.yar#L42-L63" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "f7b1aaae018d5287444990606fc43a0f2deb4ac0c7b2712cc28331781d43ae27" logic_hash = "94f70c60ed4fab021e013cf6a632321e0e1bdeef25a48a598d9e7388e7e445ca" score = 75 @@ -97676,8 +97813,8 @@ rule ELASTIC_Linux_Cryptominer_Bscope_348B7Fa0 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Bscope.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Bscope.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "a6fb80d77986e00a6b861585bd4e573a927e970fb0061bf5516f83400ad7c0db" logic_hash = "bc6a59dcc36676273c61fa71231fd8709884beebb7ab64b58f22551393b20c71" score = 75 @@ -97705,8 +97842,8 @@ rule ELASTIC_Linux_Trojan_Dnsamp_C31Eebd4 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Dnsamp.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Dnsamp.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "4b86de97819a49a90961d59f9c3ab9f8e57e19add9fe1237d2a2948b4ff22de6" logic_hash = "b998065eff9f67a1cdf19644a13edb0cef3c619d8b6e16c412d58f5d538e4617" score = 75 @@ -97734,8 +97871,8 @@ rule ELASTIC_Linux_Cryptominer_Attribute_3683D149 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Attribute.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Attribute.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "ec9e74d52d745275718fe272bfd755335739ad5f680f73f5a4e66df6eb141a63" logic_hash = "71aa8aa4171671af4aa0271b64da95ac1d8766de12a949c97ebcac9369224ecd" score = 75 @@ -97763,8 +97900,8 @@ rule ELASTIC_Windows_Wiper_Caddywiper_484Bd98A : FILE MEMORY date = "2022-03-14" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Wiper_CaddyWiper.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Wiper_CaddyWiper.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "a294620543334a721a2ae8eaaf9680a0786f4b9a216d75b55cfd28f39e9430ea" logic_hash = "f473673afc211b02328f4e9d88e709acd95bf4b1fa565f5aca972b92324bf589" score = 75 @@ -97795,8 +97932,8 @@ rule ELASTIC_Windows_Hacktool_Sharpersist_06606812 : FILE MEMORY date = "2022-10-20" modified = "2022-11-24" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Hacktool_SharPersist.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Hacktool_SharPersist.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "e9711f47cf9171f79bf34b342279f6fd9275c8ae65f3eb2c6ebb0b8432ea14f8" logic_hash = "ddabfb54422f6fb2ad6999b724b1d8f186adf71f96f01a8770715029529e869a" score = 75 @@ -97828,8 +97965,8 @@ rule ELASTIC_Windows_PUP_Generic_198B73Aa : FILE MEMORY date = "2023-07-27" modified = "2023-09-20" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_PUP_Generic.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_PUP_Generic.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "a584c34b9dfc2d78bf8a1e594a2ed519d20088184ce1df09e679b2400aa396d3" score = 75 quality = 75 @@ -97858,8 +97995,8 @@ rule ELASTIC_Windows_Trojan_Quasarrat_E52Df647 : FILE MEMORY date = "2021-06-27" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Quasarrat.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Quasarrat.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "a58efd253a25cc764d63476931da2ddb305a0328253a810515f6735a6690de1d" logic_hash = "41f32e0c9b3b43d10baef10060e064ad860558bcdeb4281a30d30c16615ed21d" score = 75 @@ -97891,8 +98028,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_C851687A : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_CobaltStrike.yar#L1-L37" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_CobaltStrike.yar#L1-L37" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "7fac6fb24ac18bd69dd9f8f4090c4a77d1cc6554b6ae5c846e32d7666e5a1971" score = 75 quality = 25 @@ -97938,8 +98075,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_0B58325E : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_CobaltStrike.yar#L39-L77" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_CobaltStrike.yar#L39-L77" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "3822431e946fcc38c700cc8ce213e95f33a155d7f38b6ab2a24cb998d42c8521" score = 75 quality = 73 @@ -97987,8 +98124,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_2B8Cddf8 : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_CobaltStrike.yar#L79-L114" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_CobaltStrike.yar#L79-L114" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "5502c06d33b93bae3bc25ba7dd6a5a9a3b0b2b43bb7e867e601ecb206bf503ed" score = 75 quality = 43 @@ -98033,8 +98170,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_59B44767 : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_CobaltStrike.yar#L116-L142" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_CobaltStrike.yar#L116-L142" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "7027d0dcbdb1961d2604f29392a923957d298a047c268553599ea8c881f76a98" score = 75 quality = 69 @@ -98070,8 +98207,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_7Efd3C3F : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_CobaltStrike.yar#L144-L168" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_CobaltStrike.yar#L144-L168" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "45a0aaba6c1be016fc5f4051680ee7e3aa62e8a5d9730b7adab08c14ae37da24" score = 75 quality = 75 @@ -98105,8 +98242,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_6E971281 : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_CobaltStrike.yar#L170-L201" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_CobaltStrike.yar#L170-L201" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "f204965c0118dbdfe7e134d319c92b30d22585e888609ff31df90643116a2c38" score = 75 quality = 51 @@ -98147,8 +98284,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_09B79Efa : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_CobaltStrike.yar#L203-L232" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_CobaltStrike.yar#L203-L232" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "75fd003b9adf03aff8479b1b10da9c94955870b5fa4f1958f870e14acb2793c7" score = 75 quality = 48 @@ -98187,8 +98324,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_6E77233E : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_CobaltStrike.yar#L234-L269" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_CobaltStrike.yar#L234-L269" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "93aa11523b794402b257d02d4f9edc5ad320bfdb5b8b0f671ff08f399ef9e674" score = 75 quality = 63 @@ -98233,8 +98370,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_De42495A : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_CobaltStrike.yar#L271-L301" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_CobaltStrike.yar#L271-L301" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "2a13c73d221d80d25a432f9e0a1387153a78f58719066586e9d80d17613293ef" score = 75 quality = 75 @@ -98274,8 +98411,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_72F68375 : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_CobaltStrike.yar#L303-L328" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_CobaltStrike.yar#L303-L328" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "912e37829a9f99e00326745343c9e4593cd7cfb8d4dfafc66027cddcb4d883be" score = 75 quality = 63 @@ -98310,8 +98447,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_15F680Fb : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_CobaltStrike.yar#L330-L360" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_CobaltStrike.yar#L330-L360" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "0efe368ad82f5b0f6301121bfda9fd049b008ac246368bfa22bd976fa2c56b79" score = 75 quality = 75 @@ -98351,8 +98488,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_5B4383Ec : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_CobaltStrike.yar#L362-L392" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_CobaltStrike.yar#L362-L392" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "033bd831209958674f6309739d65c58d05acb9d17e53cede1cf171c6d6e84efa" score = 75 quality = 75 @@ -98392,8 +98529,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_91E08059 : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_CobaltStrike.yar#L394-L421" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_CobaltStrike.yar#L394-L421" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "d5a8c1a0baa5e915cff29bcac33e30a7d7260f938ecaa6171d3aa88425a69266" score = 75 quality = 75 @@ -98430,8 +98567,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_Ee756Db7 : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_CobaltStrike.yar#L423-L491" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_CobaltStrike.yar#L423-L491" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "8d594aa1b889e80000cfcedbfc470a1b768bdcc2a9c436cd449b495c91011918" score = 75 quality = 50 @@ -98509,8 +98646,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_9C0D5561 : FILE MEMORY date = "2021-03-23" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_CobaltStrike.yar#L493-L523" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_CobaltStrike.yar#L493-L523" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "a8929266950e0f540a68c4fedf708e8ddc27f208f9f2866245ad7bb7f6d87913" score = 75 quality = 75 @@ -98550,8 +98687,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_59Ed9124 : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_CobaltStrike.yar#L525-L560" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_CobaltStrike.yar#L525-L560" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "a50fd291f5f1bf7ec41b1938a32473a23c3c082018b86eab87aff0d95b26ba06" score = 75 quality = 43 @@ -98596,8 +98733,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_8A791Eb7 : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_CobaltStrike.yar#L562-L597" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_CobaltStrike.yar#L562-L597" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "d1765e6cac9b1560d6484baa1fa5a1bc0b768a72b389c7c6a60e34115669933e" score = 75 quality = 43 @@ -98642,8 +98779,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_D00573A3 : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_CobaltStrike.yar#L599-L625" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_CobaltStrike.yar#L599-L625" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "e458d41d28b76c989af6385f183f33aa9e11b93e529f032e95bd75433b80bd69" score = 75 quality = 75 @@ -98679,8 +98816,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_7Bcd759C : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_CobaltStrike.yar#L627-L648" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_CobaltStrike.yar#L627-L648" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "bfbb8e8009182e87c49242ec3da6e98b23447b646f5c7ea5f97196ae929d7c5f" score = 75 quality = 75 @@ -98711,8 +98848,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_A56B820F : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_CobaltStrike.yar#L650-L685" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_CobaltStrike.yar#L650-L685" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "52de8110727c29b0f5c75cd470ce6b80ba7821d0ba78ad074536323e2e80b460" score = 75 quality = 43 @@ -98757,8 +98894,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_92F05172 : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_CobaltStrike.yar#L687-L716" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_CobaltStrike.yar#L687-L716" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "7f0ff4ee14a043d72810826ab9d2b90b0f66724550ba9d3cdd2abe749f4874d0" score = 75 quality = 63 @@ -98797,8 +98934,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_417239B5 : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_CobaltStrike.yar#L718-L764" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_CobaltStrike.yar#L718-L764" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "fda252747359e677459d82d65c4c9c8f2ff80bc8fd6a38712f858039f3cb8dd1" score = 75 quality = 51 @@ -98854,8 +98991,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_29374056 : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_CobaltStrike.yar#L766-L785" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_CobaltStrike.yar#L766-L785" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "09755b23a7057c70f3ea242ec48549de65ebc6f13bdc38cbe22d6d758c3718cf" score = 75 quality = 75 @@ -98884,8 +99021,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_949F10E3 : FILE MEMORY date = "2021-03-25" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_CobaltStrike.yar#L787-L806" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_CobaltStrike.yar#L787-L806" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "e4b726c83013f4b9c9d61683f78a4a91935225e9ed3de0ce164b96b5a6719579" score = 75 quality = 75 @@ -98914,8 +99051,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_8751Cdf9 : FILE MEMORY date = "2021-03-25" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_CobaltStrike.yar#L808-L827" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_CobaltStrike.yar#L808-L827" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "64fae95fd89ad46a50a00c943cf98a997a0842a83be64b3728b25151867b75a8" score = 75 quality = 75 @@ -98944,8 +99081,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_663Fc95D : FILE MEMORY date = "2021-04-01" modified = "2021-12-17" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_CobaltStrike.yar#L829-L847" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_CobaltStrike.yar#L829-L847" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "842a0a372cfb2316293f4a08e1690194fa98368a9f6ffe9c63222b2c4ab6532c" score = 75 quality = 75 @@ -98973,8 +99110,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_B54B94Ac : FILE MEMORY date = "2021-10-21" modified = "2022-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_CobaltStrike.yar#L849-L872" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_CobaltStrike.yar#L849-L872" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "36d32b1ed967f07a4bd19f5e671294d5359009c04835601f2cc40fb8b54f6a2a" logic_hash = "6f63e4c31e55da2008f95e9d05391e40d44e2757c511e666032563ab798e274c" score = 75 @@ -99007,8 +99144,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_F0B627Fc : FILE MEMORY date = "2021-10-21" modified = "2022-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_CobaltStrike.yar#L874-L897" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_CobaltStrike.yar#L874-L897" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b" logic_hash = "1087294af3a9ef59c00098f5fd7adfe0b335525e135d95e45ac30e44c6739a72" score = 75 @@ -99041,8 +99178,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_Dcdcdd8C : FILE MEMORY date = "2021-10-21" modified = "2022-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_CobaltStrike.yar#L899-L923" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_CobaltStrike.yar#L899-L923" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "36d32b1ed967f07a4bd19f5e671294d5359009c04835601f2cc40fb8b54f6a2a" logic_hash = "f3ae07282b763d3720e45a84878cc457f65041f381951cdc9affd5e3ce67e6cc" score = 75 @@ -99076,8 +99213,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_A3Fb2616 : FILE MEMORY date = "2021-10-21" modified = "2022-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_CobaltStrike.yar#L925-L947" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_CobaltStrike.yar#L925-L947" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "36d32b1ed967f07a4bd19f5e671294d5359009c04835601f2cc40fb8b54f6a2a" logic_hash = "a3c36326ccc2bc828f6654ccaba507a283f92146fdc52f71d7d934f6908793e2" score = 75 @@ -99109,8 +99246,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_8Ee55Ee5 : FILE MEMORY date = "2021-10-21" modified = "2022-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_CobaltStrike.yar#L949-L969" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_CobaltStrike.yar#L949-L969" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "36d32b1ed967f07a4bd19f5e671294d5359009c04835601f2cc40fb8b54f6a2a" logic_hash = "d0cc321e15660311ae0b8e3261abe716a50a2455f82635c1b02d0a5444c8a89a" score = 75 @@ -99140,8 +99277,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_8D5963A2 : FILE MEMORY date = "2022-08-10" modified = "2022-09-29" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_CobaltStrike.yar#L971-L989" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_CobaltStrike.yar#L971-L989" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "9fe43996a5c4e99aff6e2a1be743fedec35e96d1e6670579beb4f7e7ad591af9" logic_hash = "f4f8fba807256bd885ccf4946eec8c2fb76eb04f86ed76d015178fe512a3c091" score = 75 @@ -99169,8 +99306,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_1787Eef5 : FILE MEMORY date = "2022-08-29" modified = "2022-09-29" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_CobaltStrike.yar#L991-L1014" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_CobaltStrike.yar#L991-L1014" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "36d32b1ed967f07a4bd19f5e671294d5359009c04835601f2cc40fb8b54f6a2a" logic_hash = "0b70c61e986dee3126fec6eea127e01fce4b647aff8e2d2d5072eb8328549225" score = 75 @@ -99203,8 +99340,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_4106070A : FILE MEMORY date = "2023-05-09" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_CobaltStrike.yar#L1016-L1035" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_CobaltStrike.yar#L1016-L1035" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "98789a11c06c1dfff7e02f66146afca597233c17e0d4900d6a683a150f16b3a4" logic_hash = "90f0209a55ca381ca58264664e04c007c799cf558f143d0c02983d4caf47bfb8" score = 75 @@ -99233,8 +99370,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_3Dc22D14 : FILE MEMORY date = "2023-05-09" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_CobaltStrike.yar#L1037-L1056" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_CobaltStrike.yar#L1037-L1056" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "7898194ae0244611117ec948eb0b0a5acbc15cd1419b1ecc553404e63bc519f9" logic_hash = "2f52cd5f3b782c28e372c3daa9b7ddc4d2b9f68832f5250983412c2e7a755e73" score = 75 @@ -99263,8 +99400,8 @@ rule ELASTIC_Windows_Trojan_Cobaltstrike_7F8Da98A : FILE MEMORY date = "2023-05-09" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_CobaltStrike.yar#L1058-L1076" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_CobaltStrike.yar#L1058-L1076" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "e3bc2bec4a55ad6cfdf49e5dbd4657fc704af1758ca1d6e31b83dcfb8bf0f89d" logic_hash = "6c8698d65cbbf893f79ca1de5273535891418c87c234a2542f5f8079e56d9507" score = 75 @@ -99292,8 +99429,8 @@ rule ELASTIC_Linux_Ransomware_Erebus_Ead4F55B : FILE MEMORY date = "2023-07-27" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Ransomware_Erebus.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Ransomware_Erebus.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "6558330f07a7c90c40006346ed09e859b588d031193f8a9679fe11a85c8ccb37" logic_hash = "82e81577372298623ee3ed3583bb18b2c0cfff30abbacf2909e7efca35c83bd7" score = 75 @@ -99323,8 +99460,8 @@ rule ELASTIC_Windows_Trojan_Dridex_63Ddf193 : FILE MEMORY date = "2021-08-07" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Dridex.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Dridex.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "b1d66350978808577159acc7dc7faaa273e82c103487a90bf0d040afa000cb0d" logic_hash = "e792f4693be0a7c71d1e638212a8fb3acb1e14dedd48218861fad8c09811da29" score = 75 @@ -99353,8 +99490,8 @@ rule ELASTIC_Windows_Trojan_Dridex_C6F01353 : FILE MEMORY date = "2021-08-07" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Dridex.yar#L22-L40" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Dridex.yar#L22-L40" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "739682ccb54170e435730c54ba9f7e09f32a3473c07d2d18ae669235dcfe84de" logic_hash = "7146204d779610c04badfc7d884ff882ff5f1439b61f889d1edf4419240c5751" score = 75 @@ -99382,8 +99519,8 @@ rule ELASTIC_Linux_Trojan_Badbee_231Cb054 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Badbee.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Badbee.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "832ba859c3030e58b94398ff663ddfe27078946a83dcfc81a5ef88351d41f4e2" logic_hash = "a1ed8f2da9b4f891a5c65d943424bb7c465f0d07e7756e292c617ce5ef14d182" score = 75 @@ -99411,8 +99548,8 @@ rule ELASTIC_Windows_Vulndriver_Glckio_39C4Abd4 : FILE date = "2022-04-04" modified = "2022-08-30" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_VulnDriver_GlckIo.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_VulnDriver_GlckIo.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "3a5ec83fe670e5e23aef3afa0a7241053f5b6be5e6ca01766d6b5f9177183c25" logic_hash = "fd43503c9427a386674c06bb790e110ac23c27d8fc4adedbaa8a9b7cb0cbafd4" score = 75 @@ -99440,8 +99577,8 @@ rule ELASTIC_Windows_Vulndriver_Glckio_68D5Afbb : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_VulnDriver_GlckIo.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_VulnDriver_GlckIo.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "5ae23f1fcf3fb735fcf1fa27f27e610d9945d668a149c7b7b0c84ffd6409d99a" logic_hash = "0b5f0d408a5c4089ef496c5f8241a34d0468cc3d21e89e41dc105a0df0855d38" score = 75 @@ -99469,8 +99606,8 @@ rule ELASTIC_Windows_Ransomware_Cuba_E64A16B1 : FILE MEMORY date = "2021-08-04" modified = "2021-10-04" reference = "https://www.elastic.co/security-labs/cuba-ransomware-campaign-analysis" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Cuba.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Cuba.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "33352a38454cfc247bc7465bf177f5f97d7fd0bd220103d4422c8ec45b4d3d0e" logic_hash = "915425ad49f1b9ebde114f92155d5969ec707304403f46d891d014b399165a4d" score = 75 @@ -99499,8 +99636,8 @@ rule ELASTIC_Windows_Ransomware_Cuba_95A98E69 : FILE MEMORY date = "2021-08-04" modified = "2021-10-04" reference = "https://www.elastic.co/security-labs/cuba-ransomware-campaign-analysis" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Cuba.yar#L23-L44" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Cuba.yar#L23-L44" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "00f18713f860dc8394fb23a1a2b6280d1eb2f20a487c175433a7b495a1ba408d" logic_hash = "d17ef93943e826613be4c21ad1e41d1daa33db9da0fa6106bb8ba6334ebe1d08" score = 75 @@ -99530,8 +99667,8 @@ rule ELASTIC_Linux_Trojan_Godlua_Ed8E6228 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Godlua.yar#L1-L18" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Godlua.yar#L1-L18" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "848ef3b198737f080f19c5fa55dfbc31356427398074f9125c65cb532c52ce7a" score = 75 quality = 75 @@ -99558,8 +99695,8 @@ rule ELASTIC_Windows_Trojan_Dragonbreath_B27Bc56B : FILE MEMORY date = "2024-06-05" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_DragonBreath.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_DragonBreath.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "45023fd0e694d66c284dfe17f78c624fd7e246a6c36860a0d892d232a30949be" logic_hash = "b86d5541a7e03a698ad918cdbba987474c6680353b4d2de2f8422ecd0ebcac61" score = 75 @@ -99589,8 +99726,8 @@ rule ELASTIC_Windows_Trojan_Matanbuchus_B521801B : FILE MEMORY date = "2022-03-17" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Matanbuchus.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Matanbuchus.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2" logic_hash = "609a0941b118d737124a5cd9c98c007e21557a239cfa3cf97cd3b4348c934f03" score = 75 @@ -99621,8 +99758,8 @@ rule ELASTIC_Windows_Trojan_Matanbuchus_4Ce9Affb : FILE MEMORY date = "2022-03-17" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Matanbuchus.yar#L24-L42" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Matanbuchus.yar#L24-L42" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2" logic_hash = "16441eb4617b6b3cb1e7d600959a5cbfe15c72c00361b45551b7ef4c81f78462" score = 75 @@ -99650,8 +99787,8 @@ rule ELASTIC_Windows_Trojan_Matanbuchus_58A61Aaa : FILE MEMORY date = "2022-03-17" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Matanbuchus.yar#L44-L62" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Matanbuchus.yar#L44-L62" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2" logic_hash = "7226e2f61bd6f1cca15c1f3f8d8697cb277d1e214f756295ffda5bc16304cc49" score = 75 @@ -99679,8 +99816,8 @@ rule ELASTIC_Windows_Trojan_Matanbuchus_C7811Ccc : FILE MEMORY date = "2022-03-17" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Matanbuchus.yar#L64-L82" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Matanbuchus.yar#L64-L82" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2" logic_hash = "e65dc05f6d9289a42c05afdc4da0ce1c18c1129dd87688a277ece925e83d7ef1" score = 75 @@ -99708,8 +99845,8 @@ rule ELASTIC_Linux_Trojan_Sdbot_98628Ea1 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Sdbot.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Sdbot.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "5568ae1f8a1eb879eb4705db5b3820e36c5ecea41eb54a8eef5b742f477cbdd8" logic_hash = "55b8e3fa755965b85a043015f9303644b8e06fe8bfdc0e2062de75bdc2881541" score = 75 @@ -99737,8 +99874,8 @@ rule ELASTIC_Linux_Trojan_Rekoobe_E75472Fa : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Rekoobe.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Rekoobe.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "8d2a9e363752839a09001a9e3044ab7919daffd9d9aee42d936bc97394164a88" logic_hash = "e3e9934ee8ce6933f676949c5b5c82ad044ac32f08fe86697b0a0cf7fb63fc5e" score = 75 @@ -99766,8 +99903,8 @@ rule ELASTIC_Linux_Trojan_Rekoobe_52462Fe8 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Rekoobe.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Rekoobe.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "c1d8c64105caecbd90c6e19cf89301a4dc091c44ab108e780bdc8791a94caaad" logic_hash = "1ab6979392eeaa7bd6bd84f8d3531bd9071c54b58306a42dcfdd27bf7ec8f8cd" score = 75 @@ -99795,8 +99932,8 @@ rule ELASTIC_Linux_Trojan_Rekoobe_De9E7Bdf : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Rekoobe.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Rekoobe.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "447da7bee72c98c2202f1919561543e54ec1b9b67bd67e639b9fb6e42172d951" logic_hash = "bdc4a3e4eeffc0d32e6a86dda54beceab8301d0065731d9ade390392ab4c6126" score = 75 @@ -99824,8 +99961,8 @@ rule ELASTIC_Linux_Trojan_Rekoobe_B41F70C2 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Rekoobe.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Rekoobe.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "19c1a54279be1710724fc75a112741575936fe70379d166effc557420da714cd" logic_hash = "02de55c537da1cc03af26a171c768ad87984e45983c3739f90ad9983c70e7ccf" score = 75 @@ -99853,8 +99990,8 @@ rule ELASTIC_Linux_Trojan_Rekoobe_1D307D7C : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Rekoobe.yar#L81-L99" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Rekoobe.yar#L81-L99" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "00bc669f79b2903c5d9e6412050655486111647c646698f9a789e481a7c98662" logic_hash = "de4807353d2ba977459a1bf7f51fd815e311c0bdc5fccd5e99fd44a766f6866f" score = 75 @@ -99882,8 +100019,8 @@ rule ELASTIC_Linux_Trojan_Rekoobe_7F7Aba78 : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Rekoobe.yar#L101-L119" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Rekoobe.yar#L101-L119" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "50b73742726b0b7e00856e288e758412c74371ea2f0eaf75b957d73dfb396fd7" logic_hash = "a3b46d29fa51dd6a911cb9cb0e67e9d57d3f3b6697dc8edcc4d82f09d9819a92" score = 75 @@ -99911,8 +100048,8 @@ rule ELASTIC_Linux_Trojan_Rekoobe_Ab8Ba790 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Rekoobe.yar#L121-L139" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Rekoobe.yar#L121-L139" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "2aee0c74d9642ffab1f313179c26400acf60d7cbd2188bade28534d403f468d4" logic_hash = "2a7a71712ad3f756a2dc53ec80bd9fb625f7c679fd9566945ebfeb392b9874a9" score = 75 @@ -99940,8 +100077,8 @@ rule ELASTIC_Windows_Trojan_Phoreal_66E91De3 : FILE MEMORY date = "2022-02-16" modified = "2022-04-12" reference = "https://www.elastic.co/security-labs/phoreal-malware-targets-the-southeast-asian-financial-sector" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Phoreal.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Phoreal.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "88f073552b30462a00d1d612b1638b0508e4ef02c15cf46203998091f0aef4de" logic_hash = "c68131fd5e0272d3d473db387a186056a38e6611925ae448d5b668022e6e163a" score = 75 @@ -99972,8 +100109,8 @@ rule ELASTIC_Windows_Trojan_Blister_Cb99A1Df : FILE MEMORY date = "2021-12-21" modified = "2022-01-13" reference = "https://www.elastic.co/security-labs/elastic-security-uncovers-blister-malware-campaign" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Blister.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Blister.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "0a7778cf6f9a1bd894e89f282f2e40f9d6c9cd4b72be97328e681fe32a1b1a00" logic_hash = "deb1be5300d8af12dda868dd5f4ccdbb3ec653bd97c33a09e567c13ecafb9e8a" score = 75 @@ -100003,8 +100140,8 @@ rule ELASTIC_Windows_Trojan_Blister_9D757838 : FILE MEMORY date = "2022-04-26" modified = "2022-06-09" reference = "https://www.elastic.co/security-labs/elastic-security-uncovers-blister-malware-campaign" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Blister.yar#L24-L44" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Blister.yar#L24-L44" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "863de84a39c9f741d8103db83b076695d0d10a7384e4e3ba319c05a6018d9737" logic_hash = "4d9ce1622d77b2ac8b20b2dfb60ac672752dabab315221a5449ebd3c73a3edca" score = 75 @@ -100033,8 +100170,8 @@ rule ELASTIC_Windows_Trojan_Blister_68B53E1B : FILE MEMORY date = "2023-08-02" modified = "2023-08-08" reference = "https://www.elastic.co/security-labs/elastic-security-uncovers-blister-malware-campaign" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Blister.yar#L46-L66" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Blister.yar#L46-L66" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "5fc79a4499bafa3a881778ef51ce29ef015ee58a587e3614702e69da304395db" logic_hash = "6d935461406a6b9b39867d52aa5ecb088945ae0f8c56895a67e8565e5a2a3699" score = 75 @@ -100063,8 +100200,8 @@ rule ELASTIC_Windows_Trojan_Blister_487B0966 : FILE MEMORY date = "2023-09-11" modified = "2023-09-20" reference = "https://www.elastic.co/security-labs/elastic-security-uncovers-blister-malware-campaign" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Blister.yar#L68-L89" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Blister.yar#L68-L89" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "5fc79a4499bafa3a881778ef51ce29ef015ee58a587e3614702e69da304395db" logic_hash = "521409d03335205507cc6894e0de3ca627eb966a95a2f8e7b931e552ad78bbb7" score = 75 @@ -100094,8 +100231,8 @@ rule ELASTIC_Linux_Exploit_CVE_2017_16995_0C81A317 : FILE MEMORY CVE_2017_16995 date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_CVE_2017_16995.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_CVE_2017_16995.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "48d927b4b18a03dfbce54bb5f4518869773737e449301ba2477eb797afbb9972" logic_hash = "cdd6b309a1e802f1251d726b0ea74e3d11fdd10d1d0bfa4c6f3d802f819368ec" score = 75 @@ -100123,8 +100260,8 @@ rule ELASTIC_Linux_Exploit_CVE_2017_16995_82816Caa : FILE MEMORY CVE_2017_16995 date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_CVE_2017_16995.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_CVE_2017_16995.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "14e6b788db0db57067d9885ab5ff3d3a5749639549d82abd98fa4fcf27000f34" logic_hash = "3ae00290073d41ff5dba2f677510bf9a9c0ebaed221901eb8b1a8dda08157a46" score = 75 @@ -100152,8 +100289,8 @@ rule ELASTIC_Linux_Exploit_CVE_2017_16995_5Edb0181 : FILE MEMORY CVE_2017_16995 date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_CVE_2017_16995.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_CVE_2017_16995.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "e4df84e1dffbad217d07222314a7e13fd74771a9111d07adc467a89d8ba81127" logic_hash = "f6eb19329db765938b48021039baaf1b5aeb3240c405ba20ed81863a0fb4b583" score = 75 @@ -100181,8 +100318,8 @@ rule ELASTIC_Windows_Hacktool_Darkloadlibrary_C25Ee4Eb : FILE MEMORY date = "2022-12-02" modified = "2023-01-11" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Hacktool_DarkLoadLibrary.yar#L1-L29" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Hacktool_DarkLoadLibrary.yar#L1-L29" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "5546194a71bc449789c3697f9c106860ac0a21e1ccf2b1196120b3f92f4b5306" logic_hash = "c585abbe72834e9ba2e5f1c8070a43b0f10c2b574c72ffe1def4bfd431096415" score = 75 @@ -100220,8 +100357,8 @@ rule ELASTIC_Linux_Ransomware_Esxiargs_75A8Ec04 : FILE MEMORY date = "2023-02-09" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Ransomware_Esxiargs.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Ransomware_Esxiargs.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "11b1b2375d9d840912cfd1f0d0d04d93ed0cddb0ae4ddb550a5b62cd044d6b66" logic_hash = "7316cab75c1bcf41ae6c96afa41ef96c37ab1bb679f36a0cc1dd08002a357165" score = 75 @@ -100253,8 +100390,8 @@ rule ELASTIC_Windows_Wiper_Isaacwiper_239Cd2Dc : FILE MEMORY date = "2022-03-04" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Wiper_IsaacWiper.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Wiper_IsaacWiper.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "13037b749aa4b1eda538fda26d6ac41c8f7b1d02d83f47b0d187dd645154e033" logic_hash = "102ffe215b1e1c39e1225cb39dfeb10a20a08c5b10f836490fc1501c6eb9e930" score = 75 @@ -100287,8 +100424,8 @@ rule ELASTIC_Linux_Trojan_Chinaz_A2140Ca1 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Chinaz.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Chinaz.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "7c44c2ca77ef7a62446f6266a757817a6c9af5e010a219a43a1905e2bc5725b0" logic_hash = "c9c63114e45b45b1c243af1f719cddc838a06a1f35d65dca6a2fb5574047eff0" score = 60 @@ -100316,8 +100453,8 @@ rule ELASTIC_Linux_Trojan_Dinodasrat_1D371D10 : FILE MEMORY date = "2024-04-02" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_DinodasRAT.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_DinodasRAT.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "bf830191215e0c8db207ea320d8e795990cf6b3e6698932e6e0c9c0588fc9eff" logic_hash = "933e78882be1d8dd9553ba90f038963d1b6f8f643888258541b7668aa3434808" score = 75 @@ -100350,8 +100487,8 @@ rule ELASTIC_Windows_Hacktool_Executeassembly_F41F4Df6 : FILE MEMORY date = "2023-03-28" modified = "2023-04-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Hacktool_ExecuteAssembly.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Hacktool_ExecuteAssembly.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "a468ba2ba77aafa2a572c8947d414e74604a7c1c6e68a0b87fbfce4f8854dd61" logic_hash = "ab72dec636a96338e16fd57f2db4bb52e38fe61315b42c2ffe9c4566fc0326d3" score = 75 @@ -100380,8 +100517,8 @@ rule ELASTIC_Macos_Trojan_Bundlore_28B13E67 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/MacOS_Trojan_Bundlore.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/MacOS_Trojan_Bundlore.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "0b50a38749ea8faf571169ebcfce3dfd668eaefeb9a91d25a96e6b3881e4a3e8" logic_hash = "586ae19e570c51805afd3727b2e570cdb1c48344aa699e54774a708f02bc3a6f" score = 75 @@ -100409,8 +100546,8 @@ rule ELASTIC_Macos_Trojan_Bundlore_75C8Cb4E : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/MacOS_Trojan_Bundlore.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/MacOS_Trojan_Bundlore.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "3d69912e19758958e1ebdef5e12c70c705d7911c3b9df03348c5d02dd06ebe4e" logic_hash = "527fecb8460c0325c009beddd6992e0abbf8c5a05843e4cedf3b17deb4b19a1c" score = 75 @@ -100438,8 +100575,8 @@ rule ELASTIC_Macos_Trojan_Bundlore_17B564B4 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/MacOS_Trojan_Bundlore.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/MacOS_Trojan_Bundlore.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "94f6e5ee6eb3a191faaf332ea948301bbb919f4ec6725b258e4f8e07b6a7881d" logic_hash = "40cd2a793c8ed51a8191ecb9b358f50dc2035d997d0f773f6049f9c272291607" score = 75 @@ -100467,8 +100604,8 @@ rule ELASTIC_Macos_Trojan_Bundlore_C90C088A : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/MacOS_Trojan_Bundlore.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/MacOS_Trojan_Bundlore.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "875513f4ebeb63b9e4d82fb5bff2b2dc75b69c0bfa5dd8d2895f22eaa783f372" logic_hash = "c82c5c8d1e38e0d2631c5611e384eb49b58c64daeafe0cc642682e5c64686b60" score = 75 @@ -100496,8 +100633,8 @@ rule ELASTIC_Macos_Trojan_Bundlore_3965578D : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/MacOS_Trojan_Bundlore.yar#L81-L99" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/MacOS_Trojan_Bundlore.yar#L81-L99" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "d72543505e36db40e0ccbf14f4ce3853b1022a8aeadd96d173d84e068b4f68fa" logic_hash = "6bd24640e0a3aa152fcd90b6975ee4fb7e99ab5f2d48d3a861bc804c526c90b6" score = 75 @@ -100525,8 +100662,8 @@ rule ELASTIC_Macos_Trojan_Bundlore_00D9D0E9 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/MacOS_Trojan_Bundlore.yar#L101-L119" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/MacOS_Trojan_Bundlore.yar#L101-L119" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "73069b34e513ff1b742b03fed427dc947c22681f30cf46288a08ca545fc7d7dd" logic_hash = "535831872408caa27984190d1b1b1a5954e502265925d50457e934219598dbfd" score = 75 @@ -100554,8 +100691,8 @@ rule ELASTIC_Macos_Trojan_Bundlore_650B8Ff4 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/MacOS_Trojan_Bundlore.yar#L121-L139" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/MacOS_Trojan_Bundlore.yar#L121-L139" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "78fd2c4afd7e810d93d91811888172c4788a0a2af0b88008573ce8b6b819ae5a" logic_hash = "e8a706db010e9c3d9714d5e7a376e9b2189af382a7b01db9a9e7ee947e9637bb" score = 75 @@ -100583,8 +100720,8 @@ rule ELASTIC_Macos_Trojan_Bundlore_C8Ad7Edd : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/MacOS_Trojan_Bundlore.yar#L141-L159" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/MacOS_Trojan_Bundlore.yar#L141-L159" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "d4915473e1096a82afdaee405189a0d0ae961bd11a9e5e9adc420dd64cb48c24" logic_hash = "be09b4bd612bb499044fe91ca4e1ab62405cf1e4d75b8e1da90e326d1c66e04f" score = 75 @@ -100612,8 +100749,8 @@ rule ELASTIC_Macos_Trojan_Bundlore_Cb7344Eb : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/MacOS_Trojan_Bundlore.yar#L161-L179" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/MacOS_Trojan_Bundlore.yar#L161-L179" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "53373668d8c5dc17f58768bf59fb5ab6d261a62d0950037f0605f289102e3e56" logic_hash = "6b5e868dfd14e9b1cdf3caeb1216764361b28c1dd38849526baf5dbdb1020d8d" score = 75 @@ -100641,8 +100778,8 @@ rule ELASTIC_Macos_Trojan_Bundlore_753E5738 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/MacOS_Trojan_Bundlore.yar#L181-L199" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/MacOS_Trojan_Bundlore.yar#L181-L199" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "42aeea232b28724d1fa6e30b1aeb8f8b8c22e1bc8afd1bbb4f90e445e31bdfe9" logic_hash = "7a6907b51c793e4182c1606eab6f2bcb71f0350a34aef93fa3f3a9f1a49961ba" score = 75 @@ -100670,8 +100807,8 @@ rule ELASTIC_Macos_Trojan_Bundlore_7B9F0C28 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/MacOS_Trojan_Bundlore.yar#L201-L219" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/MacOS_Trojan_Bundlore.yar#L201-L219" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "fc4da125fed359d3e1740dafaa06f4db1ffc91dbf22fd5e7993acf8597c4c283" logic_hash = "32abbb76c866e3a555ee6a9c39f62a0712f641959b66068abfb4379baa9a9da9" score = 75 @@ -100699,8 +100836,8 @@ rule ELASTIC_Linux_Ransomware_Lockbit_D248E80E : FILE MEMORY date = "2023-07-27" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Ransomware_Lockbit.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Ransomware_Lockbit.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "4800a67ceff340d2ab4f79406a01f58e5a97d589b29b35394b2a82a299b19745" logic_hash = "5d33d243cd7f9d9189139eb34a4dd8d81882be200223d5c8e60dfd07ca98f94b" score = 75 @@ -100733,8 +100870,8 @@ rule ELASTIC_Linux_Ransomware_Lockbit_5B30A04B : FILE MEMORY date = "2023-07-29" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Ransomware_Lockbit.yar#L26-L46" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Ransomware_Lockbit.yar#L26-L46" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "41cbb7d79388eaa4d6e704bd4a8bf8f34d486d27277001c343ea3ce112f4fb0d" logic_hash = "b89d0f25f08ffa35e075def6a29cf52a80500c6499732146426a71c741059a3b" score = 75 @@ -100764,8 +100901,8 @@ rule ELASTIC_Windows_Trojan_Servhelper_F4Dee200 : FILE MEMORY date = "2022-03-22" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_ServHelper.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_ServHelper.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "05d183430a7afe16a3857fc4e87568fcc18518e108823c37eabf0514660aa17c" logic_hash = "abab541ebddf36c05e351d506d4f978a30d8a44ff09233a667d62a1692dabe15" score = 75 @@ -100794,8 +100931,8 @@ rule ELASTIC_Windows_Trojan_Servhelper_370C5287 : FILE MEMORY date = "2022-03-24" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_ServHelper.yar#L22-L40" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_ServHelper.yar#L22-L40" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "05d183430a7afe16a3857fc4e87568fcc18518e108823c37eabf0514660aa17c" logic_hash = "8a2934c28efef6a5fed26dc88d074aee15b0869370c66f6a4d6eaedf070eaa9e" score = 75 @@ -100823,8 +100960,8 @@ rule ELASTIC_Linux_Hacktool_Tcpscan_334D0Ca5 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Hacktool_Tcpscan.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Hacktool_Tcpscan.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "62de04185c2e3c22af349479a68ad53c31b3874794e7c4f0f33e8d125c37f6b0" logic_hash = "94ee723c660294e35caec5a2b66eeea64896265cfebc839ed3f55cf8f8c67d7e" score = 75 @@ -100852,8 +100989,8 @@ rule ELASTIC_Linux_Trojan_Rbot_C69475E3 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Rbot.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Rbot.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "9d97c69b65d2900c39ca012fe0486e6a6abceebb890cbb6d2e091bb90f6b9690" logic_hash = "2a8629ebf6e2082ce90f1b2130ae596e4e515f3289a25899f2fc57b99c01a654" score = 75 @@ -100881,8 +101018,8 @@ rule ELASTIC_Linux_Trojan_Rbot_96625C8C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Rbot.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Rbot.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "a052cfad3034d851c6fad62cc8f9c65bceedc73f3e6a37c9befe52720fd0890e" logic_hash = "5a9671e10e7b9b58ecf9fab231de18b4b6039c9d351b145fae1705297acda95e" score = 75 @@ -100910,8 +101047,8 @@ rule ELASTIC_Linux_Trojan_Rbot_366F1599 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Rbot.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Rbot.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "5553d154a0e02e7f97415299eeae78e5bb0ecfbf5454e3933d6fd9675d78b3eb" logic_hash = "3efe0f35efd855b415149513e8abb2210a26ef6f3b6c31275c8147fabb634fab" score = 75 @@ -100939,8 +101076,8 @@ rule ELASTIC_Windows_Ransomware_Phobos_A5420148 : BETA FILE MEMORY date = "2020-06-25" modified = "2021-08-23" reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.phobos" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Phobos.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Phobos.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "9fcfe41102bee4f8ecf19f30d0bbb2de50e1a1aff4e17c587b5d9adb417527c5" score = 75 quality = 75 @@ -100970,8 +101107,8 @@ rule ELASTIC_Windows_Ransomware_Phobos_Ff55774D : BETA FILE MEMORY date = "2020-06-25" modified = "2021-08-23" reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.phobos" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Phobos.yar#L24-L43" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Phobos.yar#L24-L43" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "9ee41b9638a8cc1d9f9b254878c935c531b2f599be59550b3617b1de8cba2ba5" score = 75 quality = 75 @@ -100999,8 +101136,8 @@ rule ELASTIC_Windows_Ransomware_Phobos_11Ea7Be5 : BETA FILE MEMORY date = "2020-06-25" modified = "2021-08-23" reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.phobos" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Phobos.yar#L45-L64" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Phobos.yar#L45-L64" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "1f86695f316200c92d0d02f5f3ba9f68854978f98db5d4291a81c06c9f0b8d28" score = 75 quality = 75 @@ -101028,8 +101165,8 @@ rule ELASTIC_Windows_Trojan_Sourshark_F0247Cce : FILE MEMORY date = "2024-06-04" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_SourShark.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_SourShark.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "07eb88c69437ee6e3ea2fbab5f2fbd8e846125d18c1da7d72bb462e9d083c9fc" logic_hash = "0c5d802b5bfc771bdf5df541b18c7ab9de4f420fd3928bfd85b1a71cca2af1bc" score = 75 @@ -101059,8 +101196,8 @@ rule ELASTIC_Windows_Trojan_Sourshark_Adee8A17 : FILE MEMORY date = "2024-06-04" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_SourShark.yar#L23-L41" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_SourShark.yar#L23-L41" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "07eb88c69437ee6e3ea2fbab5f2fbd8e846125d18c1da7d72bb462e9d083c9fc" logic_hash = "98a4d31849a1828c2154b5032a81580f5dcc8d4a65b96dea3a727e2a82a51666" score = 75 @@ -101088,8 +101225,8 @@ rule ELASTIC_Linux_Hacktool_Exploitscan_4327F817 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Hacktool_Exploitscan.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Hacktool_Exploitscan.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "66c6d0e58916d863a1a973b4f5cb7d691fbd01d26b408dbc8c74f0f1e4088dfb" logic_hash = "7797d9bd75dff355e1ee84b856e77cf9e886dfe727fb8ce7a6fdbe5ed1eb0985" score = 75 @@ -101117,8 +101254,8 @@ rule ELASTIC_Windows_Trojan_Backoff_22798F00 : FILE MEMORY date = "2022-08-10" modified = "2022-09-29" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Backoff.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Backoff.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "65b5aff18a4e0bc29d7cc4cfbe2d5882f99a855727fe467b2ba2e2851c43d21b" score = 75 quality = 75 @@ -101150,8 +101287,8 @@ rule ELASTIC_Macos_Trojan_Amcleaner_445Bb666 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/MacOS_Trojan_Amcleaner.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/MacOS_Trojan_Amcleaner.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "c85bf71310882bc0c0cf9b74c9931fd19edad97600bc86ca51cf94ed85a78052" logic_hash = "664829ff761186ec8f3055531b5490b7516756b0aa9d0183d4c17240a5ca44c4" score = 75 @@ -101179,8 +101316,8 @@ rule ELASTIC_Macos_Trojan_Amcleaner_A91D3907 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/MacOS_Trojan_Amcleaner.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/MacOS_Trojan_Amcleaner.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "dc9c700f3f6a03ecb6e3f2801d4269599c32abce7bc5e6a1b7e6a64b0e025f58" logic_hash = "e61ceea117acf444a6b137b93d7c335c6eb8a7e13a567177ec4ea44bf64fd5c6" score = 75 @@ -101208,8 +101345,8 @@ rule ELASTIC_Macos_Trojan_Amcleaner_8Ce3Fea8 : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/MacOS_Trojan_Amcleaner.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/MacOS_Trojan_Amcleaner.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "c85bf71310882bc0c0cf9b74c9931fd19edad97600bc86ca51cf94ed85a78052" logic_hash = "08c4b5b4afefbf1ee207525f9b28bc7eed7b55cb07f8576fddfa0bbe95002769" score = 75 @@ -101237,8 +101374,8 @@ rule ELASTIC_Windows_Ransomware_Ryuk_25D3C5Ba : BETA FILE MEMORY date = "2020-04-30" modified = "2021-08-23" reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.ryuk" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Ryuk.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Ryuk.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "4d461ff9b87e3a17637cef89ff8a85ef22f69695d4664f6fe8f271a6a5f7b4bc" score = 75 quality = 75 @@ -101266,8 +101403,8 @@ rule ELASTIC_Windows_Ransomware_Ryuk_878Bae7E : BETA FILE MEMORY date = "2020-04-30" modified = "2021-08-23" reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.ryuk" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Ryuk.yar#L22-L42" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Ryuk.yar#L22-L42" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "94bed2220aeb41ae8069cee56cc5299b9fc56797d3b54085b8246a03d9e8bd93" score = 75 quality = 75 @@ -101296,8 +101433,8 @@ rule ELASTIC_Windows_Ransomware_Ryuk_6C726744 : BETA FILE MEMORY date = "2020-04-30" modified = "2021-08-23" reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.ryuk" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Ryuk.yar#L44-L67" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Ryuk.yar#L44-L67" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "ee7586d5cbef23d1863a4dfcc5da9b97397c993268881922c681022bf4f293f0" score = 75 quality = 75 @@ -101329,8 +101466,8 @@ rule ELASTIC_Windows_Ransomware_Ryuk_1A4Ad952 : BETA FILE MEMORY date = "2020-04-30" modified = "2021-08-23" reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.ryuk" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Ryuk.yar#L69-L88" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Ryuk.yar#L69-L88" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "bb854f5760f41e2c103c99d8f128a2546926a614dff8753eaa1287ac583e213a" score = 75 quality = 75 @@ -101358,8 +101495,8 @@ rule ELASTIC_Windows_Ransomware_Ryuk_72B5Fd9D : BETA FILE MEMORY date = "2020-04-30" modified = "2021-08-23" reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.ryuk" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Ryuk.yar#L90-L109" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Ryuk.yar#L90-L109" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "b2abc8f70df5d730ce6a7d0bc125bb623f27b292e7d575914368a8bfc0fb5837" score = 75 quality = 75 @@ -101387,8 +101524,8 @@ rule ELASTIC_Windows_Ransomware_Ryuk_8Ba51798 : BETA FILE MEMORY date = "2020-04-30" modified = "2021-08-23" reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.ryuk" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Ryuk.yar#L111-L137" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Ryuk.yar#L111-L137" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "0733ae6a7e38bc2a25aa76a816284482d3ee25626559ec5af554b5f5070e534a" score = 75 quality = 75 @@ -101423,8 +101560,8 @@ rule ELASTIC_Windows_Ransomware_Ryuk_88Daaf8E : BETA FILE MEMORY date = "2020-04-30" modified = "2021-08-23" reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.ryuk" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Ryuk.yar#L139-L158" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Ryuk.yar#L139-L158" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "6fc463976c0fb9c3e4f25d854545d07800c63730826f3974298f0077d272cff0" score = 75 quality = 75 @@ -101452,8 +101589,8 @@ rule ELASTIC_Linux_Cryptominer_Casdet_5D0D33Be : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Casdet.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Casdet.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "4b09115c876a8b610e1941c768100e03c963c76b250fdd5b12a74253ef9e5fb6" logic_hash = "e3264f614e257d853070907866b838d1cb53c1f60f7a0123ec503f1d540a15d7" score = 75 @@ -101481,8 +101618,8 @@ rule ELASTIC_Windows_Trojan_Agenttesla_D3Ac2B2F : FILE MEMORY date = "2021-03-22" modified = "2022-06-20" reference = "https://www.elastic.co/security-labs/attack-chain-leads-to-xworm-and-agenttesla" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_AgentTesla.yar#L1-L58" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_AgentTesla.yar#L1-L58" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "65463161760af7ab85f5c475a0f7b1581234a1e714a2c5a555783bdd203f85f4" logic_hash = "9c13a99107593d476de1522ced10aa43d34535b844e8c3ae871b22358137c926" score = 75 @@ -101548,8 +101685,8 @@ rule ELASTIC_Windows_Trojan_Agenttesla_E577E17E : FILE MEMORY date = "2022-03-11" modified = "2022-04-12" reference = "https://www.elastic.co/security-labs/attack-chain-leads-to-xworm-and-agenttesla" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_AgentTesla.yar#L60-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_AgentTesla.yar#L60-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "ed43ddb536e6c3f8513213cd6eb2e890b73e26d5543c0ba1deb2690b5c0385b6" logic_hash = "84c5f1096735cee0f0f4ad41a81286c0a60dc17c276f23568b855271d996c8a2" score = 75 @@ -101577,8 +101714,8 @@ rule ELASTIC_Windows_Trojan_Agenttesla_F2A90D14 : FILE MEMORY date = "2022-03-11" modified = "2022-04-12" reference = "https://www.elastic.co/security-labs/attack-chain-leads-to-xworm-and-agenttesla" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_AgentTesla.yar#L81-L100" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_AgentTesla.yar#L81-L100" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "ed43ddb536e6c3f8513213cd6eb2e890b73e26d5543c0ba1deb2690b5c0385b6" logic_hash = "3f39b773f2b1524b05d3c1d9aa1fb54594ec9003d2e9da342b6d17ba885f5a03" score = 75 @@ -101606,8 +101743,8 @@ rule ELASTIC_Windows_Trojan_Agenttesla_A2D69E48 : FILE MEMORY date = "2023-05-01" modified = "2023-06-13" reference = "https://www.elastic.co/security-labs/attack-chain-leads-to-xworm-and-agenttesla" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_AgentTesla.yar#L102-L122" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_AgentTesla.yar#L102-L122" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "edef51e59d10993155104d90fcd80175daa5ade63fec260e3272f17b237a6f44" logic_hash = "1f90be86b7afa7f518a3dcec55028bfc915cf6d4fed1350a56e351946cc55f41" score = 75 @@ -101636,8 +101773,8 @@ rule ELASTIC_Windows_Trojan_Agenttesla_Ebf431A8 : FILE MEMORY date = "2023-12-01" modified = "2024-01-12" reference = "https://www.elastic.co/security-labs/attack-chain-leads-to-xworm-and-agenttesla" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_AgentTesla.yar#L124-L148" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_AgentTesla.yar#L124-L148" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "0cb3051a80a0515ce715b71fdf64abebfb8c71b9814903cb9abcf16c0403f62b" logic_hash = "b02d6e2d68b336aaa37336e0c0c3ffa6c7a126bfcdb6cb6ad5a3432004c6030c" score = 75 @@ -101670,8 +101807,8 @@ rule ELASTIC_Linux_Ransomware_Gonnacry_53C3832D : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Ransomware_Gonnacry.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Ransomware_Gonnacry.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "f5de75a6db591fe6bb6b656aa1dcfc8f7fe0686869c34192bfa4ec092554a4ac" logic_hash = "2b7453c4eb71b71e6a241f728b077a2ee63d988d55a64fedf61c34222799e262" score = 75 @@ -101699,8 +101836,8 @@ rule ELASTIC_Linux_Trojan_Azeela_Aad9D6Cc : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Azeela.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Azeela.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "6c476a7457ae07eca3d3d19eda6bb6b6b3fa61fa72722958b5a77caff899aaa6" logic_hash = "efc8b5de42a2ee2104dc8e8c25b313f6ced2fb291ba27dc8276822960dd7eb74" score = 75 @@ -101728,8 +101865,8 @@ rule ELASTIC_Windows_Vulndriver_Llaccess_C57534E8 : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_VulnDriver_LLAccess.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_VulnDriver_LLAccess.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "000547560fea0dd4b477eb28bf781ea67bf83c748945ce8923f90fdd14eb7a4b" logic_hash = "8bf629fd2ce0b1f15c7aacd573659b649dcf968556232683b29d68b27d12e577" score = 75 @@ -101759,8 +101896,8 @@ rule ELASTIC_Windows_Trojan_Dbatloader_F93A8E90 : FILE MEMORY date = "2022-03-11" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_DBatLoader.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_DBatLoader.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "f72d7e445702bbf6b762ebb19d521452b9c76953d93b4d691e0e3e508790256e" logic_hash = "6fe91d91bb383c66a6dc623b02817411a39b88030142517f4048c5c25fbb4ac5" score = 75 @@ -101779,6 +101916,44 @@ rule ELASTIC_Windows_Trojan_Dbatloader_F93A8E90 : FILE MEMORY condition: all of them } +rule ELASTIC_Windows_Hacktool_Godpotato_5F1Aad81 : FILE MEMORY +{ + meta: + description = "Detects Windows Hacktool Godpotato (Windows.Hacktool.GodPotato)" + author = "Elastic Security" + id = "5f1aad81-88d8-4561-a6f9-d7521b9ffdf5" + date = "2024-06-24" + modified = "2024-07-02" + reference = "https://github.com/elastic/protections-artifacts/" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Hacktool_GodPotato.yar#L1-L28" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" + hash = "00171bb6e9e4a9b8601e988a8c4ac6f5413e31e1b6d86d24b0b53520cd02184c" + logic_hash = "3028c84a616d47b37b4ef2d41d35ccef5121c06aa042096bca8ea53b528a1eb9" + score = 75 + quality = 25 + tags = "FILE, MEMORY" + fingerprint = "3645a259f9b5d07bd5ad2ec823fd704eccd0412dd75c47bc82124db9a907da2a" + severity = 100 + arch_context = "x86" + scan_context = "file, memory" + license = "Elastic License v2" + os = "windows" + + strings: + $a1 = "GodPotato" wide fullword + $a2 = "GodPotatoContext was not initialized" wide fullword + $a3 = "GodPotatoStorageTrigger" ascii fullword + $a4 = "[*] DCOM obj GUID: {0}" wide fullword + $a5 = "[*] DispatchTable: 0x{0:x}" wide fullword + $a6 = "[*] UseProtseqFunction: 0x{0:x}" wide fullword + $a7 = "[*] process start with pid {0}" wide fullword + $a8 = "[!] ImpersonateNamedPipeClient fail error:{0}" wide fullword + $a9 = "[*] CoGetInstanceFromIStorage: 0x{0:x}" wide fullword + $a10 = "[*] Trigger RPCS" wide + + condition: + 5 of them +} rule ELASTIC_Windows_Vulndriver_ATSZIO_E22Cc429 : FILE { meta: @@ -101788,8 +101963,8 @@ rule ELASTIC_Windows_Vulndriver_ATSZIO_E22Cc429 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_VulnDriver_ATSZIO.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_VulnDriver_ATSZIO.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "01e024cb14b34b6d525c642a710bfa14497ea20fd287c39ba404b10a8b143ece" logic_hash = "e3f057d5a5c47a1f3b4d50e2ad0ebb3a4ffe0efe513a0d375f827fadb3328d80" score = 75 @@ -101818,8 +101993,8 @@ rule ELASTIC_Windows_Vulndriver_Elrawdisk_F9Fd1A80 : FILE date = "2022-10-07" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_VulnDriver_ElRawDisk.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_VulnDriver_ElRawDisk.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "ed4f2b3db9a79535228af253959a0749b93291ad8b1058c7a41644b73035931b" logic_hash = "43f9f1f6ad6c1defe2f0d6dd0cd380bea1a8ead19bc0bf203bdfe4f83b9c284d" score = 75 @@ -101847,8 +102022,8 @@ rule ELASTIC_Windows_Trojan_Garble_Eae7F2F7 : FILE MEMORY date = "2022-06-08" modified = "2022-09-29" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Garble.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Garble.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "4820a1ec99981e03675a86c4c01acba6838f04945b5f753770b3de4e253e1b8c" logic_hash = "5d88579b0f0f71b8b4310c141fb243f39696e158227da0a1e0140b030b783c65" score = 75 @@ -101876,8 +102051,8 @@ rule ELASTIC_Windows_Packer_Scrubcrypt_6A75A4Bb : FILE MEMORY date = "2023-04-18" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Packer_ScrubCrypt.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Packer_ScrubCrypt.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "05c1eea2ff8c31aa5baf1dfd8015988f7e737753275ed1c8c29013a3a7414b50" logic_hash = "edcaa6f1cc85ef084ae5bf2524f39869a90b008dce85e72bca4835565f067ca7" score = 75 @@ -101906,8 +102081,8 @@ rule ELASTIC_Linux_Trojan_Hiddad_E35Bff7B : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Hiddad.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Hiddad.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "22a418e660b5a7a2e0cc1c1f3fe1d150831d75c4fedeed9817a221194522efcf" logic_hash = "3881222807585dc933cb61473751d13297fa7eb085a50d435d3b680354a35ee9" score = 75 @@ -101935,8 +102110,8 @@ rule ELASTIC_Linux_Exploit_CVE_2021_3156_F3Fb10Cd : FILE CVE_2021_3156 date = "2021-09-15" modified = "2021-09-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_CVE_2021_3156.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_CVE_2021_3156.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "65fb8baa5ec3bfb4473e4b2f565b461dd59989d43c72b1c5ec2e1a68baa8b51a" logic_hash = "cc80e0b2355877cd9ceecae19d4dcebb641d90a24c0751bf706134b31bf26750" score = 75 @@ -101965,8 +102140,8 @@ rule ELASTIC_Linux_Exploit_CVE_2021_3156_7F5672D0 : FILE CVE_2021_3156 date = "2021-09-15" modified = "2021-09-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_CVE_2021_3156.yar#L22-L45" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_CVE_2021_3156.yar#L22-L45" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "1a4517d2582ac97b88ae568c23e75beba93daf8518bd3971985d6a798049fd61" logic_hash = "e25907f11a2f292441a96e19834ad89636593a3f8998ec0010e43830f5aa0c64" score = 75 @@ -101999,8 +102174,8 @@ rule ELASTIC_Windows_Shellcode_Generic_8C487E57 : FILE MEMORY date = "2022-05-23" modified = "2022-07-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Shellcode_Generic.yar#L1-L18" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Shellcode_Generic.yar#L1-L18" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "a86ea8e15248e83ce7322c10e308a5a24096b1d7c67f5673687563dec8229dfe" score = 75 quality = 75 @@ -102027,8 +102202,8 @@ rule ELASTIC_Windows_Shellcode_Generic_F27D7Beb : FILE MEMORY date = "2022-06-08" modified = "2022-09-29" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Shellcode_Generic.yar#L20-L37" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Shellcode_Generic.yar#L20-L37" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "8530a74a002d0286711cd86545aff0bf853de6b6684473b6211d678797c3639f" score = 75 quality = 75 @@ -102055,8 +102230,8 @@ rule ELASTIC_Windows_Shellcode_Generic_29Dcbf7A : FILE MEMORY date = "2023-05-09" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Shellcode_Generic.yar#L39-L56" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Shellcode_Generic.yar#L39-L56" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "c2a81cc27e696a2e488df7d2f96784bbaed83df5783efab312fc5ccbfd524b43" score = 75 quality = 75 @@ -102083,8 +102258,8 @@ rule ELASTIC_Windows_Ransomware_Blackhunt_7B46Cb9C : FILE MEMORY date = "2024-03-12" modified = "2024-03-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_BlackHunt.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_BlackHunt.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "6c4e968c9b53906ba0e86a41eccdabe2b736238cb126852023e15850e956293d" logic_hash = "97bb8436574fd814d8278e5a7043e011d0e4f9a7dd9df5e67605f28ac1af1e74" score = 50 @@ -102118,8 +102293,8 @@ rule ELASTIC_Linux_Hacktool_Lightning_D9A9173A : FILE MEMORY date = "2022-11-08" modified = "2024-02-13" reference = "https://www.intezer.com/blog/research/lightning-framework-new-linux-threat/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Hacktool_Lightning.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Hacktool_Lightning.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "48f9471c20316b295704e6f8feb2196dd619799edec5835734fc24051f45c5b7" logic_hash = "93961d9771aa4e828e15923064a848291c7814ad4e15e30cd252fc41523d789e" score = 75 @@ -102150,8 +102325,8 @@ rule ELASTIC_Linux_Hacktool_Lightning_E87C9D50 : FILE MEMORY date = "2022-11-08" modified = "2024-02-13" reference = "https://www.intezer.com/blog/research/lightning-framework-new-linux-threat/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Hacktool_Lightning.yar#L25-L48" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Hacktool_Lightning.yar#L25-L48" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "fd285c2fb4d42dde23590118dba016bf5b846625da3abdbe48773530a07bcd1e" logic_hash = "455ecf97e7becaf9c40843f8a3f60ec233d35e0061c6994f168428a8835c1b20" score = 75 @@ -102183,8 +102358,8 @@ rule ELASTIC_Linux_Hacktool_Lightning_3Bcac358 : FILE MEMORY date = "2022-11-08" modified = "2024-02-13" reference = "https://www.intezer.com/blog/research/lightning-framework-new-linux-threat/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Hacktool_Lightning.yar#L50-L72" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Hacktool_Lightning.yar#L50-L72" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "ad16989a3ebf0b416681f8db31af098e02eabd25452f8d781383547ead395237" logic_hash = "f260372b9f2ea32f93ff7a30dc8239766e713a1e177a483444b14538741c24af" score = 75 @@ -102215,8 +102390,8 @@ rule ELASTIC_Linux_Trojan_Masan_5369C678 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Masan.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Masan.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "f2de9f39ca3910d5b383c245d8ca3c1bdf98e2309553599e0283062e0aeff17f" logic_hash = "e57b105004216a6054b0561b69cce00c35255c5bd33aa8e403d0a3967cd0697e" score = 75 @@ -102244,8 +102419,8 @@ rule ELASTIC_Windows_Trojan_A310Logger_520Cd7Ec : FILE MEMORY date = "2022-01-11" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_A310logger.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_A310logger.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "60fb9597e5843c72d761525f73ca728409579d81901860981ebd84f7d153cfa3" logic_hash = "6095ce913e3fb1cfc2f1b091598fc06b2dfec30c2353be7df08dcbb1a06b07c3" score = 75 @@ -102277,8 +102452,8 @@ rule ELASTIC_Linux_Trojan_Marut_47Af730D : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Marut.yar#L1-L18" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Marut.yar#L1-L18" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "048ce8059be6697c5f507fb1912ac2adcedab87c75583dd84700984e6d0d81e6" score = 75 quality = 75 @@ -102305,8 +102480,8 @@ rule ELASTIC_Linux_Exploit_Wuftpd_0991E62F : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_Wuftpd.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_Wuftpd.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "c0b6303300f38013840abe17abe192db6a99ace78c83bc7ef705f5c568bc98fd" logic_hash = "71ad26a182c7f16e7e0ad7f7afe0dcf1d38fe953dc0806341d7e21ee4acea87d" score = 75 @@ -102334,8 +102509,8 @@ rule ELASTIC_Windows_Hacktool_Sharpgpoabuse_14Ea480E : FILE MEMORY date = "2024-03-25" modified = "2024-05-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Hacktool_SharpGPOAbuse.yar#L1-L26" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Hacktool_SharpGPOAbuse.yar#L1-L26" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "d13f87b9eaf09ef95778b2f1469aa34d03186d127c8f73c73299957d386c78d1" logic_hash = "efc1259f4ed05c8f41df75c056d36fd5a808a92b5c88cfb0522caedea39476b4" score = 75 @@ -102370,8 +102545,8 @@ rule ELASTIC_Windows_Trojan_Pingpull_09Dd9559 : FILE MEMORY date = "2022-06-16" modified = "2022-07-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Pingpull.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Pingpull.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "de14f22c88e552b61c62ab28d27a617fb8c0737350ca7c631de5680850282761" logic_hash = "114674b1a9acfc7643138d3b07885343a50c9d319b8d22a6ef34e916685c4469" score = 75 @@ -102405,8 +102580,8 @@ rule ELASTIC_Linux_Exploit_CVE_2021_4034_1C8F235D : FILE CVE_2021_4034 date = "2022-01-26" modified = "2022-07-22" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_CVE_2021_4034.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_CVE_2021_4034.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "94052c42aa41d0911e4b425dcfd6b829cec8f673bf1245af4050ef9c257f6c4b" logic_hash = "217df6687076a715712a053672d7b02567a3ee38ce9c0ccf80d23fcfde35592a" score = 75 @@ -102435,8 +102610,8 @@ rule ELASTIC_Windows_Ransomware_Stop_1E8D48Ff : FILE MEMORY date = "2021-06-10" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Stop.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Stop.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3" logic_hash = "d743feae072a5f3e1b008354352bef48218bb041bc8a5ba39526815ab9cd2690" score = 75 @@ -102465,8 +102640,8 @@ rule ELASTIC_Linux_Trojan_Sshdoor_97F92Ff7 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Sshdoor.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Sshdoor.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "2e1d909e4a6ba843194f9912826728bd2639b0f34ee512e0c3c9e5ce4d27828e" logic_hash = "a883c790fd7fdeb0ca6de5fcf4dd69a996b6d85db3179a8a28adbbbc1dc01bc6" score = 75 @@ -102494,8 +102669,8 @@ rule ELASTIC_Linux_Trojan_Sshdoor_5B78Aa01 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Sshdoor.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Sshdoor.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "2e1d909e4a6ba843194f9912826728bd2639b0f34ee512e0c3c9e5ce4d27828e" logic_hash = "bcf285ac220b2b2ed9caf0943fa22ee830e5b26501c54a223e483a33e2fc63c0" score = 75 @@ -102523,8 +102698,8 @@ rule ELASTIC_Linux_Trojan_Sshdoor_1B443A9B : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Sshdoor.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Sshdoor.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "a33112daa5a7d31ea1a1ca9b910475843b7d8c84d4658ccc00bafee044382709" logic_hash = "4afcd7103a14d59abc08d9e03182a985e3d0250c09aad5e81fd110c6a95f29e0" score = 75 @@ -102552,8 +102727,8 @@ rule ELASTIC_Linux_Trojan_Sshdoor_7C36D3Dd : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Sshdoor.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Sshdoor.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "def4de838d58c70f9f0ae026cdad3bf09b711a55af97ed20804fa1e34e7b59e9" logic_hash = "c1b61fce7593a44e47043fac8a6356f9aa9e74b66db005400684a5a79b69a5cd" score = 75 @@ -102581,8 +102756,8 @@ rule ELASTIC_Linux_Trojan_Sshdoor_3E81B1B7 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Sshdoor.yar#L81-L99" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Sshdoor.yar#L81-L99" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "def4de838d58c70f9f0ae026cdad3bf09b711a55af97ed20804fa1e34e7b59e9" logic_hash = "54253df560e6552a728dc2651c557bc23ae8ec4847760290701438821c52342e" score = 75 @@ -102610,8 +102785,8 @@ rule ELASTIC_Linux_Trojan_Sshdoor_Cde7Cfd4 : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Sshdoor.yar#L101-L119" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Sshdoor.yar#L101-L119" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "cd646a1d59c99b9e038098b91cdb63c3fe9b35bb10583bef0ab07260dbd4d23d" logic_hash = "47967d90a6dbb4461e22998aff5b7e68b4b9007ea7e5e30574ae1f1cfcbaa573" score = 75 @@ -102639,8 +102814,8 @@ rule ELASTIC_Linux_Trojan_Sshdoor_32D9Fb1B : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Sshdoor.yar#L121-L139" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Sshdoor.yar#L121-L139" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "ee1f6dbea40d198e437e8c2ae81193472c89e41d1998bee071867dab1ce16b90" logic_hash = "35ef4f3970484a46d705e6976a9932639d576717454b8e07ed24a72114d9c42d" score = 75 @@ -102668,8 +102843,8 @@ rule ELASTIC_Linux_Trojan_Sshdoor_7C3Cfc62 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Sshdoor.yar#L141-L159" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Sshdoor.yar#L141-L159" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "ee1f6dbea40d198e437e8c2ae81193472c89e41d1998bee071867dab1ce16b90" logic_hash = "da9804489f30b575d2b459f82570f5df07c1777f105cd373c4268f8a31fa4e43" score = 75 @@ -102697,8 +102872,8 @@ rule ELASTIC_Windows_Hacktool_Iox_98Cd1Cd8 : FILE MEMORY date = "2024-01-24" modified = "2024-01-29" reference = "https://www.elastic.co/security-labs/unmasking-financial-services-intrusion-ref0657" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Hacktool_Iox.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Hacktool_Iox.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "d4544a521d4e6eb07336816b1aae54f92c5c4fd2eb31dcfbdf26e4ef890e73db" logic_hash = "d7f9e4f399410d54416e974fbd66b2caa27359ae0f2e33e01d62f1aa618daa34" score = 75 @@ -102729,8 +102904,8 @@ rule ELASTIC_Windows_Trojan_Downtown_901C4Fdd : FILE MEMORY date = "2023-05-10" modified = "2023-06-13" reference = "https://www.elastic.co/security-labs/introducing-the-ref5961-intrusion-set" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_DownTown.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_DownTown.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "6368d37fa9ba4e32131e16bceaee322f2fa8507873d01ebd687536e593354725" score = 75 quality = 75 @@ -102759,8 +102934,8 @@ rule ELASTIC_Windows_Trojan_Downtown_145Ecd2F : FILE MEMORY date = "2023-08-23" modified = "2023-09-20" reference = "https://www.elastic.co/security-labs/introducing-the-ref5961-intrusion-set" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_DownTown.yar#L23-L44" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_DownTown.yar#L23-L44" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "744a51c5317e265177185d9d0b8838a8fc939b4c56cc5e5bc51d5432d046d9f1" score = 75 quality = 75 @@ -102790,8 +102965,8 @@ rule ELASTIC_Windows_Hacktool_Chromekatz_Fa232Bba : FILE MEMORY date = "2024-03-27" modified = "2024-05-08" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Hacktool_ChromeKatz.yar#L1-L28" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Hacktool_ChromeKatz.yar#L1-L28" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "3f6922049422df14f1a1777001fea54b18fbfb0a4b03c4ee27786bfbc3b8ab87" logic_hash = "c86291fadd51845cbd7428b159e401d78ac77090e14e34d06bf7bf2018f4502a" score = 75 @@ -102828,8 +103003,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_825B6808 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Hacktool_Flooder.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Hacktool_Flooder.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "7db9a0760dd16e23cb299559a0e31a431b836a105d5309a9880fa4b821937659" logic_hash = "f5f997d8401f1505e81072dcb0e24ad7a78f0b56133698b70d8dd93ef25ddaf3" score = 75 @@ -102857,8 +103032,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_A44Ab8Cd : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Hacktool_Flooder.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Hacktool_Flooder.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "4b2068a4a666b0279358b8eb4f480d2df4c518a8b4518d0d77c6687c3bff0a32" logic_hash = "a0501f76aff532366292189d34a57844ba999748b94f349be2f391dfd96e2106" score = 75 @@ -102886,8 +103061,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_7026F674 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Hacktool_Flooder.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Hacktool_Flooder.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "b7a77ebb66664c54d01a57abed5bb034ef2933a9590b595bba0566938b099438" logic_hash = "ec8ece1f922260f620fb30d82469f77a4d0239da536fc464fc37a3943cd6e463" score = 75 @@ -102915,8 +103090,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_761Ad88E : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Hacktool_Flooder.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Hacktool_Flooder.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "1d88971f342e4bc4e6615e42080a3b6cec9f84912aa273c36fc46aaf86ff6771" logic_hash = "2b0c64da713e2f8ff671cbe086638810bc02a983d42851e78c68a57bde9f023c" score = 75 @@ -102944,8 +103119,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_B93655D3 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Hacktool_Flooder.yar#L81-L98" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Hacktool_Flooder.yar#L81-L98" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "34cb06385543c6c2c562f757df2f641d8402e7c9f95fa924e17652a1c38d695f" score = 75 quality = 75 @@ -102972,8 +103147,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_Af9F75E6 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Hacktool_Flooder.yar#L100-L118" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Hacktool_Flooder.yar#L100-L118" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "bf6f3ffaf94444a09b69cbd4c8c0224d7eb98eb41514bdc3f58c1fb90ac0e705" logic_hash = "b74f5fad3c7219038e51eb4fa12fb9d55d7f65a9f4bab0adff8609fabb0afdab" score = 75 @@ -103001,8 +103176,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_1Bf0E994 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Hacktool_Flooder.yar#L120-L138" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Hacktool_Flooder.yar#L120-L138" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "1ea2dc13eec0d7a8ec20307f5afac8e9344d827a6037bb96a54ad7b12f65b59c" logic_hash = "2c1099b8078ac306f7cb67be5b5b5e34f57414b9aa26bdd6c26d3636c80846cd" score = 75 @@ -103030,8 +103205,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_D710A5Da : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Hacktool_Flooder.yar#L140-L158" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Hacktool_Flooder.yar#L140-L158" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "ba895a9c449bf9bf6c092df88b6d862a3e8ed4079ef795e5520cb163a45bcdb4" logic_hash = "118a29cc0ccd191181dabc134de282ba134e041113faaa4d95e0aa201646438b" score = 75 @@ -103059,8 +103234,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_F434A3Fb : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Hacktool_Flooder.yar#L160-L178" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Hacktool_Flooder.yar#L160-L178" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "ba895a9c449bf9bf6c092df88b6d862a3e8ed4079ef795e5520cb163a45bcdb4" logic_hash = "11b173f73b87f50775be50c6b4528bd9b148ea4266297aec76ae126cab0facb0" score = 75 @@ -103088,8 +103263,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_A2795A4C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Hacktool_Flooder.yar#L180-L198" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Hacktool_Flooder.yar#L180-L198" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "9a564d6b29d2aaff960e6f84cd0ef4c701fefa2a62e2ea690106f3fdbabb0d71" logic_hash = "18e15b8a417f9ff2fd9277a01eb3224c761807ce9541ece568f4525ae66eb81f" score = 75 @@ -103117,8 +103292,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_678C1145 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Hacktool_Flooder.yar#L200-L218" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Hacktool_Flooder.yar#L200-L218" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "559793b9cb5340478f76aaf5f81c8dbfbcfa826657713d5257dac3c496b243a6" logic_hash = "5ff15c8d92bca62700bbb67aeebc41fd603687dbc0c93733955bf59375df40a1" score = 60 @@ -103146,8 +103321,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_3Cbdfb1F : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Hacktool_Flooder.yar#L220-L238" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Hacktool_Flooder.yar#L220-L238" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "bd40ac964f3ad2011841c7eb4bf7cab332d4d95191122e830ab031dc9511c079" logic_hash = "38e8ca59bf55c32b99aa76a89f60edcf09956b7cad0b4745fab92eca327c52db" score = 75 @@ -103175,8 +103350,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_8B63Ff02 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Hacktool_Flooder.yar#L240-L258" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Hacktool_Flooder.yar#L240-L258" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "a57de6cd3468f55b4bfded5f1eed610fdb2cbffbb584660ae000c20663d5b304" logic_hash = "3b68353c8eeb21a3eba7a02ae76b66b4f094ec52d5309582544d247cc6548da3" score = 75 @@ -103204,8 +103379,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_30973084 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Hacktool_Flooder.yar#L260-L278" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Hacktool_Flooder.yar#L260-L278" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "a22ffa748bcaaed801f48f38b26a9cfdd5e62183a9f6f31c8a1d4a8443bf62a4" logic_hash = "d965a032c0fb6020c6187aa3117f7251dd8c9287c45453e3d5ae2ac62b3067bb" score = 75 @@ -103233,8 +103408,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_1Cfa95Dd : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Hacktool_Flooder.yar#L280-L298" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Hacktool_Flooder.yar#L280-L298" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "1d88971f342e4bc4e6615e42080a3b6cec9f84912aa273c36fc46aaf86ff6771" logic_hash = "f73a96cc379c8dc060bfe5668ef7e47c5bcd037b3f41c300ef20c2f2f653cb00" score = 75 @@ -103262,8 +103437,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_25C48456 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Hacktool_Flooder.yar#L300-L318" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Hacktool_Flooder.yar#L300-L318" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "eba6f3e4f7b53e22522d82bdbdf5271c3fc701cbe07e9ecb7b4c0b85adc9d6b4" logic_hash = "4ed4b901fccaed834b9908fb447da1521bf31f283ae55b6d8f6090814cf8fcd2" score = 75 @@ -103291,8 +103466,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_B1Ca2Abd : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Hacktool_Flooder.yar#L320-L338" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Hacktool_Flooder.yar#L320-L338" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "1d88971f342e4bc4e6615e42080a3b6cec9f84912aa273c36fc46aaf86ff6771" logic_hash = "05b906a9823bf9ba25ba1ed490beb8f338429cbc744ca230c5c4cbb41ab9f140" score = 75 @@ -103320,8 +103495,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_Cce8C792 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Hacktool_Flooder.yar#L340-L358" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Hacktool_Flooder.yar#L340-L358" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "ea56da9584fc36dc67cb1e746bd13c95c4d878f9d594e33221baad7e01571ee6" logic_hash = "14700d24e8682ec04f2aae02f5820c4d956db60583b1bc61038b47e709705d0d" score = 75 @@ -103349,8 +103524,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_4Bcea1C4 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Hacktool_Flooder.yar#L360-L378" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Hacktool_Flooder.yar#L360-L378" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "9a564d6b29d2aaff960e6f84cd0ef4c701fefa2a62e2ea690106f3fdbabb0d71" logic_hash = "76019729a3a33fc04ff983f38b4fbf174a66da7ffc05cd07eb93e3cd5aecaaa2" score = 75 @@ -103378,8 +103553,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_Ab561A1B : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Hacktool_Flooder.yar#L380-L398" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Hacktool_Flooder.yar#L380-L398" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "1b7df0d491974bead05d04ede6cf763ecac30ecff4d27bb4097c90cc9c3f4155" logic_hash = "5720d2ada4b33514f2d528417876606d2951786df8b0512f9e8833b8ec87127a" score = 75 @@ -103407,8 +103582,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_1A4Eb229 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Hacktool_Flooder.yar#L400-L418" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Hacktool_Flooder.yar#L400-L418" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "bf6f3ffaf94444a09b69cbd4c8c0224d7eb98eb41514bdc3f58c1fb90ac0e705" logic_hash = "83b04e366a05a46ad67b9aaf6b9658520e119003cd65941dd69416cbc5229c30" score = 75 @@ -103436,8 +103611,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_51Ef0659 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Hacktool_Flooder.yar#L420-L438" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Hacktool_Flooder.yar#L420-L438" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "b7a2bc75dd9c44c38b2a6e4e7e579142ece92a75b8a3f815940c5aa31470be2b" logic_hash = "26dd95cb1cdaec10d408e294a3baca85d741cf5e56649cdcc79ef7216e4cb440" score = 75 @@ -103465,8 +103640,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_D90C4Cbe : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Hacktool_Flooder.yar#L440-L458" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Hacktool_Flooder.yar#L440-L458" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "409c55110d392aed1a9ec98a6598fb8da86ab415534c8754aa48e3949e7c4b62" logic_hash = "145d32f8a06af18e6f13b0905cc51fd7b1a9e00b41b0f0a5d537ada2b54a94b5" score = 75 @@ -103494,8 +103669,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_C680C9Fd : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Hacktool_Flooder.yar#L460-L478" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Hacktool_Flooder.yar#L460-L478" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "ea56da9584fc36dc67cb1e746bd13c95c4d878f9d594e33221baad7e01571ee6" logic_hash = "a283132ffdd109b8b1f01e5a3e2700b70b742945c7ae8b15b2b244fb249a5e3d" score = 75 @@ -103523,8 +103698,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_E63396F4 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Hacktool_Flooder.yar#L480-L498" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Hacktool_Flooder.yar#L480-L498" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "913e6d2538bd7eed3a8f3d958cf445fe11c5c299a70e5385e0df6a9b2f638323" logic_hash = "d3f7c62a7411caf86ee574a686b4b1972066602f89d39ae9e49ba66d9917c7c9" score = 75 @@ -103552,8 +103727,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_7D5355Da : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "03397525f90c8c2242058d2f6afc81ceab199c5abcab8fd460fabb6b083d8d20" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Hacktool_Flooder.yar#L500-L518" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Hacktool_Flooder.yar#L500-L518" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "b4540f941ca1a36c460d056ef263ebd67c6388f3f6f373f50371f7cca2739bc4" score = 75 quality = 75 @@ -103580,8 +103755,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_A9E8A90F : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "0558cf8cab0ba1515b3b69ac32975e5e18d754874e7a54d19098e7240ebf44e4" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Hacktool_Flooder.yar#L520-L538" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Hacktool_Flooder.yar#L520-L538" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "8f1fcb736a9363142a25426ef2d166f92526bffaf8069f1b12056c9cf5825379" score = 75 quality = 75 @@ -103608,8 +103783,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_A598192A : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "101f2240cd032831b9c0930a68ea6f74688f68ae801c776c71b488e17bc71871" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Hacktool_Flooder.yar#L540-L558" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Hacktool_Flooder.yar#L540-L558" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "19909f53acca8c84125c95fc651765a25162c5f916366da8351e67675393e583" score = 75 quality = 75 @@ -103636,8 +103811,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_53Bf4E37 : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "101f2240cd032831b9c0930a68ea6f74688f68ae801c776c71b488e17bc71871" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Hacktool_Flooder.yar#L560-L578" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Hacktool_Flooder.yar#L560-L578" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "d1aabf8067b74dac114e197722d51c4bbb9a78e6ba9b5401399930c29d55bdcc" score = 75 quality = 75 @@ -103664,8 +103839,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_50158A6E : FILE MEMORY date = "2021-06-28" modified = "2021-09-16" reference = "1e0cdb655e48d21a6b02d2e1e62052ffaaec9fdfe65a3d180fc8afabc249e1d8" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Hacktool_Flooder.yar#L580-L598" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Hacktool_Flooder.yar#L580-L598" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "67c22fcf514a3e8c2c27817798c796aacf00ba82e1090894aa2c1170a1e2a096" score = 75 quality = 75 @@ -103692,8 +103867,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_F454Ec10 : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "0297e1ad6e180af85256a175183102776212d324a2ce0c4f32e8a44a2e2e9dad" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Hacktool_Flooder.yar#L600-L618" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Hacktool_Flooder.yar#L600-L618" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "e5afb215632ad6359ba95df86316d496ea5e36edb79901c34e0710a6bd9c97d1" score = 75 quality = 75 @@ -103720,8 +103895,8 @@ rule ELASTIC_Linux_Hacktool_Flooder_9417F77B : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "60ff13e27dad5e6eadb04011aa653a15e1a07200b6630fdd0d0d72a9ba797d68" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Hacktool_Flooder.yar#L620-L638" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Hacktool_Flooder.yar#L620-L638" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "470b7e44cd875b1f6abcfa5e4d33d2808a65630dc914b38643c9efb14db5f1ff" score = 75 quality = 75 @@ -103748,8 +103923,8 @@ rule ELASTIC_Linux_Trojan_Zerobot_185E2396 : FILE MEMORY date = "2022-12-16" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Zerobot.yar#L1-L26" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Zerobot.yar#L1-L26" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "f9fc370955490bdf38fc63ca0540ce1ea6f7eca5123aa4eef730cb618da8551f" logic_hash = "caa21cc019d8e4549d976f8b4f98d930ef7acf4c39c41956ae35fa78c975e016" score = 75 @@ -103784,8 +103959,8 @@ rule ELASTIC_Linux_Trojan_Zerobot_3A5B56Dd : FILE MEMORY date = "2022-12-16" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Zerobot.yar#L28-L51" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Zerobot.yar#L28-L51" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "f9fc370955490bdf38fc63ca0540ce1ea6f7eca5123aa4eef730cb618da8551f" logic_hash = "2491fff4ad0327e0440d842f221fb6623c8efd97e2991bf2090abceaef9c2ccf" score = 75 @@ -103818,8 +103993,8 @@ rule ELASTIC_Windows_Hacktool_Dinvokerust_512D3B59 : FILE MEMORY date = "2024-02-28" modified = "2024-03-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Hacktool_DinvokeRust.yar#L1-L24" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Hacktool_DinvokeRust.yar#L1-L24" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "ebf0f1bfd166d2d49b642fa43cb0c7364c0c605d9a7f108dc49d9f1cc859ab4a" logic_hash = "7be1a4e25cf41e47ab135c718b7ec5a49a2890cf873c52597f8dab4d47636ed8" score = 75 @@ -103852,8 +104027,8 @@ rule ELASTIC_Linux_Exploit_CVE_2009_1897_6Cf0A073 : FILE MEMORY CVE_2009_1897 date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_CVE_2009_1897.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_CVE_2009_1897.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "85f371bf73ee6d8fcb6fa9a8a68b38c5e023151257fd549855c4c290cc340724" logic_hash = "dcde454fda09cb6bc7b213b76d70eafd65d2601cfda70ff25c6940b55ce3adb6" score = 75 @@ -103881,8 +104056,8 @@ rule ELASTIC_Windows_Vulndriver_Rtcore_4Eeb2Ce5 : FILE date = "2022-04-04" modified = "2022-08-30" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_VulnDriver_RtCore.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_VulnDriver_RtCore.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "01aa278b07b58dc46c84bd0b1b5c8e9ee4e62ea0bf7a695862444af32e87f1fd" logic_hash = "f547bce6554c60e8f3ef8e128c05533cf1f35ce0ee414d5a1c5e9a205b05d8fe" score = 75 @@ -103911,8 +104086,8 @@ rule ELASTIC_Windows_Ransomware_Mespinoza_3Adb59F5 : FILE MEMORY date = "2021-08-05" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Mespinoza.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Mespinoza.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "6f3cd5f05ab4f404c78bab92f705c91d967b31a9b06017d910af312fa87ae3d6" logic_hash = "28c8ad42a3af70fed274edc9105dae5cef13749d71510561a50428c822464934" score = 75 @@ -103942,8 +104117,8 @@ rule ELASTIC_Windows_Trojan_Stealc_B8Ab9Ab5 : FILE MEMORY date = "2024-03-13" modified = "2024-03-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Stealc.yar#L1-L27" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Stealc.yar#L1-L27" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "0d1c07c84c54348db1637e21260dbed09bd6b7e675ef58e003d0fe8f017fd2c8" logic_hash = "5fc5d5cea481d1d204d1aa6c52679a23eb59438df2fe547d14c00524772867bb" score = 75 @@ -103979,8 +104154,8 @@ rule ELASTIC_Windows_Trojan_Stealc_A2B71Dc4 : FILE MEMORY date = "2024-03-13" modified = "2024-03-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Stealc.yar#L29-L50" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Stealc.yar#L29-L50" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "0d1c07c84c54348db1637e21260dbed09bd6b7e675ef58e003d0fe8f017fd2c8" logic_hash = "b79ac3e65cd7d2819d6a49f59ec661241c97174f66a7c4ada91932f10fc43583" score = 75 @@ -104002,6 +104177,35 @@ rule ELASTIC_Windows_Trojan_Stealc_A2B71Dc4 : FILE MEMORY condition: 2 of ($seq*) } +rule ELASTIC_Windows_Trojan_Stealc_5D3F297C : FILE MEMORY +{ + meta: + description = "Detects Windows Trojan Stealc (Windows.Trojan.Stealc)" + author = "Elastic Security" + id = "5d3f297c-b812-401a-8671-2e00369cd6f2" + date = "2024-03-05" + modified = "2024-06-13" + reference = "https://github.com/elastic/protections-artifacts/" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Stealc.yar#L52-L70" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" + hash = "885c8cd8f7ad93f0fd43ba4fb7f14d94dfdee3d223715da34a6e2fbb4d25b9f4" + logic_hash = "556d3bc9374a5ec23faa410900dfc94b5534434c9733165355d281976444a42b" + score = 75 + quality = 75 + tags = "FILE, MEMORY" + fingerprint = "ff90bfcb28bb3164fb11da5f35f289af679805f7e4047e48d97ae89e5b820dcd" + severity = 50 + arch_context = "x86" + scan_context = "file, memory" + license = "Elastic License v2" + os = "windows" + + strings: + $a1 = { 83 EC 08 C7 45 F8 00 00 00 00 83 7D 08 00 74 4A 83 7D 0C 00 74 44 8B 45 0C 83 C0 01 50 6A 40 ?? ?? ?? ?? ?? ?? 89 45 F8 83 7D F8 00 74 2C C7 45 FC 00 00 00 00 EB 09 8B 4D FC 83 C1 01 } + + condition: + all of them +} rule ELASTIC_Linux_Trojan_Subsevux_E9E80C1E : FILE MEMORY { meta: @@ -104011,8 +104215,8 @@ rule ELASTIC_Linux_Trojan_Subsevux_E9E80C1E : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Subsevux.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Subsevux.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "a4ccd399ea99d4e31fbf2bbf8017c5368d29e630dc2985e90f07c10c980fa084" logic_hash = "8bc38f26da5a3350cbae3e93b890220bb461ff77e83993a842f68db8f757e435" score = 75 @@ -104040,8 +104244,8 @@ rule ELASTIC_Windows_Trojan_Clipbanker_7Efaef9F : FILE MEMORY date = "2022-02-28" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Clipbanker.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Clipbanker.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "02b06acb113c31f5a2ac9c99f9614e0fab0f78afc5ae872e46bae139c2c9b1f6" logic_hash = "fa547d7c1623b332ef306672dd2293b44016d9974c1a3ec4b15e5ae0483ff879" score = 75 @@ -104073,8 +104277,8 @@ rule ELASTIC_Windows_Trojan_Clipbanker_B60A50B8 : FILE MEMORY date = "2022-02-28" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Clipbanker.yar#L25-L43" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Clipbanker.yar#L25-L43" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "02b06acb113c31f5a2ac9c99f9614e0fab0f78afc5ae872e46bae139c2c9b1f6" logic_hash = "fe585ab7efbc3b500ea23d1c164bc79ded658001e53fc71721e435ed7579182a" score = 75 @@ -104102,8 +104306,8 @@ rule ELASTIC_Windows_Trojan_Clipbanker_F9F9E79D : FILE MEMORY date = "2022-04-23" modified = "2022-06-09" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Clipbanker.yar#L45-L63" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Clipbanker.yar#L45-L63" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c" logic_hash = "a71d75719133e8b84956ec002cb31f82386ef711fa2af79d204d176492cd354b" score = 75 @@ -104131,8 +104335,8 @@ rule ELASTIC_Windows_Trojan_Clipbanker_787B130B : FILE MEMORY date = "2022-04-24" modified = "2022-06-09" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Clipbanker.yar#L65-L87" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Clipbanker.yar#L65-L87" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c" logic_hash = "88783bde7014853f6556c6e7ee2dfd5cd5fcbfb4523ed158b4287e2bfba409f1" score = 75 @@ -104164,8 +104368,8 @@ rule ELASTIC_Windows_Trojan_Xworm_732E6C12 : FILE MEMORY date = "2023-04-03" modified = "2023-04-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Xworm.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Xworm.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "bf5ea8d5fd573abb86de0f27e64df194e7f9efbaadd5063dee8ff9c5c3baeaa2" logic_hash = "6aa72029eeeb2edd2472bf0db80b9c0ae4033d7d977cbee75ac94414d1cdff7a" score = 75 @@ -104199,8 +104403,8 @@ rule ELASTIC_Windows_Wiper_Doublezero_65Ec0C50 : FILE MEMORY date = "2022-03-22" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Wiper_DoubleZero.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Wiper_DoubleZero.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "3b2e708eaa4744c76a633391cf2c983f4a098b46436525619e5ea44e105355fe" logic_hash = "bce33817d99f71b9d087ea079ef8db08b496315b72cf9d1cf6f0b107a604e52c" score = 75 @@ -104232,8 +104436,8 @@ rule ELASTIC_Linux_Trojan_Sckit_A244328F : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Sckit.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Sckit.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "685da66303a007322d235b7808190c3ea78a828679277e8e03e6d8d511df0a30" logic_hash = "8001c9fcf9f8b70c3e27554156b0b26ddcd6cab36bf97cf3b89a4c43c9ad883c" score = 75 @@ -104261,8 +104465,8 @@ rule ELASTIC_Windows_Trojan_Pony_D5516Fe8 : FILE MEMORY date = "2021-08-14" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Pony.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Pony.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "423e792fcd00265960877482e8148a0d49f0898f4bbc190894721fde22638567" logic_hash = "4a850d32fb28477e7e3fef2dda6ba327b800e2ebcae1a483970cde78f34a4ff7" score = 75 @@ -104296,8 +104500,8 @@ rule ELASTIC_Windows_Trojan_Xpertrat_Ce03C41D : FILE MEMORY date = "2021-08-06" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Xpertrat.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Xpertrat.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "d7f2fddb43eb63f9246f0a4535dfcca6da2817592455d7eceaacde666cf1aaae" logic_hash = "f6ff0a11f261bc75c9d0015131f177d39bb9e8e30346a75209ba8fa808ac4fcb" score = 75 @@ -104327,8 +104531,8 @@ rule ELASTIC_Linux_Trojan_Lala_51Deb1F9 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Lala.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Lala.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "f3af65d3307fbdc2e8ce6e1358d1413ebff5eeb5dbedc051394377a4dabffa82" logic_hash = "73a7ec230be9aabcc301095c9c075f839852155419bdd8d5542287f34699ab33" score = 75 @@ -104356,8 +104560,8 @@ rule ELASTIC_Linux_Cryptominer_Flystudio_579A3A4D : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Flystudio.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Flystudio.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "84afc47554cf42e76ef8d28f2d29c28f3d35c2876cec2fb1581b0ac7cfe719dd" logic_hash = "6579630a4fb6cf5bc8ccb2e4f93f5d549baa6ea9b742b2ee83a52f07352c4741" score = 75 @@ -104385,8 +104589,8 @@ rule ELASTIC_Linux_Cryptominer_Flystudio_0A370634 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Flystudio.yar#L21-L38" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Flystudio.yar#L21-L38" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "cf924ba45a7dba19fe571bb9da8c4896690c3ad02f732b759a10174b9f61883f" score = 75 quality = 75 @@ -104413,8 +104617,8 @@ rule ELASTIC_Windows_Hacktool_Capcom_7Abae448 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Hacktool_Capcom.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Hacktool_Capcom.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "da6ca1fb539f825ca0f012ed6976baf57ef9c70143b7a1e88b4650bf7a925e24" logic_hash = "88f25c479cc8970e05ef9d08143afbbbfa17322f34379ba571e3a09105b33ee0" score = 75 @@ -104443,8 +104647,8 @@ rule ELASTIC_Windows_Hacktool_Mimikatz_1388212A : FILE MEMORY date = "2021-04-13" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Hacktool_Mimikatz.yar#L1-L43" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Hacktool_Mimikatz.yar#L1-L43" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "66b4a0681cae02c302a9b6f1d611ac2df8c519d6024abdb506b4b166b93f636a" logic_hash = "1b717453810455e3f530e399f5f9f163d1ad0d71a5464fa5c68aa82edd699cda" score = 75 @@ -104496,8 +104700,8 @@ rule ELASTIC_Windows_Hacktool_Mimikatz_674Fd079 : FILE MEMORY date = "2021-04-14" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Hacktool_Mimikatz.yar#L45-L77" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Hacktool_Mimikatz.yar#L45-L77" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "66b4a0681cae02c302a9b6f1d611ac2df8c519d6024abdb506b4b166b93f636a" logic_hash = "f63f3de05dd4f4f40cda6df67b75e37d7baa82c4b4cafd3ebdca35adfb0b15f8" score = 75 @@ -104539,8 +104743,8 @@ rule ELASTIC_Windows_Hacktool_Mimikatz_355D5D3A : FILE MEMORY date = "2021-04-14" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Hacktool_Mimikatz.yar#L79-L112" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Hacktool_Mimikatz.yar#L79-L112" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "945245ca795e0a3575ee4fdc174df9d377a598476c2bf4bf0cdb0cde4286af96" logic_hash = "c6b48ab2cc92deb507d7eead1fb6381ee40b698e84d9eaac45288f95dbda66b3" score = 75 @@ -104583,8 +104787,8 @@ rule ELASTIC_Windows_Hacktool_Mimikatz_71Fe23D9 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Hacktool_Mimikatz.yar#L114-L133" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Hacktool_Mimikatz.yar#L114-L133" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "856687718b208341e7caeea2d96da10f880f9b5a75736796a1158d4c8755f678" logic_hash = "6d1e84bb8532c6271ad3966055eac8d60ec019d8ae6632efb59463c35b46ad9b" score = 75 @@ -104613,8 +104817,8 @@ rule ELASTIC_Windows_Hacktool_Mimikatz_B393864F : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Hacktool_Mimikatz.yar#L135-L154" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Hacktool_Mimikatz.yar#L135-L154" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "8206ce9c42582ac980ff5d64f8e3e310bc2baa42d1a206dd831c6ab397fbd8fe" logic_hash = "d09cb7f753675e0b6ecd8a7977ca7f8d313e5d525f05170fc54b265c2ae6c188" score = 75 @@ -104643,8 +104847,8 @@ rule ELASTIC_Windows_Hacktool_Mimikatz_1Ff74F7E : FILE MEMORY date = "2023-05-09" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Hacktool_Mimikatz.yar#L156-L175" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Hacktool_Mimikatz.yar#L156-L175" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "1b6aad500d45de7b076942d31b7c3e77487643811a335ae5ce6783368a4a5081" logic_hash = "f47f760b4c373a073399c69681e76eb9dde6cfdb36c1cc31d7131376493931c0" score = 75 @@ -104673,8 +104877,8 @@ rule ELASTIC_Windows_Vulndriver_Rweverything_Aee156A5 : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_VulnDriver_RWEverything.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_VulnDriver_RWEverything.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "3c5bf92c26398695f9ced7ce647a7e9f6ddcc89eea66b45aa3607196a187431b" logic_hash = "46b7f2ad46564c6b99f0df6146dff7c88ccbe3ad6c6d1bcbefe756606c4fe40e" score = 75 @@ -104703,8 +104907,8 @@ rule ELASTIC_Windows_Ransomware_Bitpaymer_D74273B3 : BETA FILE MEMORY date = "2020-06-25" modified = "2021-08-23" reference = "https://www.welivesecurity.com/2018/01/26/friedex-bitpaymer-ransomware-work-dridex-authors/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Bitpaymer.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Bitpaymer.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "126246689b28e92ed10bfa6165f06ff7d4f0e062de7c58b821eaaf5e3cae9306" score = 75 quality = 75 @@ -104732,8 +104936,8 @@ rule ELASTIC_Windows_Ransomware_Bitpaymer_Bca25Ac6 : BETA FILE MEMORY date = "2020-06-25" modified = "2021-08-23" reference = "https://www.welivesecurity.com/2018/01/26/friedex-bitpaymer-ransomware-work-dridex-authors/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Bitpaymer.yar#L22-L48" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Bitpaymer.yar#L22-L48" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "7670f9dafacc8fc5998c1974af66ede388c0997545da067648fec4fd053f0001" score = 75 quality = 75 @@ -104768,8 +104972,8 @@ rule ELASTIC_Linux_Trojan_Kaiji_253C44De : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Kaiji.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Kaiji.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "e31eb8880bb084b4c642eba127e64ce99435ea8299a98c183a63a2e6a139d926" logic_hash = "81a07f60765f50c58b2c0f0153367ee570f36c579e9f88fb2f0e49ae5c08773f" score = 75 @@ -104797,8 +105001,8 @@ rule ELASTIC_Linux_Trojan_Kaiji_535F07Ac : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Kaiji.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Kaiji.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "28b2993d7c8c1d8dfce9cd2206b4a3971d0705fd797b9fde05211686297f6bb0" logic_hash = "539977c1076b71873135cfe02153da87c0e9ac17122f04570977a22c92d2694f" score = 75 @@ -104826,8 +105030,8 @@ rule ELASTIC_Linux_Trojan_Kaiji_Dcf6565E : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Kaiji.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Kaiji.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "49f3086105bdc160248e66334db00ce37cdc9167a98faac98800b2c97515b6e7" logic_hash = "2bc943e100548e9aacd97930b3230353be760c8a292dbbbd1d0b5646f647c4fe" score = 75 @@ -104855,8 +105059,8 @@ rule ELASTIC_Linux_Trojan_Kaiji_91091Be3 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Kaiji.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Kaiji.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "dca574d13fcbd7d244d434fcbca68136e0097fefc5f131bec36e329448f9a202" logic_hash = "3b55cb3be5775311af4dc90f9624448d30cc58ef1a42729f6ca4eb3b36ad8b06" score = 75 @@ -104884,8 +105088,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrminer_70C153B5 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Xmrminer.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Xmrminer.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "55b133ba805bb691dc27a5d16d3473650360c988e48af8adc017377eed07935b" logic_hash = "e2fc0721435c656a16e59b6747563df17f0f54a4620efc403a3bba717ccb0f38" score = 75 @@ -104913,8 +105117,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrminer_98B00F9C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Xmrminer.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Xmrminer.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "c01b88c5d3df7ce828e567bd8d639b135c48106e388cd81497fcbd5dcf30f332" logic_hash = "cf8c5deddf22e7699cd880bd3f9f28721db5ece6705be4f932e1d041893eef71" score = 75 @@ -104942,8 +105146,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrminer_2B250178 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Xmrminer.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Xmrminer.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "636605cf63d3e335fe9481d4d110c43572e9ab365edfa2b6d16d96b52d6283ef" logic_hash = "067705c52de710372b4a2a3b77427106068ad2d9a8e56602e315d09e7b8b6206" score = 75 @@ -104971,8 +105175,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrminer_67Bf4B54 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Xmrminer.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Xmrminer.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "9d33fba4fda6831d22afc72bf3d6d5349c5393abb3823dfa2a5c9e391d2b9ddf" logic_hash = "448f5b9dc3c17984464c15f6d542f495a52b0531acc362dedfe3d1a20b932969" score = 75 @@ -105000,8 +105204,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrminer_504B42Ca : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Xmrminer.yar#L81-L98" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Xmrminer.yar#L81-L98" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "dd3ed5350e0229ac714178a30de28893c30708734faec329c776e189493cf930" score = 75 quality = 75 @@ -105028,8 +105232,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrminer_D1Bb752F : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Xmrminer.yar#L100-L118" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Xmrminer.yar#L100-L118" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "bea55bc9495ee51c78ceedadf3a685ea9d6dd428170888c67276c100d4d94beb" logic_hash = "47aa5516350d5c00d1387649df46ce8f09d87bdfafeaa4cbf1c3ef5f2e0b9023" score = 75 @@ -105057,8 +105261,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrminer_D625Fcd2 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Xmrminer.yar#L120-L137" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Xmrminer.yar#L120-L137" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "b95b66392e1a07e0b6acd718a9501cede76e57561e69701e9e881bd3fbd3fe39" score = 75 quality = 75 @@ -105085,8 +105289,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrminer_02D19C01 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Xmrminer.yar#L139-L157" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Xmrminer.yar#L139-L157" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "b6df662f5f7566851b95884c0058e7476e49aeb7a96d2aa203393d88e584972f" logic_hash = "43a1dc49bf75cd13637c37290d47b4d6fc1b2c2ac252b64725c0c64e1dd745c6" score = 75 @@ -105114,8 +105318,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrminer_2Dd045Fc : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Xmrminer.yar#L159-L177" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Xmrminer.yar#L159-L177" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "30a77ab582f0558829a78960929f657a7c3c03c2cf89cd5a0f6934b79a74b7a4" logic_hash = "fa23ca75027f7a5e73652173c9e84112a0b5cd3008fc453fdb33c980dc7b7b24" score = 75 @@ -105143,8 +105347,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrminer_D1A814B0 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Xmrminer.yar#L179-L197" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Xmrminer.yar#L179-L197" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "bea55bc9495ee51c78ceedadf3a685ea9d6dd428170888c67276c100d4d94beb" logic_hash = "a06f5d5be87153be1253c2e20a60fa36701a745813926be03ee466ce8e2285b0" score = 75 @@ -105172,8 +105376,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrminer_C6218E30 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Xmrminer.yar#L199-L217" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Xmrminer.yar#L199-L217" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "b43ddd8e355b0c538c123c43832e7c8c557e4aee9e914baaed0866ee5d68ee55" logic_hash = "3efbc3cb1591a9340df10640b411a9ab4c41e0aa26c1677d9def8b82e4c246f4" score = 75 @@ -105201,8 +105405,8 @@ rule ELASTIC_Linux_Cryptominer_Xmrminer_B17A7888 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Cryptominer_Xmrminer.yar#L219-L237" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Cryptominer_Xmrminer.yar#L219-L237" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "65c9fdd7c559554af06cd394dcebece1bc0fdc7dd861929a35c74547376324a6" logic_hash = "a7f6daa5c42d186d2c5a027fdb35b45287c3564a7b57b8a2f53659e6ca90602a" score = 75 @@ -105230,8 +105434,8 @@ rule ELASTIC_Windows_Hacktool_Sleepobfloader_460A1A75 : FILE MEMORY date = "2024-01-24" modified = "2024-01-29" reference = "https://www.elastic.co/security-labs/unmasking-financial-services-intrusion-ref0657" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Hacktool_SleepObfLoader.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Hacktool_SleepObfLoader.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "84b3bc58ec04ab272544d31f5e573c0dd7812b56df4fa445194e7466f280e16d" logic_hash = "c0bc1b7ef71c1a91fc487f904315c6f187530ab39825f90f55ac36625d5b93cf" score = 75 @@ -105261,8 +105465,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_2Aef46A6 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Xorddos.yar#L1-L18" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Xorddos.yar#L1-L18" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "d2c88774eb5227cf2d133644c648ebe5ba40c7e0acb2b432bc6a1a9da10bfb3f" score = 75 quality = 73 @@ -105289,8 +105493,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_A6572D63 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Xorddos.yar#L20-L38" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Xorddos.yar#L20-L38" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "2ff33adb421a166895c3816d506a63dff4e1e8fa91f2ac8fb763dc6e8df59d6e" logic_hash = "237392fe51c8528cb5ed446facfcd3535b8e1d594d77a542361873bd52426fa7" score = 75 @@ -105318,8 +105522,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_E41143E1 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Xorddos.yar#L40-L57" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Xorddos.yar#L40-L57" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "4564bf2019ff5086071ff147c9cf1e16b8627ce5d70cbe8370aecbd518d94b57" score = 75 quality = 75 @@ -105346,8 +105550,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_0Eb147Ca : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Xorddos.yar#L59-L77" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Xorddos.yar#L59-L77" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b" logic_hash = "b20479af0767e5e8579489b5298648b9cc84b3e0778f58d8dc9deb252d0f4806" score = 75 @@ -105375,8 +105579,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_884Cab60 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Xorddos.yar#L79-L96" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Xorddos.yar#L79-L96" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "139c5c1c3816047b595deb6a8873b2964e91393642b93536cd102af9a6033e7c" score = 75 quality = 75 @@ -105403,8 +105607,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_Ba961Ed2 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Xorddos.yar#L98-L116" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Xorddos.yar#L98-L116" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b" logic_hash = "5b486c698c9c61dc126be5dbeea862b1f9bb5a6859c02a0fff125a9890147a6b" score = 75 @@ -105432,8 +105636,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_2084099A : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Xorddos.yar#L118-L135" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Xorddos.yar#L118-L135" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "6674be1438ec290550c9586afda335755279a4aedadde455ffc0b41d1a0e634d" score = 75 quality = 75 @@ -105460,8 +105664,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_61C88137 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Xorddos.yar#L137-L155" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Xorddos.yar#L137-L155" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "479ef38fa00bb13a3aa8448aa4a4434613c6729975e193eec29fc5047f339111" logic_hash = "e999355606ee7389be160ce3e96c6a62d7f9132b95cfec7d9f8b1a670551e6b8" score = 75 @@ -105489,8 +105693,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_Debb98A1 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Xorddos.yar#L157-L175" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Xorddos.yar#L157-L175" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "494f549e3dd144e8bcb230dd7b3faa8ff5107d86d9548b21b619a0318e362cad" logic_hash = "c2e43818fcf18d34a6a3611aaaafde31d96b41867d15dfdb1dec20203f5907eb" score = 75 @@ -105518,8 +105722,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_1D6E10Fd : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Xorddos.yar#L177-L195" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Xorddos.yar#L177-L195" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "4c7851316f01ae84ee64165be3ba910ab9b415d7f0e2f5b7e5c5a0eaefa3c287" logic_hash = "01ec1af1ca03173e867113c3bec7911990a0c8c2d9f19b5233715a7f7490f5f1" score = 75 @@ -105547,8 +105751,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_E3Ffbbcc : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Xorddos.yar#L197-L215" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Xorddos.yar#L197-L215" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "28b7ddf2548411910af033b41982cdc74efd8a6ef059a54fda1b6cbd59faa8f6" logic_hash = "54711c2d3e6d73cf4358ba4a65cb19d996adcfa905c0089a18a61fe841fe9a34" score = 75 @@ -105576,8 +105780,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_30F3B4D4 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Xorddos.yar#L217-L235" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Xorddos.yar#L217-L235" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "5b15d43d3535965ec9b84334cf9def0e8c3d064ffc022f6890320cd6045175bc" logic_hash = "99efc257ff2afb779304451bd9f6f6ce9e88f54954189601ed10e95e2268dd4f" score = 75 @@ -105605,8 +105809,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_Ca75589C : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Xorddos.yar#L237-L255" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Xorddos.yar#L237-L255" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "0448c1b2c7c738404ba11ff4b38cdc8f865ccf1e202f6711345da53ce46e7e16" logic_hash = "c717e6f85a5b30514803ba43c85d82e2aaa4533b7f74db5345df83d1cc4c6551" score = 75 @@ -105634,8 +105838,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_7909Cdd2 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Xorddos.yar#L257-L275" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Xorddos.yar#L257-L275" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "0a4a5874f43adbe71da88dc0ef124f1bf2f4e70d0b1b5461b2788587445f79d9" logic_hash = "4b2557ab78d22ae4f46e5813ba5dc4663cd92b945a1add3155f77d3030ccc92d" score = 75 @@ -105663,8 +105867,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_2522D611 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Xorddos.yar#L277-L295" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Xorddos.yar#L277-L295" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "0c2be53e298c285db8b028f563e97bf1cdced0c4564a34e740289b340db2aac1" logic_hash = "59f2552809bc48e16719cb9b4d2a7b99999307803fce031ca39eb24e14b88908" score = 75 @@ -105692,8 +105896,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_56Bd04D3 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Xorddos.yar#L297-L315" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Xorddos.yar#L297-L315" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "0d2ce3891851808fb36779a348a83bf4aa9de1a2b2684fd0692434682afac5ec" logic_hash = "47a33fcd69dd78cbc6c3274aeaa8dddabe119ae65b59077e1807657b8a67fed3" score = 75 @@ -105721,8 +105925,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_F412E4B4 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Xorddos.yar#L317-L335" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Xorddos.yar#L317-L335" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "0e3a3f7973f747fcb23c72289116659c7f158c604d937d6ca7302fbab71851e9" logic_hash = "b4e1b193e80aa88b91255df3a5f2e45de7f23fdba4a28d3ceb12db63098e70e5" score = 75 @@ -105750,8 +105954,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_71F8E26C : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Xorddos.yar#L337-L355" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Xorddos.yar#L337-L355" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "13f873f83b84a0d38eb3437102f174f24a0ad3c5a53b83f0ee51c62c29fb1465" logic_hash = "f9f2f22acd4f52cc313e3ecf425604651e0b8c78e33480d4d05bae5b8c9661fb" score = 75 @@ -105779,8 +105983,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_1A562D3B : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Xorddos.yar#L357-L375" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Xorddos.yar#L357-L375" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "15731db615b32c49c34f41fe84944eeaf2fc79dafaaa9ad6bf1b07d26482f055" logic_hash = "8d3b369bdcecd675f99cedf26dba202256555be0f5feae612404f9b5e109fa93" score = 75 @@ -105808,8 +106012,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_410256Ac : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Xorddos.yar#L377-L395" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Xorddos.yar#L377-L395" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "15f44e10ece90dec1a6104d5be1effefa17614d9f0cfb2784305dab85367b741" logic_hash = "88227af6d2f365b761961bdf4b94bed81bca79e23d546e69900faa17c3e4dc71" score = 75 @@ -105837,8 +106041,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_93Fa87F1 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Xorddos.yar#L397-L415" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Xorddos.yar#L397-L415" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "165b4a28fd6335d4e4dfefb6c40f41f16d8c7d9ab0941ccd23e36cda931f715e" logic_hash = "2a1e797d4dd2599b5c67e73e3c909a1803e604edf0b6ba228713ee375ccc9b16" score = 75 @@ -105866,8 +106070,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_8677Dca3 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Xorddos.yar#L417-L435" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Xorddos.yar#L417-L435" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "23813dc4aa56683e1426e5823adc3aab854469c9c0f3ec1a3fad40fa906929f2" logic_hash = "9902758dfb61e8b60b281f3f51cda8a10d58eb0cc20743f97998d7bcf120c299" score = 75 @@ -105895,8 +106099,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_Ebce4304 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Xorddos.yar#L437-L455" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Xorddos.yar#L437-L455" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "2e06caf864595f2df7f6936bb1ccaa1e0cae325aee8659ee283b2857e6ef1e5b" logic_hash = "42fbfc2c2636c2e3a5da5e51c6bf99f6114ec7d00b88371a34e1fdbe81d1264a" score = 75 @@ -105924,8 +106128,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_073E6161 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Xorddos.yar#L457-L475" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Xorddos.yar#L457-L475" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "2e06caf864595f2df7f6936bb1ccaa1e0cae325aee8659ee283b2857e6ef1e5b" logic_hash = "2c98058add77c55ab68491eec041d7670f726a9ec93258ae7bb8f0e6721b4ca3" score = 75 @@ -105953,8 +106157,8 @@ rule ELASTIC_Linux_Trojan_Xorddos_Bef22375 : FILE MEMORY date = "2022-09-12" modified = "2022-10-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Xorddos.yar#L477-L495" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Xorddos.yar#L477-L495" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "f47baf48deb71910716beab9da1b1e24dc6de9575963e238735b6bcedfe73122" logic_hash = "3991ebdb310338516d5fdd137ba2ac63dc870337785a31d59dcad49135f190e5" score = 75 @@ -105982,8 +106186,8 @@ rule ELASTIC_Linux_Trojan_Backconnect_C6803B39 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Backconnect.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Backconnect.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "a5e6b084cdabe9a4557b5ff8b2313db6c3bb4ba424d107474024030115eeaa0f" logic_hash = "02750b2788c2912bba0fc8594f6a12c75ce1f41d1075acf7c920f6e616ab65c7" score = 75 @@ -106011,8 +106215,8 @@ rule ELASTIC_Linux_Exploit_Lotoor_03C81Bd9 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_Lotoor.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_Lotoor.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "3fc701a2caab0297112501f55eaeb05264c5e4099c411dcadc7095627e19837a" logic_hash = "dc2dfa128f509221cae8bae9864190e8316bb7a5ae081da1076081b5f4fdc870" score = 75 @@ -106040,8 +106244,8 @@ rule ELASTIC_Linux_Exploit_Lotoor_757637D9 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_Lotoor.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_Lotoor.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "0762fa4e0d74e3c21b2afc8e4c28e2292d1c3de3683c46b5b77f0f9fe1faeec7" logic_hash = "b1f1784aae5958740d03ca50d0b9731e8db7d86d918d16e82cf6fc1e1bf663a9" score = 75 @@ -106069,8 +106273,8 @@ rule ELASTIC_Linux_Exploit_Lotoor_78543893 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_Lotoor.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_Lotoor.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "ff5b02d2b4dfa9c3d53e7218533f3c57e82315be8f62aa17e26eda55a3b53479" logic_hash = "4bb6a6e063fd00569b04f4514ec1731357aa8e8ce4cfee354fdd86773a4358da" score = 75 @@ -106098,8 +106302,8 @@ rule ELASTIC_Linux_Exploit_Lotoor_4F8D83D2 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_Lotoor.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_Lotoor.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "d78128eca706557eeab8a454cf875362a097459347ddc32118f71bd6c73d5bbd" logic_hash = "6fee488d97fe1d4be558b6886c603010c6d1423a750783b38a65d2fb3eeb76f4" score = 75 @@ -106127,8 +106331,8 @@ rule ELASTIC_Linux_Exploit_Lotoor_F4Afd230 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_Lotoor.yar#L81-L99" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_Lotoor.yar#L81-L99" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "805e900ffc9edb9f550dcbc938a3b06d28e9e7d3fb604ff68a311a0accbcd2b1" logic_hash = "9aba4ebbf946f07071bfb94fa50c6981ae8c659aca9ee6e05c7ef214432d7466" score = 75 @@ -106156,8 +106360,8 @@ rule ELASTIC_Linux_Exploit_Lotoor_Bb384Bc9 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_Lotoor.yar#L101-L119" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_Lotoor.yar#L101-L119" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "ecc6635117b99419255af5d292a7af3887b06d5f3b0f59d158281eebfe606445" logic_hash = "1e9faba4f245d8b0d6944430286a5fc3e11cd7e036a4151b29fc2c5f037894fb" score = 75 @@ -106185,8 +106389,8 @@ rule ELASTIC_Linux_Exploit_Lotoor_B293F6Ec : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_Lotoor.yar#L121-L139" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_Lotoor.yar#L121-L139" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "d1fa8520d3c3811d29c3d5702e7e0e7296b3faef0553835c495223a2bc015214" logic_hash = "0e310082714f5283f9b4ccde5a8e17994e3bc4acf3d744b22734c136dde7cebb" score = 75 @@ -106214,8 +106418,8 @@ rule ELASTIC_Linux_Exploit_Lotoor_C5983669 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_Lotoor.yar#L141-L159" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_Lotoor.yar#L141-L159" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "d08be92a484991afae3567256b6cec60a53400e0e9b6f6b4d5c416a22ccca1cf" logic_hash = "ff673070969f1ededf8ff2c7cadfc251c7d2e52da58906b15cfc04593a755d55" score = 75 @@ -106243,8 +106447,8 @@ rule ELASTIC_Linux_Exploit_Lotoor_Fbff22Da : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_Lotoor.yar#L161-L179" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_Lotoor.yar#L161-L179" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "0762fa4e0d74e3c21b2afc8e4c28e2292d1c3de3683c46b5b77f0f9fe1faeec7" logic_hash = "d3e3037593f5714dfb49c6e19631fd46331e2702c8bf6d6099bb5b34158321a9" score = 75 @@ -106272,8 +106476,8 @@ rule ELASTIC_Linux_Exploit_Lotoor_E2D5Fad8 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_Lotoor.yar#L181-L199" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_Lotoor.yar#L181-L199" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "7e54e57db3de32555c15e529c04b35f52d75af630e45b5f8d6c21149866b6929" logic_hash = "b294ce1c4d928d73342bb6260456d850f9c59f3c48c7c4ffbce32ea9238f6eee" score = 75 @@ -106301,8 +106505,8 @@ rule ELASTIC_Linux_Exploit_Lotoor_F2F8Eb6B : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_Lotoor.yar#L201-L219" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_Lotoor.yar#L201-L219" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "01721b9c024ca943f42c402a57f45bd4c77203a604c5c2cd26e5670df76a95b2" logic_hash = "b6555e69b663591550976fd44352ecbdf0a0aef1e07a64396a576125a4fe4ba6" score = 75 @@ -106330,8 +106534,8 @@ rule ELASTIC_Linux_Exploit_Lotoor_89671B03 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_Lotoor.yar#L241-L259" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_Lotoor.yar#L241-L259" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "001098473574cfac1edaca9f1180ab2005569e094be63186c45b48c18f880cf8" logic_hash = "dfa7027c4fa0cbde33df87063fea4ecf51a085f3cc1805123c62747882d0a07e" score = 75 @@ -106359,8 +106563,8 @@ rule ELASTIC_Linux_Exploit_Lotoor_Dbc73Db0 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_Lotoor.yar#L261-L279" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_Lotoor.yar#L261-L279" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "9fe78e4dd7975856a74d8dfd83e69793a769143e0fe6994cbc3ef28ea37d6cf8" logic_hash = "4a7453342fd72dacb781919d3fac3bab02e7ef7c882d5938a2e0e1274c704705" score = 75 @@ -106388,8 +106592,8 @@ rule ELASTIC_Linux_Exploit_Lotoor_Ec339160 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_Lotoor.yar#L281-L299" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_Lotoor.yar#L281-L299" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "0002b469972f5c77a29e2a2719186059a3e96a6f4b1ef2d18a68fee3205ea0ba" logic_hash = "9c1d1254093b172798024c42a6d78f5e6720d20b8c2a8ad4ca26c8e88e42f0e8" score = 75 @@ -106417,8 +106621,8 @@ rule ELASTIC_Linux_Exploit_Lotoor_7Cd57E18 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_Lotoor.yar#L301-L319" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_Lotoor.yar#L301-L319" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "1eecf16dae302ae788d1bc81278139cd9f6af52d7bed48b8677b35ba5eb14e30" logic_hash = "97604cdc9daa9993b9a18dc5df7ab105a5e6001129bcfcfeeb86640bee26f59d" score = 75 @@ -106446,8 +106650,8 @@ rule ELASTIC_Linux_Exploit_CVE_2018_10561_0F246E33 : FILE MEMORY CVE_2018_10561 date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_CVE_2018_10561.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_CVE_2018_10561.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "eac08c105495e6fadd8651d2e9e650b6feba601ec78f537b17fb0e73f2973a1c" logic_hash = "2c3785ddfded7128e983f3ec17a9f77c856d903f07e325b08f9f463950576ebe" score = 75 @@ -106475,8 +106679,8 @@ rule ELASTIC_Linux_Trojan_Mettle_E8Fdbcbd : FILE MEMORY date = "2024-05-06" modified = "2024-05-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mettle.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mettle.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "864eae4f27648b8a9d9b0eb1894169aa739311cdd02b1435a34881acf7059d58" logic_hash = "d13c1e7fb815ebbefa78922e9b85a1ced015c03b8f1b2cf1885a9c483b8e0ab3" score = 75 @@ -106508,8 +106712,8 @@ rule ELASTIC_Linux_Trojan_Mettle_813B9B6C : FILE MEMORY date = "2024-05-06" modified = "2024-05-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mettle.yar#L25-L52" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mettle.yar#L25-L52" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "bb651d974ca3f349858db7b5a86f03a8d47d668294f27e709a823fa11e6963d7" logic_hash = "a6a9cf424bf1ca7985e1c4b14123ed236208ffa3f7c9ffebbdd85765a90bfa54" score = 75 @@ -106546,8 +106750,8 @@ rule ELASTIC_Linux_Trojan_Mettle_78Aead1C : FILE MEMORY date = "2024-05-06" modified = "2024-05-21" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Mettle.yar#L54-L81" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Mettle.yar#L54-L81" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "864eae4f27648b8a9d9b0eb1894169aa739311cdd02b1435a34881acf7059d58" logic_hash = "d68d37379b8a3a2d242030fd14884781488e9785823aa25fedfdd406748f8039" score = 75 @@ -106584,8 +106788,8 @@ rule ELASTIC_Linux_Trojan_Gognt_50C3D9Da : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Gognt.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Gognt.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "79602bc786edda7017c5f576814b683fba41e4cb4cf3f837e963c6d0d42c50ee" logic_hash = "ecd9cd94b3bf8c50c347e70aab3da03ea6589530b20941a9f62dac501f8144fc" score = 75 @@ -106613,8 +106817,8 @@ rule ELASTIC_Linux_Trojan_Gognt_05B10F4B : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Gognt.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Gognt.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "e43aaf2345dbb5c303d5a5e53cd2e2e84338d12f69ad809865f20fd1a5c2716f" logic_hash = "1dfc3417f75aa81aea5eda3d6da076f1cacf82dbfc039252b1d16f52b81a5a65" score = 75 @@ -106642,8 +106846,8 @@ rule ELASTIC_Linux_Ransomware_Sfile_9E347B52 : FILE MEMORY date = "2023-07-29" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Ransomware_SFile.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Ransomware_SFile.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "49473adedc4ee9b1252f120ad8a69e165dc62eabfa794370408ae055ec65db9d" logic_hash = "394571fd5746132d15da97428c3afc149435d91d5432eadf1c838d4a6433c7c1" score = 75 @@ -106672,8 +106876,8 @@ rule ELASTIC_Windows_Trojan_Xtremerat_Cd5B60Be : FILE MEMORY date = "2022-03-15" modified = "2022-04-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_XtremeRAT.yar#L1-L28" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_XtremeRAT.yar#L1-L28" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "735f7bf255bdc5ce8e69259c8e24164e5364aeac3ee78782b7b5275c1d793da8" logic_hash = "a6997ae4842bd45c440925ef2a5848b57c58e2373c0971ce6b328ea297ee97b4" score = 75 @@ -106710,8 +106914,8 @@ rule ELASTIC_Windows_Ransomware_Maui_266Dea64 : FILE MEMORY date = "2022-07-08" modified = "2022-07-18" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Maui.yar#L1-L29" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Maui.yar#L1-L29" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "5b7ecf7e9d0715f1122baf4ce745c5fcd769dee48150616753fec4d6da16e99e" logic_hash = "2094920615b6297adb222003d25a8d0934a89f24869e7e70644a4956021c7afc" score = 75 @@ -106749,8 +106953,8 @@ rule ELASTIC_Linux_Exploit_CVE_2014_3153_1C1E02Ad : FILE MEMORY CVE_2014_3153 date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_CVE_2014_3153.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_CVE_2014_3153.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "64b8c61b73f0c0c0bd44ea5c2bcfb7b665fcca219dbe074a4a16ae20cd565812" logic_hash = "42e9de7f306343c4c3e7fd02b414b429faacb837fb2910f98f0c1519da40074c" score = 75 @@ -106778,8 +106982,8 @@ rule ELASTIC_Linux_Downloader_Generic_0Bd15Ae0 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Downloader_Generic.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Downloader_Generic.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "e511efb068e76a4a939c2ce2f2f0a089ef55ca56ee5f2ba922828d23e6181f09" logic_hash = "c9558562d9e9d3b55bd1fba9e55b332e6b4db5a170e0dd349bef1e35f0c7fd21" score = 75 @@ -106807,8 +107011,8 @@ rule ELASTIC_Linux_Trojan_Xzbackdoor_74E87A9D : FILE MEMORY date = "2024-03-30" modified = "2024-04-03" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_XZBackdoor.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_XZBackdoor.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "5448850cdc3a7ae41ff53b433c2adbd0ff492515012412ee63a40d2685db3049" logic_hash = "c777171c36d9369ade7bf44c7cc4e5aee16bb4c803431bc480cc0f8ebb2819c0" score = 75 @@ -106840,8 +107044,8 @@ rule ELASTIC_Macos_Trojan_Hloader_A3945Baf : FILE MEMORY date = "2023-10-23" modified = "2023-10-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/MacOS_Trojan_HLoader.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/MacOS_Trojan_HLoader.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "2360a69e5fd7217e977123c81d3dbb60bf4763a9dae6949bc1900234f7762df1" logic_hash = "0383485b6bbcdae210a6c949f6796023b2f7ec3f1edbd2116207fc2b75a67849" score = 75 @@ -106871,8 +107075,8 @@ rule ELASTIC_Windows_Vulndriver_Arpot_09C714C5 : FILE date = "2022-04-27" modified = "2022-05-03" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_VulnDriver_ArPot.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_VulnDriver_ArPot.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "4b5229b3250c8c08b98cb710d6c056144271de099a57ae09f5d2097fc41bd4f1" logic_hash = "e5f972ad9a31aefbd20237e6ea3dd19a025c2e3487fa080e9f9b8acf1e3f58e6" score = 75 @@ -106902,8 +107106,8 @@ rule ELASTIC_Linux_Trojan_Snessik_D166F98C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Snessik.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Snessik.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "f3ececc2edfff2f92d80ed3a5140af55b6bebf7cae8642a0d46843162eeddddd" logic_hash = "44f15a87d48338aafa408d4bcabef844c8864cd95640ad99208b5035e28ccd27" score = 75 @@ -106931,8 +107135,8 @@ rule ELASTIC_Linux_Trojan_Snessik_E435A79C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Snessik.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Snessik.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "e24749b07f824a4839b462ec4e086a4064b29069e7224c24564e2ad7028d5d60" logic_hash = "4850530a0566844447f56f4e5cb43c5982b1dcb784bb1aef3e377525b8651ed3" score = 75 @@ -106960,8 +107164,8 @@ rule ELASTIC_Linux_Trojan_Ipstorm_3C43D4A7 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Ipstorm.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Ipstorm.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "5103133574615fb49f6a94607540644689be017740d17005bc08b26be9485aa7" logic_hash = "c7e9191312197f8925d7231d0b8badf8b5ca35685df909c0d1feb301b4385d7b" score = 75 @@ -106989,8 +107193,8 @@ rule ELASTIC_Linux_Trojan_Ipstorm_F9269F00 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Ipstorm.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Ipstorm.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "5103133574615fb49f6a94607540644689be017740d17005bc08b26be9485aa7" logic_hash = "5914d222b49aaf6c1040e48ffd93c04bd5df25f1d97bde79b034862fca6555f6" score = 75 @@ -107018,8 +107222,8 @@ rule ELASTIC_Linux_Trojan_Ipstorm_08Bcf61C : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Ipstorm.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Ipstorm.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "503f293d84de4f2c826f81a68180ad869e0d1448ea6c0dbf09a7b23801e1a9b9" logic_hash = "fb2755c04b61d19788a92b8c9c1c9eb2552b62b27011e302840fdcf689b3d9b4" score = 75 @@ -107047,8 +107251,8 @@ rule ELASTIC_Windows_Trojan_Octopus_15813E26 : FILE MEMORY date = "2021-11-10" modified = "2022-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Octopus.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Octopus.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "0d30b96ead4ccba75e08f6ba1db73cee61a29b5b0c7ee0fb523cbcd61dce9d87" score = 75 quality = 75 @@ -107076,8 +107280,8 @@ rule ELASTIC_Windows_Ransomware_Maze_61254061 : BETA FILE MEMORY date = "2020-04-18" modified = "2021-08-23" reference = "https://www.bleepingcomputer.com/news/security/it-services-giant-cognizant-suffers-maze-ransomware-cyber-attack/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Maze.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Maze.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "b8537add953cdd7bc6adbff97f7f5a94de028709f0bd71102ee96d26d55f4f20" score = 75 quality = 75 @@ -107106,8 +107310,8 @@ rule ELASTIC_Windows_Ransomware_Maze_46F40C40 : BETA FILE MEMORY date = "2020-04-18" modified = "2021-10-04" reference = "https://www.bleepingcomputer.com/news/security/it-services-giant-cognizant-suffers-maze-ransomware-cyber-attack/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Maze.yar#L23-L44" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Maze.yar#L23-L44" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "99180f41aaaf1dfb0a8a40709dcc392fdbc2b2d3a4d4b4a1ab160dd5f2b4c703" score = 75 quality = 75 @@ -107137,8 +107341,8 @@ rule ELASTIC_Windows_Ransomware_Maze_20Caee5B : BETA FILE MEMORY date = "2020-04-18" modified = "2021-08-23" reference = "https://www.bleepingcomputer.com/news/security/it-services-giant-cognizant-suffers-maze-ransomware-cyber-attack/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Maze.yar#L46-L71" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Maze.yar#L46-L71" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "e09c059b285d2176aeba1a1f70d39f13cef4e05dc023c7db25fb9d92bd9a67d9" score = 75 quality = 75 @@ -107172,8 +107376,8 @@ rule ELASTIC_Windows_Ransomware_Maze_F88F136F : BETA FILE MEMORY date = "2020-04-18" modified = "2021-08-23" reference = "https://www.bleepingcomputer.com/news/security/it-services-giant-cognizant-suffers-maze-ransomware-cyber-attack/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Ransomware_Maze.yar#L73-L94" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Ransomware_Maze.yar#L73-L94" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "5587f332a076650f6ad7b1e3b464ef6085d960e6dacf53607cf75c9f9ad07628" score = 75 quality = 75 @@ -107203,8 +107407,8 @@ rule ELASTIC_Windows_Hacktool_Gmer_8Aabdd5E : FILE date = "2022-04-04" modified = "2022-04-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Hacktool_Gmer.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Hacktool_Gmer.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "18c909a2b8c5e16821d6ef908f56881aa0ecceeaccb5fa1e54995935fcfd12f7" logic_hash = "acdab89a7703a743927cec60fbc84af2fd469403bee6f211c865fb96e9c92498" score = 75 @@ -107232,8 +107436,8 @@ rule ELASTIC_Linux_Hacktool_Infectionmonkey_6C84537B : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Hacktool_Infectionmonkey.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Hacktool_Infectionmonkey.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "d941943046db48cf0eb7f11e144a79749848ae6b50014833c5390936e829f6c3" logic_hash = "24cb368040fffe2743d0361a955d45a62a95a31c1744f3de15089169e365bb89" score = 75 @@ -107261,8 +107465,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_A6E956C9 : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Metasploit.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Metasploit.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "fb4e3e54618075d5ef6ec98d1ba9c332ce9f677f0879e07b34a2ca08b2180dd9" score = 75 quality = 75 @@ -107290,8 +107494,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_38B8Ceec : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Metasploit.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Metasploit.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "8e3bc02661cedb9885467373f8120542bb7fc8b0944803bc01642fbc8426298b" score = 75 quality = 75 @@ -107319,8 +107523,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_7Bc0F998 : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Metasploit.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Metasploit.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "29cb48086dbcd48bd83c5042ed78370e127e1ea5170ee7383b88659b31e896b5" score = 75 quality = 75 @@ -107348,8 +107552,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_F7F826B4 : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Metasploit.yar#L61-L79" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Metasploit.yar#L61-L79" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "2f5264e07c65d5ef4efe49a48c24ccef9a4b9379db581d2cf18e1131982e6f2f" score = 75 quality = 75 @@ -107377,8 +107581,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_24338919 : FILE MEMORY date = "2021-03-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Metasploit.yar#L81-L99" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Metasploit.yar#L81-L99" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "af8cceebdebca863019860afca5d7c6400b68c8450bc17b7d7b74aeab2d62d16" score = 75 quality = 75 @@ -107406,8 +107610,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_0F5A852D : FILE MEMORY date = "2021-04-07" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Metasploit.yar#L101-L119" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Metasploit.yar#L101-L119" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "11cddf2191a2f70222a0c8c591e387b4b5667bc432a2f686629def9252361c1d" score = 75 quality = 75 @@ -107435,8 +107639,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_C9773203 : FILE MEMORY date = "2021-04-07" modified = "2021-08-23" reference = "https://github.com/rapid7/metasploit-framework/blob/04e8752b9b74cbaad7cb0ea6129c90e3172580a2/external/source/shellcode/windows/x64/src/block/block_api.asm" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Metasploit.yar#L121-L140" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Metasploit.yar#L121-L140" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "1d6503ccf05b8e8b4368ed0fb2e57aa2be94151ce7e2445b5face7b226a118e9" score = 75 quality = 75 @@ -107464,8 +107668,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_Dd5Ce989 : FILE MEMORY date = "2021-04-14" modified = "2021-08-23" reference = "https://www.rapid7.com/blog/post/2015/03/25/stageless-meterpreter-payloads/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Metasploit.yar#L142-L164" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Metasploit.yar#L142-L164" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "86cf98bf854b01a55e3f306597437900e11d429ac6b7781e090eeda3a5acb360" logic_hash = "5c094979be1cd347ffee944816b819b6fbb62804b183a6120cd3a93d2759155b" score = 75 @@ -107496,8 +107700,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_96233B6B : FILE MEMORY date = "2021-06-10" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Metasploit.yar#L166-L185" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Metasploit.yar#L166-L185" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "e7a2d966deea3a2df6ce1aeafa8c2caa753824215a8368e0a96b394fb46b753b" logic_hash = "09a2b9414a126367df65322966b671fe7ea963cd65ef48e316c9d139ee502d31" score = 75 @@ -107526,8 +107730,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_4A1C4Da8 : FILE MEMORY date = "2021-06-10" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Metasploit.yar#L187-L206" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Metasploit.yar#L187-L206" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "9582d37ed9de522472abe615dedef69282a40cfd58185813c1215249c24bbf22" logic_hash = "9d3a3164ed1019dcb557cf20734a81be9964a555ddb2e0104f7202880b2ed177" score = 75 @@ -107556,8 +107760,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_91Bc5D7D : FILE MEMORY date = "2021-08-02" modified = "2021-10-04" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Metasploit.yar#L208-L226" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Metasploit.yar#L208-L226" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "0dd993ff3917dc56ef02324375165f0d66506c5a9b9548eda57c58e041030987" logic_hash = "74154902b03c36a4ee9bc54ae9399bae9e6afb7fe8d0fe232b88250afc368d6f" score = 75 @@ -107585,8 +107789,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_A91A6571 : FILE MEMORY date = "2022-06-08" modified = "2022-09-29" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Metasploit.yar#L228-L246" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Metasploit.yar#L228-L246" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "ff7795edff95a45b15b03d698cbdf70c19bc452daf4e2d5e86b2bbac55494472" logic_hash = "cc59320ba9f8907d1d9b9dc120d8b4807b419e49c55be1fd5d2cdbb0c5d4e5cc" score = 75 @@ -107614,8 +107818,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_B29Fe355 : FILE MEMORY date = "2022-06-08" modified = "2022-09-29" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Metasploit.yar#L248-L268" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Metasploit.yar#L248-L268" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "4f0ab4e42e6c10bc9e4a699d8d8819b04c17ed1917047f770dc6980a0a378a68" logic_hash = "7a2189b59175acb66a7497c692a43c413a476f5c4371f797bf03a8ddb550992c" score = 75 @@ -107645,8 +107849,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_66140F58 : FILE MEMORY date = "2022-08-15" modified = "2022-09-29" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Metasploit.yar#L270-L288" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Metasploit.yar#L270-L288" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "01a0c5630fbbfc7043d21a789440fa9dadc6e4f79640b370f1a21c6ebf6a710a" logic_hash = "0a855b7296f7cea39cc5d57b239d3906133ea43a0811ec60e4d91765cf89aced" score = 75 @@ -107674,8 +107878,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_2092C42A : FILE MEMORY date = "2023-05-09" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Metasploit.yar#L290-L309" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Metasploit.yar#L290-L309" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "e47d88c11a89dcc84257841de0c9f1ec388698006f55a0e15567354b33f07d3c" logic_hash = "83c46c6b957f10d406ea9985c518eb2fba3e82b9023bfdefa8bdd4be7fb67826" score = 75 @@ -107704,8 +107908,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_46E1C247 : FILE MEMORY date = "2023-05-10" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Metasploit.yar#L311-L330" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Metasploit.yar#L311-L330" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "ef70e1faa3b1f40d92b0a161c96e13c96c43ec6651e7c87ee3977ed07b950bab" logic_hash = "760a4e28e312a7d744208dc833ffad8d139ce7c536b407625a7fb0dff5ddb1d1" score = 75 @@ -107734,8 +107938,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_B62Aac1E : FILE MEMORY date = "2023-05-10" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Metasploit.yar#L332-L351" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Metasploit.yar#L332-L351" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "af9af81f7e46217330b447900f80c9ce38171655becb3b63e51f913b95c71e70" logic_hash = "3ef6b7fb258b060ae00b060dbf9b07620f8cda0d9a827985bbb3ed9617969ef6" score = 75 @@ -107764,8 +107968,8 @@ rule ELASTIC_Windows_Trojan_Metasploit_47F5D54A : FILE MEMORY date = "2023-11-13" modified = "2024-01-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Metasploit.yar#L353-L372" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Metasploit.yar#L353-L372" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "bc3754cf4a04491a7ad7a75f69dd3bb2ddf0d8592ce078b740d7c9c7bc85a7e1" logic_hash = "be080d0aae457348c4a02c204507a8cb14d1728d1bc50d7cf12b577aa06daf9f" score = 75 @@ -107794,8 +107998,8 @@ rule ELASTIC_Windows_Exploit_Generic_E95Cc41C : FILE date = "2024-02-28" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Exploit_Generic.yar#L1-L32" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Exploit_Generic.yar#L1-L32" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "4cce9e39c376f67c16df3bcd69efd9b7472c3b478e2e5ef347e1410f1105c38d" logic_hash = "9b620988a6ee84ed0cbb0fb0a3cca633fffc8e6369ed45455e9e1e6c021ea461" score = 75 @@ -107836,8 +108040,8 @@ rule ELASTIC_Windows_Exploit_Generic_008359Cf : FILE date = "2024-02-28" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Exploit_Generic.yar#L34-L57" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Exploit_Generic.yar#L34-L57" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "73225a3a54560965f4c4fae73f7ee234e31217bc06ff8ba1d0b36ebab5e76a87" logic_hash = "9514241b5573c8d01ccd012195e29aefc3ef8a12eb982e6dd9ec66b00c064bd8" score = 75 @@ -107870,8 +108074,8 @@ rule ELASTIC_Windows_Exploit_Generic_8C54846D : FILE date = "2024-02-29" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Exploit_Generic.yar#L59-L87" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Exploit_Generic.yar#L59-L87" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "b6ea4815a38e606d4a2d6e6d711e610afec084db6899b7d6fc874491dd939495" logic_hash = "0662c8edb449e15b16be3e53a88cf62af46b4a656c1a49b399e131c2ad71b55a" score = 75 @@ -107909,8 +108113,8 @@ rule ELASTIC_Windows_Trojan_Darkvnc_Bd803C2E : FILE MEMORY date = "2023-01-23" modified = "2023-02-01" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_DarkVNC.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_DarkVNC.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "0fcc1b02fdaf211c772bd4fa1abcdeb5338d95911c226a9250200ff7f8e45601" logic_hash = "d9e8a42a424d6a186939682e1cd2ed794c8a3765824188e863b1b2829650e2d5" score = 75 @@ -107942,8 +108146,8 @@ rule ELASTIC_Multi_Generic_Threat_19854Dc2 : FILE MEMORY date = "2024-02-21" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Multi_Generic_Threat.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Multi_Generic_Threat.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "be216fa9cbf0b64d769d1e8ecddcfc3319c7ca8e610e438dcdfefc491730d208" logic_hash = "beed6d6cd7b7b6eb3f4ab6a45fd19f2ebfb661e470d468691b68634994e2eef7" score = 75 @@ -107971,8 +108175,8 @@ rule ELASTIC_Windows_Trojan_Pandastealer_8B333E76 : FILE MEMORY date = "2021-09-02" modified = "2022-01-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Pandastealer.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Pandastealer.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "ec346bd56be375b695b4bc76720959fa07d1357ffc3783eb61de9b8d91b3d935" logic_hash = "5878799338fc18bac0f946faeadd59c921dee32c9391fc12d22c72c0cd6733a8" score = 75 @@ -108004,8 +108208,8 @@ rule ELASTIC_Linux_Trojan_Skidmap_Aa7B661D : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Skidmap.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Skidmap.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "4282ba9b7bee69d42bfff129fff45494fb8f7db0e1897fc5aa1e4265cb6831d9" logic_hash = "aa976158d004d582234a92ff648d4581440f9c933a0abef212d9d837d9607ba4" score = 75 @@ -108033,8 +108237,8 @@ rule ELASTIC_Linux_Trojan_Orbit_57C23178 : FILE MEMORY date = "2022-07-20" modified = "2022-08-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Orbit.yar#L1-L40" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Orbit.yar#L1-L40" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "40b5127c8cf9d6bec4dbeb61ba766a95c7b2d0cafafcb82ede5a3a679a3e3020" logic_hash = "25b29e874ea9d400662418ddbb1c995a5a5b49f8ba6f51f59f7aa57cdda74054" score = 75 @@ -108083,8 +108287,8 @@ rule ELASTIC_Linux_Trojan_Ircbot_Bb204B81 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Ircbot.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Ircbot.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "6147481d083c707dc98905a1286827a6e7009e08490e7d7c280ed5a6356527ad" logic_hash = "90d211c11281f5f8832210f3fc087fe5ff5a519b9b38628835e8b5fcc560bd9b" score = 75 @@ -108112,8 +108316,8 @@ rule ELASTIC_Linux_Trojan_Ircbot_7C60454D : FILE MEMORY date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Ircbot.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Ircbot.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "14eeff3516de6d2cb11d6ada4026e3dcee1402940e3a0fb4fa224a5c030049d8" logic_hash = "90dcd0a3d3f6345e66db0a4f8465e3830eb4e3bcb675db16c60a89e20f935aec" score = 75 @@ -108141,8 +108345,8 @@ rule ELASTIC_Linux_Trojan_Xhide_7F0A131B : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Xhide.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Xhide.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "0dc35f1a1fe1c59e454cd5645f3a6220b7d85661437253a3e627eed04eca2560" logic_hash = "4843042576d1f4f37b5a7cda1b261831030d9145c49b57e9b4c66e2658cc8cf9" score = 75 @@ -108170,8 +108374,8 @@ rule ELASTIC_Linux_Trojan_Xhide_Cd8489F7 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Xhide.yar#L21-L39" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Xhide.yar#L21-L39" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "0dc35f1a1fe1c59e454cd5645f3a6220b7d85661437253a3e627eed04eca2560" logic_hash = "34924260c811f1796ae37faec922bc21bb312ebb0672042d3ec27855f63ed61e" score = 75 @@ -108199,8 +108403,8 @@ rule ELASTIC_Linux_Trojan_Xhide_840B27C7 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Xhide.yar#L41-L59" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Xhide.yar#L41-L59" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "0dc35f1a1fe1c59e454cd5645f3a6220b7d85661437253a3e627eed04eca2560" logic_hash = "6b0bfe69558399af6e0469a31741dcf2eb91fbe3e130267139240d3458eb8a0d" score = 75 @@ -108228,8 +108432,8 @@ rule ELASTIC_Windows_Vulndriver_Toshibabios_2891972A : FILE date = "2022-04-07" modified = "2022-04-07" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_VulnDriver_ToshibaBios.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_VulnDriver_ToshibaBios.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "314384b40626800b1cde6fbc51ebc7d13e91398be2688c2a58354aa08d00b073" logic_hash = "c253181a754f421ee36ced994412672770497756848d78d557907957486e711b" score = 75 @@ -108259,8 +108463,8 @@ rule ELASTIC_Windows_Trojan_Darkcloud_9905Abce : FILE MEMORY date = "2023-05-03" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_DarkCloud.yar#L1-L20" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_DarkCloud.yar#L1-L20" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "500cb8459c19acd5a1144c4b509c14dbddec74ad623896bfe946fde1cd99a571" logic_hash = "27d3841d6acf87f5c9c03d643c7859d9eaf42e49ed0241b761f858c669c4e931" score = 75 @@ -108289,8 +108493,8 @@ rule ELASTIC_Windows_Trojan_Dustywarehouse_A6Cfc9F7 : FILE MEMORY date = "2023-08-25" modified = "2023-11-02" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_DustyWarehouse.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_DustyWarehouse.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "8c4de69e89dcc659d2fff52d695764f1efd7e64e0a80983ce6d0cb9eeddb806c" logic_hash = "2b4cd9316e2fda882c95673edecb9c82a03ef4fdcc2d2e25783644cc5dfb5bf0" score = 75 @@ -108322,8 +108526,8 @@ rule ELASTIC_Windows_Trojan_Dustywarehouse_3Fef514B : FILE MEMORY date = "2024-05-30" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_DustyWarehouse.yar#L25-L43" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_DustyWarehouse.yar#L25-L43" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "4ad024f53595fdd380f5b5950b62595cd47ac424d2427c176a7b2dfe4e1f35f7" logic_hash = "865ea1e54950a465b71939a41f7a726ccddcfa9f0d777ea853926f65bca0da84" score = 75 @@ -108351,8 +108555,8 @@ rule ELASTIC_Linux_Exploit_CVE_2016_4557_B7E15F5E : FILE MEMORY CVE_2016_4557 date = "2022-01-05" modified = "2022-01-26" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Exploit_CVE_2016_4557.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Exploit_CVE_2016_4557.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "bbed2f81104b5eb4a8475deff73b29a350dc8b0f96dcc4987d0112b993675271" logic_hash = "9c40233fec9607404ca4f78313e0f62922180e5ef88dbf801dd60725af61bdde" score = 75 @@ -108380,8 +108584,8 @@ rule ELASTIC_Linux_Trojan_Nuker_12F26779 : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Nuker.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Nuker.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "440105a62c75dea5575a1660fe217c9104dc19fb5a9238707fe40803715392bf" logic_hash = "8bafbc2792bd4cacd309efd72d2d8787342685d66785ea41cb57c91519a3c545" score = 75 @@ -108409,8 +108613,8 @@ rule ELASTIC_Windows_Trojan_Sythe_02B2811A : FILE MEMORY date = "2023-05-10" modified = "2023-06-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Sythe.yar#L1-L22" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Sythe.yar#L1-L22" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "2d54a8ba40cc9a1c74db7a889bc75a38f16ae2d025268aa07851c1948daa1b4d" logic_hash = "ba472b35f583dd4cf125df575129d07de289d6d7dc12ecdcc518ce1eb9f18def" score = 75 @@ -108441,8 +108645,8 @@ rule ELASTIC_Macos_Trojan_Metasploit_6Cab0Ec0 : FILE MEMORY date = "2021-09-30" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/MacOS_Trojan_Metasploit.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/MacOS_Trojan_Metasploit.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "7ab5490dca314b442181f9a603252ad7985b719c8aa35ddb4c3aa4b26dcc8a42" logic_hash = "c19fe812b74b034bfb42c0e2ee552d879ed038e054c5870b85e7e610d3184198" score = 75 @@ -108470,8 +108674,8 @@ rule ELASTIC_Macos_Trojan_Metasploit_293Bfea9 : FILE MEMORY date = "2021-09-30" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/MacOS_Trojan_Metasploit.yar#L21-L42" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/MacOS_Trojan_Metasploit.yar#L21-L42" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "7ab5490dca314b442181f9a603252ad7985b719c8aa35ddb4c3aa4b26dcc8a42" logic_hash = "b8bd0d034a6306f99333723d77724ae53c1a189dad3fad7417f2d2fde214c24a" score = 75 @@ -108502,8 +108706,8 @@ rule ELASTIC_Macos_Trojan_Metasploit_448Fa81D : FILE MEMORY date = "2021-09-30" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/MacOS_Trojan_Metasploit.yar#L44-L64" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/MacOS_Trojan_Metasploit.yar#L44-L64" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "7ab5490dca314b442181f9a603252ad7985b719c8aa35ddb4c3aa4b26dcc8a42" logic_hash = "ab0608920b9f632bad99e1358f21a88bc6048f46fca21a488a1a10b7ef1e42ae" score = 75 @@ -108533,8 +108737,8 @@ rule ELASTIC_Macos_Trojan_Metasploit_768Df39D : FILE MEMORY date = "2021-09-30" modified = "2021-10-25" reference = "https://github.com/rapid7/metasploit-framework/blob/master/modules/payloads/singles/osx/x86/shell_reverse_tcp.rb" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/MacOS_Trojan_Metasploit.yar#L66-L85" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/MacOS_Trojan_Metasploit.yar#L66-L85" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "140ba93d57b27325f66b36132ecaab205663e3e582818baf377e050802c8d152" score = 75 quality = 75 @@ -108562,8 +108766,8 @@ rule ELASTIC_Macos_Trojan_Metasploit_7Ce0B709 : FILE MEMORY date = "2021-09-30" modified = "2021-10-25" reference = "https://github.com/rapid7/metasploit-framework/blob/master/modules/payloads/singles/osx/x86/shell_bind_tcp.rb" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/MacOS_Trojan_Metasploit.yar#L87-L106" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/MacOS_Trojan_Metasploit.yar#L87-L106" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "56fc05ece464d562ff6e56247756454c940c07b03c4a4c783b2bae4d5807247a" score = 75 quality = 75 @@ -108591,8 +108795,8 @@ rule ELASTIC_Macos_Trojan_Metasploit_F11Ccdac : FILE MEMORY date = "2021-09-30" modified = "2021-10-25" reference = "https://github.com/rapid7/metasploit-framework/blob/master/modules/payloads/singles/osx/x86/shell_find_port.rb" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/MacOS_Trojan_Metasploit.yar#L108-L127" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/MacOS_Trojan_Metasploit.yar#L108-L127" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "fcf578d3e98b591b33cb6f4bec1b9e92a7e1a88f0b56f3c501f9089d2094289c" score = 75 quality = 75 @@ -108620,8 +108824,8 @@ rule ELASTIC_Macos_Trojan_Metasploit_D9B16F4C : FILE MEMORY date = "2021-09-30" modified = "2021-10-25" reference = "https://github.com/rapid7/metasploit-framework/blob/master/modules/payloads/singles/osx/x86/vforkshell_bind_tcp.rb" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/MacOS_Trojan_Metasploit.yar#L129-L148" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/MacOS_Trojan_Metasploit.yar#L129-L148" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "8e082878fb52f6314ec8c725dd279447ee8a0fc403c47ffd997712adb496e7c3" score = 75 quality = 75 @@ -108649,8 +108853,8 @@ rule ELASTIC_Macos_Trojan_Metasploit_2992B917 : FILE MEMORY date = "2021-09-30" modified = "2021-10-25" reference = "https://github.com/rapid7/metasploit-framework/blob/master/modules/payloads/singles/osx/x86/vforkshell_reverse_tcp.rb" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/MacOS_Trojan_Metasploit.yar#L150-L169" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/MacOS_Trojan_Metasploit.yar#L150-L169" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "10056ffb719092f83ad236a63ef6fa1f40568e500c042bd737575997bb67a8ec" score = 75 quality = 75 @@ -108678,8 +108882,8 @@ rule ELASTIC_Macos_Trojan_Metasploit_27D409F1 : FILE MEMORY date = "2021-09-30" modified = "2021-10-25" reference = "https://github.com/rapid7/metasploit-framework/blob/master/modules/payloads/singles/osx/x64/shell_bind_tcp.rb" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/MacOS_Trojan_Metasploit.yar#L171-L190" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/MacOS_Trojan_Metasploit.yar#L171-L190" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "b757e0ab6665a3e4846c6bbe4386e9d9a730ece00a2453933ce771aec2dd716e" score = 75 quality = 75 @@ -108707,8 +108911,8 @@ rule ELASTIC_Macos_Trojan_Metasploit_65A2394B : FILE MEMORY date = "2021-09-30" modified = "2021-10-25" reference = "https://github.com/rapid7/metasploit-framework/blob/master/modules/payloads/stages/osx/x86/vforkshell.rb" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/MacOS_Trojan_Metasploit.yar#L192-L211" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/MacOS_Trojan_Metasploit.yar#L192-L211" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "f01f671b0bf9fa53aa3383c88ba871742f0e55dbdae4278f440ed29f35eb1ca1" score = 75 quality = 75 @@ -108736,8 +108940,8 @@ rule ELASTIC_Macos_Trojan_Metasploit_C7B7A90B : FILE MEMORY date = "2021-09-30" modified = "2021-10-25" reference = "https://github.com/rapid7/metasploit-framework/blob/master/modules/payloads/stagers/osx/x86/reverse_tcp.rb" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/MacOS_Trojan_Metasploit.yar#L213-L232" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/MacOS_Trojan_Metasploit.yar#L213-L232" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "d4b1f01bf8434dd69188d2ad0b376fad3a4d9c94ebe74d40f05019baf95b5496" score = 75 quality = 75 @@ -108765,8 +108969,8 @@ rule ELASTIC_Macos_Trojan_Metasploit_4Bd6Aaca : FILE MEMORY date = "2021-09-30" modified = "2021-10-25" reference = "https://github.com/rapid7/metasploit-framework/blob/master/modules/payloads/stagers/osx/x86/bind_tcp.rb" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/MacOS_Trojan_Metasploit.yar#L234-L253" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/MacOS_Trojan_Metasploit.yar#L234-L253" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" logic_hash = "a3de610ced90679f6fa0dcdf7890a64369c774839ea30018a7ef6fe9289d3d17" score = 75 quality = 75 @@ -108794,8 +108998,8 @@ rule ELASTIC_Macos_Trojan_Metasploit_5E5B685F : FILE MEMORY date = "2021-10-05" modified = "2021-10-25" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/MacOS_Trojan_Metasploit.yar#L255-L273" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/MacOS_Trojan_Metasploit.yar#L255-L273" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "cdf0a3c07ef1479b53d49b8f22a9f93adcedeea3b869ef954cc043e54f65c3d0" logic_hash = "003fb4f079b125f37899a2b3cb62d80edd5b3e5ccbed5bc1ea514a4a173d329d" score = 75 @@ -108823,8 +109027,8 @@ rule ELASTIC_Windows_Trojan_Naplistener_E8F16920 : FILE MEMORY date = "2023-02-28" modified = "2023-03-20" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_NapListener.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_NapListener.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "6e8c5bb2dfc90bca380c6f42af7458c8b8af40b7be95fab91e7c67b0dee664c4" logic_hash = "6cb7b5051fab2b56f39b2805788b5b0838a095b41fcc623fe412b215736be5d4" score = 75 @@ -108854,8 +109058,8 @@ rule ELASTIC_Windows_Trojan_Naplistener_414180A7 : FILE MEMORY date = "2023-02-28" modified = "2023-03-20" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_NapListener.yar#L23-L46" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_NapListener.yar#L23-L46" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "6e8c5bb2dfc90bca380c6f42af7458c8b8af40b7be95fab91e7c67b0dee664c4" logic_hash = "52d3ddebdc1a8aa4bcb902273bd2d3b4f9b51f248d25e7ae1cc260a9550111f5" score = 75 @@ -108879,6 +109083,35 @@ rule ELASTIC_Windows_Trojan_Naplistener_414180A7 : FILE MEMORY condition: 5 of them } +rule ELASTIC_Windows_Vulndriver_Windivert_25991186 : FILE MEMORY +{ + meta: + description = "Detects Windows Vulndriver Windivert (Windows.VulnDriver.WinDivert)" + author = "Elastic Security" + id = "25991186-7a44-446c-9e97-e91bb9adfd77" + date = "2024-06-20" + modified = "2024-07-02" + reference = "https://github.com/elastic/protections-artifacts/" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_VulnDriver_WinDivert.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" + hash = "8da085332782708d8767bcace5327a6ec7283c17cfb85e40b03cd2323a90ddc2" + logic_hash = "a67679bb2f23d1f6691c9ad23da1fd4c2402701ba1929c7abf078d7d95011a08" + score = 75 + quality = 75 + tags = "FILE, MEMORY" + fingerprint = "43c7f0dfe43c64d644fcb0171433a8af0f7b4c38f7601d42923762c3d882ac31" + severity = 100 + arch_context = "x86" + scan_context = "file, memory" + license = "Elastic License v2" + os = "windows" + + strings: + $original_file_name = { 4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 57 00 69 00 6E 00 44 00 69 00 76 00 65 00 72 00 74 00 2E 00 73 00 79 00 73 00 00 00 } + + condition: + int16 ( uint32(0x3C)+0x5c)==0x0001 and int16 ( uint32(0x3C)+0x18)==0x020b and $original_file_name +} rule ELASTIC_Windows_Trojan_Mylobot_A895174A : FILE MEMORY { meta: @@ -108888,8 +109121,8 @@ rule ELASTIC_Windows_Trojan_Mylobot_A895174A : FILE MEMORY date = "2024-05-15" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_MyloBot.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_MyloBot.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "33831d9ad64d0f52f507f08ef81607aafa6ced58a189969af6cf57c659c982d2" logic_hash = "16f2d8eeb6c85944030a33bd250e4e8b98985a6c877a0ec3ad5a6037e7c00159" score = 75 @@ -108923,8 +109156,8 @@ rule ELASTIC_Linux_Ransomware_Ragnarlocker_9F5982B8 : FILE MEMORY date = "2023-07-27" modified = "2024-02-13" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Ransomware_RagnarLocker.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Ransomware_RagnarLocker.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "f668f74d8808f5658153ff3e6aee8653b6324ada70a4aa2034dfa20d96875836" logic_hash = "c08579dc675a709add392a0189d01e05af61034b72f451d2b024c89c1299ee6c" score = 75 @@ -108954,8 +109187,8 @@ rule ELASTIC_Windows_Remoteadmin_Ultravnc_965F054A : FILE MEMORY date = "2023-03-18" modified = "2023-04-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_RemoteAdmin_UltraVNC.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_RemoteAdmin_UltraVNC.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "59bddb5ccdc1c37c838c8a3d96a865a28c75b5807415fd931eaff0af931d1820" logic_hash = "a9b9d0958f09b23fa7b27ef7ec32b3feb98edca3be5a21552a3a2f50e3fd41c1" score = 75 @@ -108989,8 +109222,8 @@ rule ELASTIC_Windows_Backdoor_Goldbackdoor_91902940 : FILE MEMORY date = "2022-04-29" modified = "2022-06-09" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Backdoor_Goldbackdoor.yar#L1-L26" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Backdoor_Goldbackdoor.yar#L1-L26" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "485246b411ef5ea9e903397a5490d106946a8323aaf79e6041bdf94763a0c028" logic_hash = "71e26cce6d730560e1303b2a4f49d0da6d1341263bb47ade46338f03e528cbf7" score = 75 @@ -109025,8 +109258,8 @@ rule ELASTIC_Windows_Backdoor_Goldbackdoor_F11D57Df : FILE MEMORY date = "2022-04-29" modified = "2022-06-09" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Backdoor_Goldbackdoor.yar#L28-L51" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Backdoor_Goldbackdoor.yar#L28-L51" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "45ece107409194f5f1ec2fbd902d041f055a914e664f8ed2aa1f90e223339039" logic_hash = "6401b215523289a3842dec6d3e016a2ca99512c5889e87cb5ff13023bb0b8e1e" score = 75 @@ -109059,8 +109292,8 @@ rule ELASTIC_Windows_Hacktool_Sharpshares_88Cdcd52 : FILE MEMORY date = "2022-10-20" modified = "2022-11-24" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Hacktool_SharpShares.yar#L1-L30" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Hacktool_SharpShares.yar#L1-L30" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "bbdd3620a67aedec4b9a68b2c9cc880b6631215e129816aea19902a6f4bc6f41" logic_hash = "85c59b939da6158f931e779c2884cea77b80fab54ee5e157d86afa19f0253db3" score = 75 @@ -109099,8 +109332,8 @@ rule ELASTIC_Windows_Trojan_Diceloader_B32C6B99 : FILE MEMORY date = "2021-04-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Diceloader.yar#L1-L25" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Diceloader.yar#L1-L25" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "a3b3f56a61c6dc8ba2aa25bdd9bd7dc2c5a4602c2670431c5cbc59a76e2b4c54" logic_hash = "f9e023f340edc4c46b2926e750c2ad3a3798e34415e43c0ea2d83073e3dc526a" score = 75 @@ -109134,8 +109367,8 @@ rule ELASTIC_Windows_Trojan_Diceloader_15Eeb7B9 : FILE MEMORY date = "2021-04-23" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Diceloader.yar#L27-L46" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Diceloader.yar#L27-L46" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "a1202df600d11ad2c61050e7ba33701c22c2771b676f54edd1846ef418bea746" logic_hash = "f1ab9ad69f9ea75343c7404b82a3f7a4976a442b980a98fe5b95c55d4f9cb34e" score = 75 @@ -109164,8 +109397,8 @@ rule ELASTIC_Linux_Trojan_Shark_B918Ab75 : FILE MEMORY date = "2021-01-12" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Shark.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Shark.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "8b6fe9f496996784e42b75fb42702aa47aefe32eac6f63dd16a0eb55358b6054" logic_hash = "16302c29f2ae4109b8679933eb7fd9ef9306b0c215f20e8fff992b0b848974a9" score = 75 @@ -109193,8 +109426,8 @@ rule ELASTIC_Multi_Trojan_Sparkrat_9A21E541 : FILE MEMORY date = "2023-11-13" modified = "2024-06-12" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Multi_Trojan_SparkRat.yar#L1-L21" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Multi_Trojan_SparkRat.yar#L1-L21" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "23efecc03506a9428175546a4b7d40c8a943c252110e83dec132c6a5db8c4dd6" logic_hash = "903c5c65436bea8dd044fd5f1f6dda3d1e90ab25802d508f67ba0f7fd06e92d4" score = 75 @@ -109224,8 +109457,8 @@ rule ELASTIC_Linux_Trojan_Sshdkit_18A0B82A : FILE MEMORY date = "2021-04-06" modified = "2021-09-16" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Linux_Trojan_Sshdkit.yar#L1-L19" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Linux_Trojan_Sshdkit.yar#L1-L19" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "003245047359e17706e4504f8988905a219fcb48865afea934e6aafa7f97cef6" logic_hash = "4b7a78ebf3c114809148cc9855379b2e63c959966272ad45759838d570b42016" score = 75 @@ -109253,8 +109486,8 @@ rule ELASTIC_Windows_Trojan_Gh0St_Ee6De6Bc : FILE MEMORY date = "2021-06-10" modified = "2021-08-23" reference = "https://github.com/elastic/protections-artifacts/" - source_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/yara/rules/Windows_Trojan_Gh0st.yar#L1-L23" - license_url = "https://github.com/elastic/protections-artifacts//blob/7607ac6ed3bb869356a16d2f7488f6744c68b134/LICENSE.txt" + source_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/yara/rules/Windows_Trojan_Gh0st.yar#L1-L23" + license_url = "https://github.com/elastic/protections-artifacts//blob/971c9e2713670f7a00aa78ed2c387ac3afd63a78/LICENSE.txt" hash = "ea1dc816dfc87c2340a8b8a77a4f97618bccf19ad3b006dce4994be02e13245d" logic_hash = "3619df974c9f4ec76899afbafdfd6839070714862c7361be476cf8f83e766e2f" score = 75 @@ -109281,7 +109514,7 @@ rule ELASTIC_Windows_Trojan_Gh0St_Ee6De6Bc : FILE MEMORY * YARA Rule Set * Repository Name: R3c0nst * Repository: https://github.com/fboldewin/YARA-rules/ - * Retrieval Date: 2024-06-30 + * Retrieval Date: 2024-07-07 * Git Commit: 54e9e6899b258b72074b2b4db6909257683240c2 * Number of Rules: 26 * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance) @@ -110048,8 +110281,8 @@ rule R3C0NST_ATM_Malware_Dispenserxfs : FILE * YARA Rule Set * Repository Name: CAPE * Repository: https://github.com/kevoreilly/CAPEv2 - * Retrieval Date: 2024-06-30 - * Git Commit: 25a2b8705316eaf5acc94e3080e51f889264aee6 + * Retrieval Date: 2024-07-07 + * Git Commit: 964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b * Number of Rules: 94 * Skipped: 0 (age), 11 (quality), 0 (score), 0 (importance) * @@ -110731,8 +110964,8 @@ rule CAPE_Nanolocker : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/NanoLocker.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/NanoLocker.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "fe6c8a4e259c3c526f8f50771251f6762b2b92a4df2e8bfc705f282489f757db" score = 75 quality = 70 @@ -110756,8 +110989,8 @@ rule CAPE_Pikabotloader : FILE date = "2024-03-13" modified = "2024-03-13" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/PikaBot.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/PikaBot.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "7e5f1f2911545ee6bd36b54f2627fbdec1b957f4b91df901dd1c6cbd4dff0231" score = 75 quality = 70 @@ -110781,8 +111014,8 @@ rule CAPE_Pikabot : FILE date = "2024-03-13" modified = "2024-03-13" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/PikaBot.yar#L15-L28" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/PikaBot.yar#L15-L28" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "ed07217c373831a9a67d914854154988696e6fcea70dedabf333385f0e7bb8b7" score = 75 quality = 70 @@ -110807,8 +111040,8 @@ rule CAPE_Pik23 : FILE date = "2024-03-13" modified = "2024-03-13" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/PikaBot.yar#L30-L44" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/PikaBot.yar#L30-L44" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" hash = "59f42ecde152f78731e54ea27e761bba748c9309a6ad1c2fd17f0e8b90f8aed1" logic_hash = "71a71df2f2a075294941c54eed06cafaaa4d3294e45b3a0098c1cffddd0438bc" score = 75 @@ -110834,8 +111067,8 @@ rule CAPE_Tscookie : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/TSCookie.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/TSCookie.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "0461c7fd14c74646437654f0a63a4a89d4efad620e197a8ca1e8d390618842c3" score = 75 quality = 70 @@ -110859,8 +111092,8 @@ rule CAPE_Ryuk : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/Ryuk.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/Ryuk.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "b4463993d8956e402b927a3dcfa2ca9693a959908187f720372f2d3a40e6db0c" score = 75 quality = 70 @@ -110885,8 +111118,8 @@ rule CAPE_Agent_Tesla date = "2024-03-22" modified = "2024-03-22" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/AgentTesla.yar#L1-L17" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/AgentTesla.yar#L1-L17" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "3945754129dcc58e0abfd7485f5ff0c0afdd1078ae2cf164ca8f59a6f79db1be" score = 75 quality = 70 @@ -110912,8 +111145,8 @@ rule CAPE_Agenttesla : FILE date = "2024-03-22" modified = "2024-03-22" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/AgentTesla.yar#L19-L41" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/AgentTesla.yar#L19-L41" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "1bf9b26c4cf87e674ddffabe40aba5a45499c6a04d4ff3e43c3cda4cbcb4d188" score = 75 quality = 70 @@ -110945,8 +111178,8 @@ rule CAPE_Agentteslav2 : FILE date = "2024-03-22" modified = "2024-03-22" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/AgentTesla.yar#L43-L67" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/AgentTesla.yar#L43-L67" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "b45296b3b94fa1ff32de48c94329a17402461fb6696e9390565c4dba9738ed78" score = 75 quality = 70 @@ -110982,8 +111215,8 @@ rule CAPE_Agentteslav3 : FILE date = "2024-03-22" modified = "2024-03-22" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/AgentTesla.yar#L69-L111" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/AgentTesla.yar#L69-L111" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "26c4fa0ce8de6982eb599f3872e8ab2a6e83da4741db7f3500c94e0a8fe5d459" score = 75 quality = 68 @@ -111036,8 +111269,8 @@ rule CAPE_Agentteslaxor : FILE date = "2024-03-22" modified = "2024-03-22" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/AgentTesla.yar#L113-L123" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/AgentTesla.yar#L113-L123" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "54581e83e5fa13fae4bda74016b3fa1d18c92e2659f493ebe54d70fd5f77bba5" score = 75 quality = 20 @@ -111059,8 +111292,8 @@ rule CAPE_Agentteslav4 : FILE date = "2024-03-22" modified = "2024-03-22" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/AgentTesla.yar#L125-L138" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/AgentTesla.yar#L125-L138" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "0a39036f408728ab312a54ff3354453d171424f57f9a8f3b42af867be3037ca9" score = 75 quality = 70 @@ -111085,8 +111318,8 @@ rule CAPE_Agentteslav4Jit date = "2024-03-22" modified = "2024-03-22" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/AgentTesla.yar#L140-L153" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/AgentTesla.yar#L140-L153" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "8f7144d2a989ce8d291af926b292f5f0f7772e707b0e49797eba13ecf91b90bc" score = 75 quality = 70 @@ -111111,8 +111344,8 @@ rule CAPE_Scarab : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/Scarab.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/Scarab.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "0d8fa7ab4c8e5699f17f9e9444e85a42563a840a8e7ee9eda54add3a6845d1c6" score = 75 quality = 70 @@ -111136,8 +111369,8 @@ rule CAPE_Atlas : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/Atlas.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/Atlas.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "c3f73b29df5caf804dbfe3e6ac07a9e2c772bd2a126f0487e4a65e72bd501e6e" score = 75 quality = 70 @@ -111161,8 +111394,8 @@ rule CAPE_Sedreco : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/Sedreco.yar#L1-L15" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/Sedreco.yar#L1-L15" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "f735549606917f59a19157e604e54766e4456bc5d46e94cae3e0a3c18b52a7ca" score = 75 quality = 70 @@ -111186,8 +111419,8 @@ rule CAPE_Nettraveler : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/NetTraveler.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/NetTraveler.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "bf5026f1a1cb3d6986a29d22657a9f1904b362391a6715d7468f8f8aca351233" score = 75 quality = 70 @@ -111211,8 +111444,8 @@ rule CAPE_Gootkit : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/Gootkit.yar#L1-L11" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/Gootkit.yar#L1-L11" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "26704b6b0adca51933fc9d5e097930320768fd0e9355dcefc725aee7775316e7" score = 75 quality = 70 @@ -111234,8 +111467,8 @@ rule CAPE_Oyster date = "2024-05-30" modified = "2024-05-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/Oyster.yar#L1-L19" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/Oyster.yar#L1-L19" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" hash = "8bae0fa9f589cd434a689eebd7a1fde949cc09e6a65e1b56bb620998246a1650" logic_hash = "23ab1518712dbce8319b87785d7ffc0c2b61de82c2bbf533ebf0aae39ec33540" score = 75 @@ -111265,8 +111498,8 @@ rule CAPE_Masslogger : FILE date = "2020-11-24" modified = "2020-11-24" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/MassLogger.yar#L1-L12" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/MassLogger.yar#L1-L12" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "c8d82694810aafbdc6a35a661e7431e9536035e2f7fef90b9359064c4209b66c" score = 75 quality = 70 @@ -111289,8 +111522,8 @@ rule CAPE_Cerber : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/Cerber.yar#L1-L12" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/Cerber.yar#L1-L12" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "16a8f808c28d3b142c079a305aba7f553f2452e439710bf610a06f8f2924d5a3" score = 75 quality = 70 @@ -111312,8 +111545,8 @@ rule CAPE_Darkgate date = "2024-02-26" modified = "2024-02-26" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/DarkGate.yar#L1-L16" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/DarkGate.yar#L1-L16" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "25c0e77a83676c6a18445f8df0b1f7a9148de5f64eeb532f9a4f4d4652dd8191" score = 75 quality = 70 @@ -111340,8 +111573,8 @@ rule CAPE_Dreambot : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/Dreambot.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/Dreambot.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "29c6d648d5d38667c5824c2d20a83a20448c2ae6054ddddb2b2b7f8bdb69f74b" score = 75 quality = 70 @@ -111366,8 +111599,8 @@ rule CAPE_Vidar : FILE date = "2023-04-21" modified = "2023-04-21" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/Vidar.yar#L1-L22" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/Vidar.yar#L1-L22" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "5d4c030536ed41cf4e0dcb77b2fe4553d789ee2b8095a4b3e050692335a8709d" score = 75 quality = 70 @@ -111400,8 +111633,8 @@ rule CAPE_Varenyky : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/Varenyky.yar#L1-L11" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/Varenyky.yar#L1-L11" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "602f1b8b60b29565eabe2171fde4eb58546af68f8acecad402a7a51ea9a08ed9" score = 75 quality = 70 @@ -111423,8 +111656,8 @@ rule CAPE_Cobaltstrikestager date = "2023-01-18" modified = "2023-01-18" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/CobaltStrikeStager.yar#L1-L15" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/CobaltStrikeStager.yar#L1-L15" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "6a55b0c3ab5f557dfb7a3f8bd616ede1bd9b93198590fc9d52aa19c1154388c5" score = 75 quality = 70 @@ -111449,8 +111682,8 @@ rule CAPE_Fareit : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/Fareit.yar#L1-L11" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/Fareit.yar#L1-L11" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "ed35391ffc949219f380da3f22bc8397a7d5c742bd68e227c3becdebcab5cf83" score = 75 quality = 70 @@ -111472,8 +111705,8 @@ rule CAPE_Petya : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/Petya.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/Petya.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "f819261bb34f3b2eb7dc2f843b56be25105570fe902a77940a632a54fbe0d014" score = 75 quality = 70 @@ -111497,8 +111730,8 @@ rule CAPE_Dridexv4 : FILE date = "2022-05-31" modified = "2022-05-31" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/DridexV4.yar#L1-L15" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/DridexV4.yar#L1-L15" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "cb103fe5f2d4792e3c612db4e2d84a4c8b0ce0f9a8443e9147e2c345f1dbdff6" score = 75 quality = 70 @@ -111524,8 +111757,8 @@ rule CAPE_Azer : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/Azer.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/Azer.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "48bd4a4e071f10d1911c4173a0cd39c69fed7a3b29eb92beffe709899f4cefa5" score = 75 quality = 70 @@ -111549,8 +111782,8 @@ rule CAPE_Lockbit : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/Lockbit.yar#L1-L15" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/Lockbit.yar#L1-L15" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "80ab705c8246a0bd5b3de65146cf32b102f39bf9444bdf1d366b5a794c1229b9" score = 75 quality = 70 @@ -111576,8 +111809,8 @@ rule CAPE_Kovter : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/Kovter.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/Kovter.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "888fccb8fbfbe6c05ec63bc5658b4743f8e10a96ef51b3868c2ff94afec76f2d" score = 75 quality = 70 @@ -111602,8 +111835,8 @@ rule CAPE_Rozena date = "2024-03-15" modified = "2024-03-15" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/Rozena.yar#L1-L10" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/Rozena.yar#L1-L10" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "c415a8108b58a125a604031bb8d73b58a8aae5429b5b765e35fa8a4add9cd135" score = 75 quality = 70 @@ -111626,8 +111859,8 @@ rule CAPE_Hermes : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/Hermes.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/Hermes.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "9bc974173f39a57e7adfbf8ae106a20d960557696b4c3ce16e9b4e47d3e9e95b" score = 75 quality = 70 @@ -111651,8 +111884,8 @@ rule CAPE_Magniber : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/Magniber.yar#L1-L11" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/Magniber.yar#L1-L11" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "1875754bdf98c1886f31f6c6e29992a98180f74d8fa168ae391e2c660d760618" score = 75 quality = 70 @@ -111674,8 +111907,8 @@ rule CAPE_Socks5Systemz : FILE date = "2024-05-22" modified = "2024-05-22" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/Socks5Systemz.yar#L1-L18" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/Socks5Systemz.yar#L1-L18" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "44b83b6d2ab39b4258ae0d97d00d02afdbb62a3973fd788584e4dea9db69cc1b" score = 75 quality = 70 @@ -111704,8 +111937,8 @@ rule CAPE_Jaff : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/Jaff.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/Jaff.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "6806a5eeee04b7436ff694addc334bfc0f1ee611116904d57be9506acfd47418" score = 75 quality = 70 @@ -111730,8 +111963,8 @@ rule CAPE_Lumma : FILE date = "2024-03-13" modified = "2024-03-13" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/Lumma.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/Lumma.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "5b172496e2488cc3e9cdbd5a08229c3691bafba2fcdbdfd2805c7ac58f9c5751" score = 75 quality = 70 @@ -111756,8 +111989,8 @@ rule CAPE_Latrodectus date = "2024-01-18" modified = "2024-01-18" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/Latrodectus.yar#L1-L15" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/Latrodectus.yar#L1-L15" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" hash = "a547cff9991a713535e5c128a0711ca68acf9298cc2220c4ea0685d580f36811" logic_hash = "c0a0bbdc865600b78538670cd766b63f8ca1bf223195d0f5c937e5968500ea0e" score = 75 @@ -111783,8 +112016,8 @@ rule CAPE_Nemty : FILE date = "2020-04-03" modified = "2020-04-03" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/Nemty.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/Nemty.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "a05974b561c67b4f1e0812639b74831edcf65686a06c0d380f0b45739e342419" score = 75 quality = 70 @@ -111808,8 +112041,8 @@ rule CAPE_Locky : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/Locky.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/Locky.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "9786c54a2644d9581fefe64be11b26e22806398e54e961fa4f19d26eae039cd7" score = 75 quality = 70 @@ -111833,8 +112066,8 @@ rule CAPE_Icedid date = "2021-12-16" modified = "2021-12-16" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/IcedID.yar#L1-L18" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/IcedID.yar#L1-L18" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "e60ccbab7a360020744eba65961156ca3e2ae9cf23671014f913d71c1a96a331" score = 75 quality = 45 @@ -111863,8 +112096,8 @@ rule CAPE_Wanacry : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/WanaCry.yar#L1-L16" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/WanaCry.yar#L1-L16" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "16d5e39f043d27bbf22f8f21e13971b7e0709b07e44746dd157d11ee4cc51944" score = 75 quality = 70 @@ -111890,8 +112123,8 @@ rule CAPE_Buerloader : FILE date = "2022-05-31" modified = "2022-05-31" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/BuerLoader.yar#L1-L12" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/BuerLoader.yar#L1-L12" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "05c1f008f0a2bb8232867977fb23a5ae8312f10f0637c6265561052596319c29" score = 75 quality = 70 @@ -111915,8 +112148,8 @@ rule CAPE_Zeuspanda : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/ZeusPanda.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/ZeusPanda.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "43d8a56cae9fd23c053f6956851734d3270b46a906236854502c136e3bb1e761" score = 75 quality = 70 @@ -111939,8 +112172,8 @@ rule CAPE_Carbanak : FILE date = "2024-03-18" modified = "2024-03-18" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/Carbanak.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/Carbanak.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" hash = "c9c1b06cb9c9bd6fc4451f5e2847a1f9524bb2870d7bb6f0ee09b9dd4e3e4c84" logic_hash = "8ed5ab07f1635dc7cdf296e86a71a0a99d0b2faef8fc460f43d426b24b8c8367" score = 75 @@ -111965,8 +112198,8 @@ rule CAPE_Tclient : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/TClient.yar#L1-L11" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/TClient.yar#L1-L11" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "6edcd01e4722b367723ed77d9596877d16ee35dc4c160885d125f83e45cee24d" score = 75 quality = 70 @@ -111988,8 +112221,8 @@ rule CAPE_Rokrat : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/RokRat.yar#L1-L12" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/RokRat.yar#L1-L12" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "2aaa7de7ccd59e0da690f4bc0c7deaacf61314d61f8d2aa3ce6f6892f50612ec" score = 75 quality = 70 @@ -112012,8 +112245,8 @@ rule CAPE_Lokibot : FILE date = "2022-02-01" modified = "2022-02-01" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/LokiBot.yar#L1-L12" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/LokiBot.yar#L1-L12" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "a5b3d518371138740e913d2d6ce4fa22d3da5cea7e034c7d6b4b502e6bf44b06" score = 75 quality = 70 @@ -112036,8 +112269,8 @@ rule CAPE_Cryptoshield : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/Cryptoshield.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/Cryptoshield.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "46064b4c69cb1af01330c5d194ef50728e0f0479e9fbf72828822935f8e37ac6" score = 75 quality = 70 @@ -112061,8 +112294,8 @@ rule CAPE_Doomedloader : FILE date = "2024-05-09" modified = "2024-05-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/DoomedLoader.yar#L1-L12" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/DoomedLoader.yar#L1-L12" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "54a5962ef49ebf987908c4ea1559788f7c96a7e4ea61d2973636e998a0239c77" score = 75 quality = 70 @@ -112086,8 +112319,8 @@ rule CAPE_Ursnifv3 : FILE date = "2023-03-23" modified = "2023-03-23" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/UrsnifV3.yar#L1-L18" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/UrsnifV3.yar#L1-L18" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "501cd52388aba16f9d33b4555f310e1ad58326916b15358a485c701acb87abd8" score = 75 quality = 70 @@ -112116,8 +112349,8 @@ rule CAPE_Arkei : FILE date = "2020-02-11" modified = "2020-02-11" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/Arkei.yar#L1-L24" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/Arkei.yar#L1-L24" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "03980827db1c53d4090ab196ba820ca34b5d83dc7140b11ead9182cb5d28c7d3" score = 75 quality = 70 @@ -112151,8 +112384,8 @@ rule CAPE_Amadey : FILE date = "2023-09-04" modified = "2023-09-04" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/Amadey.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/Amadey.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" hash = "988258716d5296c1323303e8fe4efd7f4642c87bfdbe970fe9a3bb3f410f70a4" logic_hash = "38f710b422a3644c9f0f3e80ad9ff28ef02050368c651a6cc2ce8b152b67bf48" score = 75 @@ -112177,8 +112410,8 @@ rule CAPE_Rcsession date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/RCSession.yar#L1-L12" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/RCSession.yar#L1-L12" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "ebd1e9e615a91c35b36332cad55519607323469df738cec4464288b45787630d" score = 75 quality = 70 @@ -112201,8 +112434,8 @@ rule CAPE_Rhadamanthys date = "2023-09-18" modified = "2023-09-18" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/Rhadamanthys.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/Rhadamanthys.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "f71bee3ef1dd7b16a55397645d16c0a20d1fdd3bf662f241c0b11796629b11ff" score = 75 quality = 70 @@ -112227,8 +112460,8 @@ rule CAPE_Dridexloader : FILE date = "2021-03-10" modified = "2021-03-10" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/DridexLoader.yar#L1-L17" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/DridexLoader.yar#L1-L17" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "20696b1f14539c8ecf21bffc696596040c20b1ee2fcedc173945482c0baca588" score = 75 quality = 70 @@ -112255,8 +112488,8 @@ rule CAPE_Stealc : FILE date = "2024-02-16" modified = "2024-02-16" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/Stealc.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/Stealc.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" hash = "77d6f1914af6caf909fa2a246fcec05f500f79dd56e5d0d466d55924695c702d" logic_hash = "90a3a72f53d0c020f1568d7bbf183ee4f76ec3f4706d2331bcbc4e631bf6399d" score = 75 @@ -112280,8 +112513,8 @@ rule CAPE_Petrwrap : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/PetrWrap.yar#L1-L15" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/PetrWrap.yar#L1-L15" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "6dd1cf5639b63d0ab41b24080dad68d285f2e3969ad34fd724c83e7a0dd4b968" score = 75 quality = 70 @@ -112306,8 +112539,8 @@ rule CAPE_Ramnit : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/Ramnit.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/Ramnit.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "6f661f47bdf8377b0fb96f190fcb964c0ed2b43ce7ae7880f9dfce9e43837efd" score = 75 quality = 70 @@ -112331,8 +112564,8 @@ rule CAPE_Gandcrab : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/Gandcrab.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/Gandcrab.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "354ed566dbafbe8e9531bb771d9846952eb8c0e70ee94c26d09368159ce4142c" score = 75 quality = 70 @@ -112357,8 +112590,8 @@ rule CAPE_Formbook date = "2023-10-13" modified = "2023-10-13" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/Formbook.yar#L1-L18" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/Formbook.yar#L1-L18" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "63ee4dd6fe5ed2a3e5ee88ba7de48d2c9e0024961a550d0fdb68891c9885e05e" score = 75 quality = 70 @@ -112389,8 +112622,8 @@ rule CAPE_Nighthawk date = "2022-12-05" modified = "2022-12-05" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/Nighthawk.yar#L3-L24" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/Nighthawk.yar#L3-L24" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "2d77912678e06503ffef0e8ed84aa4f9ac74357480d57742fbae619acebfb5f2" score = 75 quality = 70 @@ -112414,8 +112647,8 @@ rule CAPE_Asyncrat : FILE date = "2024-05-23" modified = "2024-05-23" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/AsyncRat.yar#L1-L17" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/AsyncRat.yar#L1-L17" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "8f960131bb86e1c09127324bd5877364ab25e0cb37f5f9755230c7fed9094de3" score = 75 quality = 66 @@ -112443,8 +112676,8 @@ rule CAPE_Asyncrat_Kingrat date = "2024-05-23" modified = "2024-05-23" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/AsyncRat.yar#L19-L40" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/AsyncRat.yar#L19-L40" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "2699ef93ae10b205b79025098afc1d1cfe7dbdf192f4d98a6e34a8f3de154810" score = 75 quality = 62 @@ -112477,8 +112710,8 @@ rule CAPE_Zerot : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/ZeroT.yar#L1-L15" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/ZeroT.yar#L1-L15" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "f60ae25ac3cd741b8bdc5100b5d3c474b5d9fbe8be88bfd184994bae106c3803" score = 75 quality = 68 @@ -112504,8 +112737,8 @@ rule CAPE_Kpot : FILE date = "2020-10-19" modified = "2020-10-19" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/Kpot.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/Kpot.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "75abaab9a10e8ac8808425c389238285ab9bd9cb76f0cd03cc1e35b3ea0a1b0f" score = 75 quality = 70 @@ -112529,8 +112762,8 @@ rule CAPE_Bumblebee : FILE date = "2023-10-02" modified = "2023-10-02" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/BumbleBee.yar#L35-L50" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/BumbleBee.yar#L35-L50" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "bc7c2ce9d3cd598c9510dc64d78048999f2f89ee5a84cd0d6046dbdfabe260ee" score = 75 quality = 70 @@ -112557,8 +112790,8 @@ rule CAPE_Doppelpaymer : FILE date = "2022-06-27" modified = "2022-06-27" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/DoppelPaymer.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/DoppelPaymer.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "73a2575671bafc31a70af3ce072d6f94ae172b12202baebba586a02524cb6f9d" score = 75 quality = 70 @@ -112581,8 +112814,8 @@ rule CAPE_Mole : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/Mole.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/Mole.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "8be4d190d554a610360c0e04b33da59eb00319395e5b2000d580546ce6503786" score = 75 quality = 70 @@ -112606,8 +112839,8 @@ rule CAPE_Squirrelwaffle : FILE date = "2021-10-13" modified = "2021-10-13" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/SquirrelWaffle.yar#L1-L11" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/SquirrelWaffle.yar#L1-L11" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "5f799333398421d537ec7a87ca94f6cc9cf1e53e55b353036a5132440990e500" score = 75 quality = 70 @@ -112630,8 +112863,8 @@ rule CAPE_Trickbot date = "2023-02-07" modified = "2023-02-07" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/TrickBot.yar#L1-L20" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/TrickBot.yar#L1-L20" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "47cc2070b43957601a72745329a9d14fb3fbfd4d2b31cacc35d4ac750dde31ea" score = 75 quality = 70 @@ -112662,8 +112895,8 @@ rule CAPE_Trickbot_Permadll_UEFI_Module date = "2023-02-07" modified = "2023-02-07" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/TrickBot.yar#L22-L38" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/TrickBot.yar#L22-L38" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" hash = "491115422a6b94dc952982e6914adc39" logic_hash = "564055f56fd19bed8900e6d451ba050b4e9013a9208a3bdc3d3d563567d225d2" score = 75 @@ -112691,8 +112924,8 @@ rule CAPE_Codoso : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/Codoso.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/Codoso.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "32c9ed2ac29e8905266977a9ee573a252442d96fb9ec97d88642180deceec3f8" score = 75 quality = 70 @@ -112716,8 +112949,8 @@ rule CAPE_Aurorastealer : FILE date = "2022-12-14" modified = "2023-03-31" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/AuroraStealer.yar#L1-L74" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/AuroraStealer.yar#L1-L74" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "0d10e9268184f494a73d5b4ab0d9a478ad0c26d2ef13d5134f8c9769f028b8f5" score = 75 quality = 45 @@ -112796,8 +113029,8 @@ rule CAPE_Conti : FILE date = "2021-03-15" modified = "2021-03-15" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/Conti.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/Conti.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "c9842f93d012d0189b9c6f10ad558b37ae66226bbb619ad677f6906ccaf0e848" score = 75 quality = 70 @@ -112821,8 +113054,8 @@ rule CAPE_Seduploader : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/Seduploader.yar#L1-L11" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/Seduploader.yar#L1-L11" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "d70c886699169d4dafc5b063c93682a34af5667df6d293b52256ddc19ab9c516" score = 75 quality = 70 @@ -112844,8 +113077,8 @@ rule CAPE_Zloader : FILE date = "2024-05-06" modified = "2024-05-06" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/Zloader.yar#L1-L18" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/Zloader.yar#L1-L18" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" hash = "adbd0c7096a7373be82dd03df1aae61cb39e0a155c00bbb9c67abc01d48718aa" logic_hash = "a94efd87c69146cf5771341974e5abe789445d67dde3e045e1b87d3131539ff9" score = 75 @@ -112874,8 +113107,8 @@ rule CAPE_Remcos : FILE date = "2022-05-10" modified = "2022-05-10" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/Remcos.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/Remcos.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "38142e784ad437d9592353b924f74777bb62e5ed176c811230a2021a437d4710" score = 75 quality = 68 @@ -112900,8 +113133,8 @@ rule CAPE_Blister : FILE date = "2023-09-20" modified = "2023-09-20" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/Blister.yar#L1-L17" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/Blister.yar#L1-L17" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" hash = "afb77617a4ca637614c429440c78da438e190dd1ca24dc78483aa731d80832c2" hash = "d3eab2a134e7bd3f2e8767a6285b38d19cd3df421e8af336a7852b74f194802c" logic_hash = "f26d85fdf0eb07e67fe38c43c5f6d024bfb7b2a333cb3411f5cdcff6bf5db12d" @@ -112929,8 +113162,8 @@ rule CAPE_Qakbot5 : FILE date = "2024-04-28" modified = "2024-04-28" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/QakBot.yar#L1-L15" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/QakBot.yar#L1-L15" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" hash = "59559e97962e40a15adb2237c4d01cfead03623aff1725616caeaa5a8d273a35" logic_hash = "cc23a92f45619d44af824128b743c259dd9dfa7cb5106932f3425f3dfd1dccdf" score = 75 @@ -112956,8 +113189,8 @@ rule CAPE_Qakbot4 : FILE date = "2024-04-28" modified = "2024-04-28" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/QakBot.yar#L17-L35" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/QakBot.yar#L17-L35" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "b2870e33abffbb3ff49b7891b0f5c538ab48ee63da5553929d4e37dec921344f" score = 75 quality = 70 @@ -112987,8 +113220,8 @@ rule CAPE_Eternalromance : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/EternalRomance.yar#L1-L33" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/EternalRomance.yar#L1-L33" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "5390fae3e2411a715cdc965df8648c0c4c511d53d5f76031714f1b784b58eb0d" score = 75 quality = 68 @@ -113032,8 +113265,8 @@ rule CAPE_Bazar : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/Bazar.yar#L1-L11" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/Bazar.yar#L1-L11" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "9375f59b56e47fd0b90b089afdf3be8f16f960038fc625523a2e2d5509ab099d" score = 75 quality = 70 @@ -113056,8 +113289,8 @@ rule CAPE_Cargobayloader : FILE date = "2023-02-20" modified = "2023-02-20" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/CargoBayLoader.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/CargoBayLoader.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" hash = "75e975031371741498c5ba310882258c23b39310bd258239277708382bdbee9c" logic_hash = "1d5c4ca79f97e1fac358189a8c6530be12506974fc2fb42f63b0b621536a45c9" score = 75 @@ -113081,8 +113314,8 @@ rule CAPE_Kronos : FILE date = "2020-07-02" modified = "2020-07-02" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/Kronos.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/Kronos.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "52ce9caf3627efe8ae86df6ca59e51e9f738e13ac0265f797e8d70123dbcaeb3" score = 75 quality = 70 @@ -113107,8 +113340,8 @@ rule CAPE_Azorult : FILE date = "2022-06-09" modified = "2022-06-09" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/Azorult.yar#L1-L12" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/Azorult.yar#L1-L12" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "4691cf48d513d1965416b0cce1b6e19c8f7b393a940afd68b7c6ca8c0d125d90" score = 75 quality = 70 @@ -113131,8 +113364,8 @@ rule CAPE_Ursnif : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/Ursnif.yar#L1-L19" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/Ursnif.yar#L1-L19" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "46e79fde81ff5352314618021e394b2e0322df07170c7279363290b7134935fd" score = 75 quality = 70 @@ -113161,8 +113394,8 @@ rule CAPE_Megacortex : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/MegaCortex.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/MegaCortex.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "5de1d8241260070241c91b97f18feb2a90069e3b158e863e2d9f568799c244e6" score = 75 quality = 70 @@ -113186,8 +113419,8 @@ rule CAPE_Smokeloader date = "2023-02-06" modified = "2023-02-06" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/SmokeLoader.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/SmokeLoader.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "a2ed982f15a6c687da2fdba216868016722825edf7e8ff6a75f24d81af8276bc" score = 75 quality = 70 @@ -113212,8 +113445,8 @@ rule CAPE_Hancitor : FILE date = "2020-10-20" modified = "2020-10-20" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/Hancitor.yar#L1-L14" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/Hancitor.yar#L1-L14" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "84003542a2f587b5fbd43731c4240759806f8ee46df2bd96aae4a3c09d97e41c" score = 75 quality = 70 @@ -113238,8 +113471,8 @@ rule CAPE_Bitpaymer : FILE date = "2019-11-27" modified = "2019-11-27" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/BitPaymer.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/BitPaymer.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "6ae0dc9a36da13e483d8d653276b06f59ecc15c95c754c268dcc91b181677c4c" score = 75 quality = 70 @@ -113262,8 +113495,8 @@ rule CAPE_Emotetloader : FILE date = "2022-05-31" modified = "2022-05-31" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/EmotetLoader.yar#L1-L12" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/EmotetLoader.yar#L1-L12" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "410872d25ed3a89a2cba108f952d606cd1c3bf9ccc89ae6ab3377b83665c2773" score = 75 quality = 70 @@ -113285,8 +113518,8 @@ rule CAPE_Badrabbit : FILE date = "2019-10-30" modified = "2019-10-30" reference = "https://github.com/kevoreilly/CAPEv2" - source_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/data/yara/CAPE/BadRabbit.yar#L1-L13" - license_url = "https://github.com/kevoreilly/CAPEv2/blob/25a2b8705316eaf5acc94e3080e51f889264aee6/LICENSE" + source_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/data/yara/CAPE/BadRabbit.yar#L1-L13" + license_url = "https://github.com/kevoreilly/CAPEv2/blob/964c1c0d184d8719a50fd4469dc0b6d02a2a6a8b/LICENSE" logic_hash = "309e14ab4ea2f919358631f9d8b2aaff1f51e7708b6114e4e6bf4a9d9a5fc86c" score = 75 quality = 70 @@ -113305,7 +113538,7 @@ rule CAPE_Badrabbit : FILE * YARA Rule Set * Repository Name: BinaryAlert * Repository: https://github.com/airbnb/binaryalert/ - * Retrieval Date: 2024-06-30 + * Retrieval Date: 2024-07-07 * Git Commit: a9c0f06affc35e1f8e45bb77f835b92350c68a0b * Number of Rules: 78 * Skipped: 0 (age), 1 (quality), 0 (score), 0 (importance) @@ -115726,7 +115959,7 @@ rule BINARYALERT_Malware_Multi_Vesche_Basicrat * YARA Rule Set * Repository Name: DeadBits * Repository: https://github.com/deadbits/yara-rules/ - * Retrieval Date: 2024-06-30 + * Retrieval Date: 2024-07-07 * Git Commit: d002f7ecee23e09142a3ac3e79c84f71dda3f001 * Number of Rules: 17 * Skipped: 0 (age), 6 (quality), 0 (score), 0 (importance) @@ -116426,7 +116659,7 @@ rule DEADBITS_Acbackdoor_ELF : LINUX MALWARE BACKDOOR description = "No description has been set in the source file - DeadBits" author = "Adam M. Swanda" id = "82eb41bf-cd1d-5b00-973b-31a79c75cfc0" - date = "2019-11-30" + date = "2019-11-07" modified = "2019-12-04" reference = "https://www.intezer.com/blog-acbackdoor-analysis-of-a-new-multiplatform-backdoor/" source_url = "https://github.com/deadbits/yara-rules//blob/d002f7ecee23e09142a3ac3e79c84f71dda3f001/rules/ACBackdoor_Linux.yara#L1-L41" @@ -116497,8 +116730,8 @@ rule DEADBITS_Dacls_Trojan_Linux * YARA Rule Set * Repository Name: DelivrTo * Repository: https://github.com/delivr-to/detections - * Retrieval Date: 2024-06-30 - * Git Commit: d2dcf7e9566e39655994aa0c5f8fb7a94cae2984 + * Retrieval Date: 2024-07-07 + * Git Commit: 437e5c8b301bf96c50840f4ab7ce8524b6201a69 * Number of Rules: 7 * Skipped: 0 (age), 2 (quality), 0 (score), 0 (importance) * @@ -116516,7 +116749,7 @@ rule DELIVRTO_SUSP_Msg_CVE_2023_23397_Mar23 : CVE_2023_23397 FILE date = "2023-03-15" modified = "2023-03-15" reference = "https://www.mdsec.co.uk/2023/03/exploiting-cve-2023-23397-microsoft-outlook-elevation-of-privilege-vulnerability/" - source_url = "https://github.com/delivr-to/detections/blob/d2dcf7e9566e39655994aa0c5f8fb7a94cae2984/yara-rules/msg_cve_2023_23397.yar#L1-L20" + source_url = "https://github.com/delivr-to/detections/blob/437e5c8b301bf96c50840f4ab7ce8524b6201a69/yara-rules/msg_cve_2023_23397.yar#L1-L20" license_url = "N/A" logic_hash = "0476cf7f93c4f6cc48c19933f31360b62fe5e339f6a2a31dee8ad95f83ce67d7" score = 60 @@ -116539,7 +116772,7 @@ rule DELIVRTO_SUSP_ZPAQ_Archive_Nov23 : FILE date = "2023-11-26" modified = "2023-11-27" reference = "https://www.gdatasoftware.com/blog/2023/11/37822-agent-tesla-zpaq" - source_url = "https://github.com/delivr-to/detections/blob/d2dcf7e9566e39655994aa0c5f8fb7a94cae2984/yara-rules/zpaq_archives.yar#L1-L14" + source_url = "https://github.com/delivr-to/detections/blob/437e5c8b301bf96c50840f4ab7ce8524b6201a69/yara-rules/zpaq_archives.yar#L1-L14" license_url = "N/A" logic_hash = "348144ee7137def00b37e074507e8148e51d34c484802a56bcd6e090d4628f18" score = 40 @@ -116562,7 +116795,7 @@ rule DELIVRTO_SUSP_Onenote_Repeated_Filedatareference_Feb23 : FILE date = "2023-02-17" modified = "2023-02-17" reference = "https://github.com/delivr-to/detections" - source_url = "https://github.com/delivr-to/detections/blob/d2dcf7e9566e39655994aa0c5f8fb7a94cae2984/yara-rules/onenote_repeated_files.yar#L1-L23" + source_url = "https://github.com/delivr-to/detections/blob/437e5c8b301bf96c50840f4ab7ce8524b6201a69/yara-rules/onenote_repeated_files.yar#L1-L23" license_url = "N/A" logic_hash = "ef74a128de4d3745af856957931eaae0c0ae5a5583eab1a7c58d6dd666e7fd15" score = 60 @@ -116586,7 +116819,7 @@ rule DELIVRTO_SUSP_Onenote_Win_Script_Encoding_Feb23 : FILE date = "2023-02-19" modified = "2023-02-19" reference = "https://github.com/delivr-to/detections" - source_url = "https://github.com/delivr-to/detections/blob/d2dcf7e9566e39655994aa0c5f8fb7a94cae2984/yara-rules/onenote_windows_script_encoding_file.yar#L1-L22" + source_url = "https://github.com/delivr-to/detections/blob/437e5c8b301bf96c50840f4ab7ce8524b6201a69/yara-rules/onenote_windows_script_encoding_file.yar#L1-L22" license_url = "N/A" logic_hash = "b7068f551b3665358f461a076c2d46c82db558d7fa4acb7d3c9c5c2afce31253" score = 60 @@ -116610,7 +116843,7 @@ rule DELIVRTO_SUSP_HTML_WASM_Smuggling date = "2024-02-28" modified = "2024-05-24" reference = "https://github.com/delivr-to/detections" - source_url = "https://github.com/delivr-to/detections/blob/d2dcf7e9566e39655994aa0c5f8fb7a94cae2984/yara-rules/html_wasm.yar#L1-L13" + source_url = "https://github.com/delivr-to/detections/blob/437e5c8b301bf96c50840f4ab7ce8524b6201a69/yara-rules/html_wasm.yar#L1-L13" license_url = "N/A" logic_hash = "4bca88862c28db947c04c40e40fdecc682223d1eb90c98350fbd6c5d8c6c4636" score = 70 @@ -116634,7 +116867,7 @@ rule DELIVRTO_SUSP_PDF_MHT_Activemime_Sept23 : FILE date = "2023-09-04" modified = "2023-09-04" reference = "https://blogs.jpcert.or.jp/en/2023/08/maldocinpdf.html" - source_url = "https://github.com/delivr-to/detections/blob/d2dcf7e9566e39655994aa0c5f8fb7a94cae2984/yara-rules/pdf_mht_activemime.yar#L1-L19" + source_url = "https://github.com/delivr-to/detections/blob/437e5c8b301bf96c50840f4ab7ce8524b6201a69/yara-rules/pdf_mht_activemime.yar#L1-L19" license_url = "N/A" logic_hash = "af1450f649de6daec242f11e3b3c35305d3127fac4ef719a4ddb4edab3ae3651" score = 70 @@ -116659,7 +116892,7 @@ rule DELIVRTO_SUSP_Onenote_RTLO_Character_Feb23 : FILE date = "2023-02-17" modified = "2023-02-17" reference = "https://github.com/delivr-to/detections" - source_url = "https://github.com/delivr-to/detections/blob/d2dcf7e9566e39655994aa0c5f8fb7a94cae2984/yara-rules/onenote_rtlo_filename.yar#L1-L22" + source_url = "https://github.com/delivr-to/detections/blob/437e5c8b301bf96c50840f4ab7ce8524b6201a69/yara-rules/onenote_rtlo_filename.yar#L1-L22" license_url = "N/A" logic_hash = "286bc1ab1f5df0d64634f53cc82357187306c40b063b156f36b602e131262c7a" score = 60 @@ -116678,8 +116911,8 @@ rule DELIVRTO_SUSP_Onenote_RTLO_Character_Feb23 : FILE * YARA Rule Set * Repository Name: ESET * Repository: https://github.com/eset/malware-ioc - * Retrieval Date: 2024-06-30 - * Git Commit: 3d18f6fe36ff39eddc204258096d65263da89de0 + * Retrieval Date: 2024-07-07 + * Git Commit: 16506cf3a507e0efb3296ce5be1fa0d92c5d876c * Number of Rules: 98 * Skipped: 0 (age), 6 (quality), 0 (score), 0 (importance) * @@ -116720,8 +116953,8 @@ private rule ESET_Is_Elf_PRIVATE date = "2016-11-01" modified = "2016-11-01" reference = "https://github.com/eset/malware-ioc" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/moose/linux-moose.yar#L32-L39" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/moose/linux-moose.yar#L32-L39" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "2a3c9a875852cd3ce86d43b9e4a6ba786ecbae1f18bba73a3bef5b7e8ba67a3b" score = 75 quality = 80 @@ -116742,8 +116975,8 @@ private rule ESET_Potaosecondstage_PRIVATE date = "2015-07-30" modified = "2015-07-30" reference = "https://github.com/eset/malware-ioc" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/potao/PotaoNew.yara#L81-L95" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/potao/PotaoNew.yara#L81-L95" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "55f9fc2da09aa9c2e76725985c836f7b8ba5e0b69a9327fb911e8265b340b88c" score = 75 quality = 28 @@ -116769,8 +117002,8 @@ private rule ESET_Potaousb_PRIVATE date = "2015-07-30" modified = "2015-07-30" reference = "https://github.com/eset/malware-ioc" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/potao/PotaoNew.yara#L71-L80" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/potao/PotaoNew.yara#L71-L80" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "8f72afbf3b123ea3914b3eade267bd21f7435fbf9fbde4049ca2600513bb31d9" score = 75 quality = 28 @@ -116793,8 +117026,8 @@ private rule ESET_Potaodll_PRIVATE date = "2015-07-30" modified = "2015-07-30" reference = "https://github.com/eset/malware-ioc" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/potao/PotaoNew.yara#L46-L70" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/potao/PotaoNew.yara#L46-L70" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "1d1154eb10cc70b3252e3ca4a85789e8605f2f3b7044f03ec960fd56ab81886a" score = 75 quality = 28 @@ -116831,8 +117064,8 @@ private rule ESET_Potaodecoy_PRIVATE date = "2015-07-30" modified = "2015-07-30" reference = "https://github.com/eset/malware-ioc" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/potao/PotaoNew.yara#L32-L45" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/potao/PotaoNew.yara#L32-L45" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "93cbe1d1545d1fb85b3218b68619e67a1dda80d5888d2685a04915b861dfce01" score = 75 quality = 28 @@ -116861,8 +117094,8 @@ private rule ESET_Invisimole_Blob_PRIVATE date = "2021-05-17" modified = "2021-05-17" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/invisimole/invisimole.yar#L34-L52" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/invisimole/invisimole.yar#L34-L52" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "8bddaf874da58fbe6362498f8979b511f39531fe2b98d4be8c099bdafb6d0067" score = 75 quality = 80 @@ -116890,8 +117123,8 @@ private rule ESET_Not_Ms_PRIVATE date = "2018-09-05" modified = "2018-09-05" reference = "https://github.com/eset/malware-ioc" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/turla/turla-outlook.yar#L34-L40" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/turla/turla-outlook.yar#L34-L40" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "71f492eaa80bee5e8cc5bec67b2a7fd6f5f71ee2594d9f531043747533c80443" score = 75 quality = 80 @@ -116909,8 +117142,8 @@ private rule ESET_Prikormkaearlyversion_PRIVATE date = "2019-08-28" modified = "2019-08-28" reference = "https://github.com/eset/malware-ioc" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/groundbait/prikormka.yar#L112-L128" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/groundbait/prikormka.yar#L112-L128" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "681c7fb322953da162c10b76e453aa8ace6673720012383e3cd5528b59b42de3" score = 75 quality = 28 @@ -116940,8 +117173,8 @@ private rule ESET_Prikormkamodule_PRIVATE date = "2019-08-28" modified = "2019-08-28" reference = "https://github.com/eset/malware-ioc" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/groundbait/prikormka.yar#L53-L110" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/groundbait/prikormka.yar#L53-L110" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "d5d7f1a46cbf9ff545c0fa840228d19ee7d45307078b4ae0b5a2fdf1c94d2978" score = 75 quality = 26 @@ -116996,8 +117229,8 @@ private rule ESET_Prikormkadropper_PRIVATE date = "2019-08-28" modified = "2019-08-28" reference = "https://github.com/eset/malware-ioc" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/groundbait/prikormka.yar#L33-L51" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/groundbait/prikormka.yar#L33-L51" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "cf524cdf4ffeb5c9280c5c8e7fca524c41e1ce4f9bc46b1fc8cb8b50ea68ec39" score = 75 quality = 28 @@ -117029,8 +117262,8 @@ private rule ESET_IIS_Native_Module_PRIVATE : FILE date = "2021-08-04" modified = "2021-08-04" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/badiis/badiis.yar#L34-L92" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/badiis/badiis.yar#L34-L92" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "5a388dc3253df606e2648d1f9c018e6dde373bbddce66dba69b7aecdd95bac18" score = 75 quality = 55 @@ -117098,8 +117331,8 @@ private rule ESET_Apachemodule_PRIVATE date = "2024-04-27" modified = "2024-04-27" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/windigo/helimod.yar#L3-L30" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/windigo/helimod.yar#L3-L30" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" hash = "e39667aa137e315bc26eaef791ccab52938fd809" logic_hash = "213fe381aa0bf9f148e488f7af74ac63073776c2868e42d2dcca7fdbca55fabb" score = 75 @@ -117123,8 +117356,8 @@ rule ESET_Dino date = "2015-07-14" modified = "2015-08-17" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/animalfarm/animalfarm.yar#L73-L96" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/animalfarm/animalfarm.yar#L73-L96" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "898e527eb8b05050135dee7cbe974100710a1a3a6a5cb8eb03563ee1c0aca01f" score = 75 quality = 80 @@ -117158,8 +117391,8 @@ rule ESET_Richheaders_Lazarus_Nukesped_Iconicpayloads_3CX_Q12023 date = "2023-03-31" modified = "2023-04-19" reference = "https://github.com/eset/malware-ioc" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/nukesped_lazarus/rich_headers_IconicPayloads_3CX.yar#L6-L23" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/nukesped_lazarus/rich_headers_IconicPayloads_3CX.yar#L6-L23" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" hash = "3b88cda62cdd918b62ef5aa8c5a73a46f176d18b" hash = "cad1120d91b812acafef7175f949dd1b09c6c21a" hash = "5b03294b72c0caa5fb20e7817002c600645eb475" @@ -117181,8 +117414,8 @@ rule ESET_Onimiki : LINUX_ONIMIKI date = "2014-02-06" modified = "2014-04-04" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/windigo/windigo-onimiki.yar#L32-L59" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/windigo/windigo-onimiki.yar#L32-L59" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "eac30f5c9a9606d1d0e14c55e0532c54976fbb0d2e4f5cd2d9f719b77e07161a" score = 75 quality = 80 @@ -117217,8 +117450,8 @@ rule ESET_Helimodproxy date = "2024-04-27" modified = "2024-04-27" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/windigo/helimod.yar#L32-L54" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/windigo/helimod.yar#L32-L54" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" hash = "e39667aa137e315bc26eaef791ccab52938fd809" logic_hash = "9e3d57add1042eff41b42f0c8d46ed37af4092d5af4d4b2088b07992a4649bc2" score = 75 @@ -117248,8 +117481,8 @@ rule ESET_Helimodredirect date = "2024-04-27" modified = "2024-04-27" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/windigo/helimod.yar#L56-L79" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/windigo/helimod.yar#L56-L79" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" hash = "e39667aa137e315bc26eaef791ccab52938fd809" logic_hash = "1a85cae7ee354e5d96e88781b4e0a49757016d8b64dfb80c07a13b36bf9091e2" score = 75 @@ -117275,19 +117508,19 @@ rule ESET_Helimodsteal meta: description = "HelimodSteal malicious Apache module" author = "ESET, spol. s r.o." - id = "0c174106-324b-50db-bfce-46cf00df337e" + id = "7b080f21-d6e3-5dda-bfd9-fb9d82fbb98e" date = "2024-04-27" modified = "2024-04-27" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/windigo/helimod.yar#L81-L105" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/windigo/helimod.yar#L81-L105" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" hash = "e39667aa137e315bc26eaef791ccab52938fd809" - logic_hash = "b94999350300f433f69b77042c641906500b155050f4fdc4bb47bde81dd2bb35" + logic_hash = "9c0a5842dc986fec667fc7d7ad9d0c63b89b4a5ec87c9c9b72574ca5b15df928" score = 75 quality = 80 tags = "" license = "BSD 2-Clause" - version = 1 + version = 2 strings: $h1 = "secret\x00%s:%" @@ -117295,7 +117528,7 @@ rule ESET_Helimodsteal $h3 = "mod_security2.c" $s1 = "p0sT5n1F3r" $s2 = "ENGINE_ON" - $s3 = "POST " + $s3 = "POST /" condition: ESET_Apachemodule_PRIVATE and any of ($h*) and any of ($s*) @@ -117311,8 +117544,8 @@ rule ESET_Libkeyutils_With_Ctor date = "2024-02-01" modified = "2024-04-29" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/windigo/ebury.yar#L3-L54" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/windigo/ebury.yar#L3-L54" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" hash = "e7debd6e453192ad8376db5bab03ed0d87566591" logic_hash = "c6172aebc67a05fb044b0450aafcc71c7d1fd2831985587d1a9ad53f59e14214" score = 75 @@ -117338,8 +117571,8 @@ rule ESET_Ebury_V1_7_Crypto date = "2023-08-01" modified = "2024-04-29" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/windigo/ebury.yar#L56-L97" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/windigo/ebury.yar#L56-L97" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" hash = "e7debd6e453192ad8376db5bab03ed0d87566591" logic_hash = "41908951069a472d7528f2f228f3681f008d16a0436e341d339909efc4933e66" score = 75 @@ -117386,8 +117619,8 @@ rule ESET_IIS_Group02 date = "2021-08-04" modified = "2021-08-04" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/badiis/badiis.yar#L134-L155" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/badiis/badiis.yar#L134-L155" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "3fa2b8fed3c580f446b55412a920a5cfed2317b06aa93d059e9f89fdbec8f683" score = 75 quality = 76 @@ -117417,8 +117650,8 @@ rule ESET_IIS_Group03 date = "2021-08-04" modified = "2021-08-04" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/badiis/badiis.yar#L157-L176" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/badiis/badiis.yar#L157-L176" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "d811c2ac610780bf968e86e8fd302cffc9434902e547399d06fdeb30d1719f51" score = 75 quality = 80 @@ -117446,8 +117679,8 @@ rule ESET_IIS_Group04_Rgdoor date = "2021-08-04" modified = "2021-08-04" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/badiis/badiis.yar#L178-L199" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/badiis/badiis.yar#L178-L199" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "be615dc0cc8bf0fd52cc5a88a3759c1cb1cd18703de74d16f5cce3eabccf91c6" score = 75 quality = 80 @@ -117476,8 +117709,8 @@ rule ESET_IIS_Group05_Iistealer date = "2021-08-04" modified = "2021-08-04" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/badiis/badiis.yar#L201-L232" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/badiis/badiis.yar#L201-L232" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "5dff445121fda59df805d6fcb5db3f8f8e52a6e63e2da2a6875f8c9ad9cafc72" score = 75 quality = 80 @@ -117513,8 +117746,8 @@ rule ESET_IIS_Group06_ISN date = "2021-08-04" modified = "2021-08-04" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/badiis/badiis.yar#L234-L259" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/badiis/badiis.yar#L234-L259" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "2f59034a642a9b92fc88922433cd5923be02332159cba5e16d99d9523ed43205" score = 75 quality = 80 @@ -117547,8 +117780,8 @@ rule ESET_IIS_Group07_Iispy date = "2021-08-04" modified = "2021-08-04" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/badiis/badiis.yar#L261-L296" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/badiis/badiis.yar#L261-L296" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "ec5db5f36d06f9b0bdfe598fc72431da35afc1473dcc29f437a0f48ea9835a03" score = 75 quality = 80 @@ -117587,8 +117820,8 @@ rule ESET_IIS_Group08 date = "2021-08-04" modified = "2021-08-04" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/badiis/badiis.yar#L298-L337" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/badiis/badiis.yar#L298-L337" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "d5826d454d25ecbbb5da464da974023a247517d873cf10dc0eafa91e185451da" score = 75 quality = 53 @@ -117635,8 +117868,8 @@ rule ESET_IIS_Group09 date = "2021-08-04" modified = "2021-08-04" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/badiis/badiis.yar#L339-L387" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/badiis/badiis.yar#L339-L387" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "5f89f9488221b8db8d493b3c23b7f5edd957c15511148eca890558886c128192" score = 75 quality = 76 @@ -117691,8 +117924,8 @@ rule ESET_IIS_Group10 date = "2021-08-04" modified = "2021-08-04" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/badiis/badiis.yar#L389-L423" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/badiis/badiis.yar#L389-L423" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "48701168d7da726222227ef757f1a4005a49c0bf300123319ce03db09445b3ef" score = 75 quality = 80 @@ -117734,8 +117967,8 @@ rule ESET_IIS_Group11 date = "2021-08-04" modified = "2021-08-04" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/badiis/badiis.yar#L425-L455" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/badiis/badiis.yar#L425-L455" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "a67b6b49b5fc2c7f260c06201c59478f5472de63091c510af82d526c410abb0c" score = 75 quality = 80 @@ -117766,8 +117999,8 @@ rule ESET_IIS_Group12 date = "2021-08-04" modified = "2021-08-04" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/badiis/badiis.yar#L457-L495" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/badiis/badiis.yar#L457-L495" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "8da03328e3702aff8ea5de77fc220f326030c31972d27c0bd9b5918dca550aba" score = 75 quality = 78 @@ -117812,8 +118045,8 @@ rule ESET_IIS_Group13_Iiserpent date = "2021-08-04" modified = "2021-08-04" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/badiis/badiis.yar#L497-L523" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/badiis/badiis.yar#L497-L523" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "7077b842c53ee1581ad4150cdfaac3502bfc0fbd3b823190ad648e09f36e442d" score = 75 quality = 80 @@ -117848,8 +118081,8 @@ rule ESET_IIS_Group14 date = "2021-08-04" modified = "2021-08-04" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/badiis/badiis.yar#L525-L552" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/badiis/badiis.yar#L525-L552" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "ef10a4dfb1a9164533677416a7c9ada715ce10bfc1e5f92b56cf54bd890d4575" score = 75 quality = 80 @@ -117881,8 +118114,8 @@ rule ESET_Prikormka date = "2016-05-10" modified = "2019-08-28" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/groundbait/prikormka.yar#L130-L141" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/groundbait/prikormka.yar#L130-L141" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "f64195e680fbaefedba248aa15b37ed30ba72f42958cc48963a140165e951bff" score = 75 quality = 80 @@ -117906,8 +118139,8 @@ rule ESET_Beds_Plugin date = "2017-07-17" modified = "2017-07-20" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/stantinko/stantinko.yar#L34-L51" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/stantinko/stantinko.yar#L34-L51" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "024cb91288f133e4cdf5993ac0477de6de76d38fa06f7affa348c6a28a4600da" score = 75 quality = 80 @@ -117931,8 +118164,8 @@ rule ESET_Beds_Dropper date = "2017-07-17" modified = "2017-07-20" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/stantinko/stantinko.yar#L53-L67" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/stantinko/stantinko.yar#L53-L67" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "4b5d121e182e3fddd766a7a1227c5de273995e9336156e7a6e8a17faad681bea" score = 75 quality = 80 @@ -117956,8 +118189,8 @@ rule ESET_Facebook_Bot : FILE date = "2017-07-17" modified = "2017-07-20" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/stantinko/stantinko.yar#L69-L100" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/stantinko/stantinko.yar#L69-L100" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "8ea779f90fa6080398403e3e6f9d342360c35e93c756ed43cb699f090106504e" score = 75 quality = 55 @@ -117998,8 +118231,8 @@ rule ESET_Pds_Plugins : FILE date = "2017-07-17" modified = "2017-07-20" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/stantinko/stantinko.yar#L102-L130" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/stantinko/stantinko.yar#L102-L130" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "26bbd380b72fb45206178639d67c8737b9984b140ba1048432949e159946c847" score = 75 quality = 80 @@ -118038,8 +118271,8 @@ rule ESET_Stantinko_Pdb date = "2017-07-17" modified = "2017-07-20" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/stantinko/stantinko.yar#L132-L148" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/stantinko/stantinko.yar#L132-L148" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "902c0ee086ce1a8def831d2f30c868165198c6c304faac3a93116a524f8e2fbf" score = 75 quality = 80 @@ -118066,8 +118299,8 @@ rule ESET_Stantinko_Droppers : FILE date = "2017-07-17" modified = "2017-07-20" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/stantinko/stantinko.yar#L150-L170" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/stantinko/stantinko.yar#L150-L170" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "c56fc85834a3e1bb1c14da37fb509c7de3009bf81d52800fe0093dc489f6deaa" score = 75 quality = 80 @@ -118095,8 +118328,8 @@ rule ESET_Stantinko_D3D date = "2017-07-17" modified = "2017-07-20" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/stantinko/stantinko.yar#L172-L187" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/stantinko/stantinko.yar#L172-L187" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "4e8da3f11df15e4aa469db62961ae390c4c4df2a5335eec0bdab19b14cc8343d" score = 75 quality = 80 @@ -118120,8 +118353,8 @@ rule ESET_Stantinko_Ihctrl32 date = "2017-07-17" modified = "2017-07-20" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/stantinko/stantinko.yar#L189-L209" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/stantinko/stantinko.yar#L189-L209" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "1829e08fb2289f738d0e75ad9977169e9a94379da764b1766f23fa47e8bc2543" score = 75 quality = 80 @@ -118152,8 +118385,8 @@ rule ESET_Stantinko_Wsaudio date = "2017-07-17" modified = "2017-07-20" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/stantinko/stantinko.yar#L211-L233" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/stantinko/stantinko.yar#L211-L233" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "45d92f1475f316ba50a9a4a3dd519d1186ed16c68bd2debe326736a1e3154562" score = 75 quality = 80 @@ -118183,8 +118416,8 @@ rule ESET_Stantinko_Ghstore date = "2017-07-17" modified = "2017-07-20" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/stantinko/stantinko.yar#L235-L255" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/stantinko/stantinko.yar#L235-L255" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "e5628d6ffb2d3684264b3a88c4d7b5d2ce8983aa22badf5839ccb8ba2e3ef2d4" score = 75 quality = 80 @@ -118215,8 +118448,8 @@ rule ESET_Gazer_Certificate_Subject date = "2017-08-30" modified = "2017-08-29" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/turla/gazer.yar#L33-L46" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/turla/gazer.yar#L33-L46" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "6e870c9cdcee33769162de62ea143ff401af50b22a63d2f212c44d06f5771dec" score = 75 quality = 80 @@ -118238,8 +118471,8 @@ rule ESET_Gazer_Certificate : FILE date = "2017-08-30" modified = "2017-08-29" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/turla/gazer.yar#L48-L65" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/turla/gazer.yar#L48-L65" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "eb3afbaefd23d4fc6ded494d3378dc910a0832b160e733ab79c590128dd74cea" score = 75 quality = 80 @@ -118265,8 +118498,8 @@ rule ESET_Gazer_Logfile_Name : FILE date = "2017-08-30" modified = "2017-08-29" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/turla/gazer.yar#L67-L85" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/turla/gazer.yar#L67-L85" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "b50553f4b4b07f124e5bd390e7dc8ac6b60a8ef185f3bc227894f957d6483478" score = 75 quality = 80 @@ -118293,8 +118526,8 @@ rule ESET_Turla_Outlook_Gen date = "2018-05-09" modified = "2018-09-05" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/turla/turla-outlook.yar#L42-L74" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/turla/turla-outlook.yar#L42-L74" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "f709e517e9d957775601670c426cc9def1c4104cb1ff647d269800d2af4372c7" score = 75 quality = 78 @@ -118338,8 +118571,8 @@ rule ESET_Turla_Outlook_Filenames date = "2018-08-22" modified = "2018-09-05" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/turla/turla-outlook.yar#L76-L91" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/turla/turla-outlook.yar#L76-L91" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "3be86c9325de6634c032321beed131fdf1e1952afcb43258fb202d0097610501" score = 75 quality = 80 @@ -118366,8 +118599,8 @@ rule ESET_Turla_Outlook_Log date = "2018-08-22" modified = "2018-09-05" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/turla/turla-outlook.yar#L93-L107" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/turla/turla-outlook.yar#L93-L107" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "e7dc00c33a643c0940aaea2096d099192b27df3c81c518f1dc2b3d45a0a74312" score = 75 quality = 80 @@ -118392,8 +118625,8 @@ rule ESET_Turla_Outlook_Exports date = "2018-08-22" modified = "2018-09-05" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/turla/turla-outlook.yar#L109-L125" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/turla/turla-outlook.yar#L109-L125" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "a961fdb43ea1e99b308f55b8f5e264b1f3fa817eaf463d512e2ad8b98a18ee99" score = 75 quality = 80 @@ -118415,8 +118648,8 @@ rule ESET_Generic_Carbon : FILE date = "2017-03-30" modified = "2017-03-30" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/turla/carbon.yar#L33-L51" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/turla/carbon.yar#L33-L51" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "6481ccafb7c7c78bc52d01881cb96f3aa6209fdd35e090bdc9d5f5105b4e38ea" score = 75 quality = 80 @@ -118443,8 +118676,8 @@ rule ESET_Carbon_Metadata date = "2017-03-30" modified = "2017-03-30" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/turla/carbon.yar#L53-L69" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/turla/carbon.yar#L53-L69" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "81b59e9566f3b3356acf12dadb80abdcbee28e0b1a9efead66fcb95bf6fc1aa5" score = 75 quality = 80 @@ -118466,8 +118699,8 @@ rule ESET_Apt_Windows_Invisimole_Logs : FILE date = "2021-05-17" modified = "2021-05-17" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/invisimole/invisimole.yar#L54-L77" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/invisimole/invisimole.yar#L54-L77" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "d42423ccc768f1823c76d5cb2aec26434c796fc35bd4e2fbf435fcf7997d3ff0" score = 75 quality = 80 @@ -118489,8 +118722,8 @@ rule ESET_Apt_Windows_Invisimole_SFX_Dropper : FILE date = "2021-05-17" modified = "2021-05-17" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/invisimole/invisimole.yar#L79-L95" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/invisimole/invisimole.yar#L79-L95" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "6ca248d42c1e889988e5931d80df071cb20e623fb0c4a208044cabe073f71ce4" score = 75 quality = 80 @@ -118515,8 +118748,8 @@ rule ESET_Apt_Windows_Invisimole_CPL_Loader : FILE date = "2021-05-17" modified = "2021-05-17" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/invisimole/invisimole.yar#L97-L118" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/invisimole/invisimole.yar#L97-L118" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "cd5c19e14faa7fd3758b30193ccf2bed3692ad29d8216466523ca25d2abcfe88" score = 75 quality = 80 @@ -118547,8 +118780,8 @@ rule ESET_Apt_Windows_Invisimole_Wrapper_DLL date = "2021-05-17" modified = "2021-05-17" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/invisimole/invisimole.yar#L120-L138" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/invisimole/invisimole.yar#L120-L138" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "156bc5bc7b0ed5c77a5a15e7799a3077d40150896476a60935cf21a9afe36856" score = 75 quality = 80 @@ -118570,8 +118803,8 @@ rule ESET_Apt_Windows_Invisimole_DNS_Downloader : FILE date = "2021-05-17" modified = "2021-05-17" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/invisimole/invisimole.yar#L140-L170" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/invisimole/invisimole.yar#L140-L170" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "88d6ed7ec1331153d19afc18473a4be2b214ad8af29fcf7051a2a8e40e088231" score = 75 quality = 80 @@ -118609,8 +118842,8 @@ rule ESET_Apt_Windows_Invisimole_RC2CL_Backdoor : FILE date = "2021-05-17" modified = "2021-05-17" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/invisimole/invisimole.yar#L172-L213" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/invisimole/invisimole.yar#L172-L213" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "c38550023515d33eaaf0669cc8b874bcfd09653a07c7edbf72e3344d1cf31541" score = 75 quality = 78 @@ -118656,8 +118889,8 @@ rule ESET_Apt_Windows_Invisimole : FILE date = "2021-05-17" modified = "2021-05-17" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/invisimole/invisimole.yar#L215-L255" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/invisimole/invisimole.yar#L215-L255" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "7a2cff9febe77d718089ba4e1a33f3487594588892e418cec685bf22b156fa2b" score = 75 quality = 80 @@ -118690,8 +118923,8 @@ rule ESET_Apt_Windows_Invisimole_C2 : FILE date = "2021-05-17" modified = "2021-05-17" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/invisimole/invisimole.yar#L257-L297" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/invisimole/invisimole.yar#L257-L297" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "aff8456ce7a9ebe875c02e51c09b77ee7b1fddfc11d4ad236e12c8c5240a01a8" score = 75 quality = 78 @@ -118740,8 +118973,8 @@ rule ESET_Apt_Windows_TA410_Tendyron_Dropper date = "2020-12-09" modified = "2022-04-27" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/ta410/ta410.yar#L34-L53" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/ta410/ta410.yar#L34-L53" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "45f7300a4b85624ad3fda5c73a24f53f53cb7990def4d84e04dcd8e5747f4f2e" score = 75 quality = 80 @@ -118771,8 +119004,8 @@ rule ESET_Apt_Windows_TA410_Tendyron_Installer date = "2020-12-09" modified = "2022-04-27" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/ta410/ta410.yar#L55-L73" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/ta410/ta410.yar#L55-L73" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "9c3afb924747614f27c31cf2c3d98f4932a9d11597a3ac94263bf93be02801da" score = 75 quality = 80 @@ -118801,8 +119034,8 @@ rule ESET_Apt_Windows_TA410_Tendyron_Downloader date = "2020-12-09" modified = "2022-04-27" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/ta410/ta410.yar#L75-L107" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/ta410/ta410.yar#L75-L107" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "16030a78ae9af8783f5913644294ceff861c8264ead8ca99435032be6d7949ef" score = 75 quality = 80 @@ -118836,8 +119069,8 @@ rule ESET_Apt_Windows_TA410_X4_Strings date = "2020-10-09" modified = "2022-04-27" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/ta410/ta410.yar#L109-L125" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/ta410/ta410.yar#L109-L125" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "d4b2321a6d0eb0ca8d7c47596af2a45c22b3aef15d1832d64d6588a62cab312a" score = 75 quality = 74 @@ -118864,8 +119097,8 @@ rule ESET_Apt_Windows_TA410_X4_Hash_Values : FILE date = "2020-10-09" modified = "2022-04-27" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/ta410/ta410.yar#L127-L149" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/ta410/ta410.yar#L127-L149" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "bcf3891ff888ca99af9aa0e239b29241ae819022607fb829c5731267add308ea" score = 75 quality = 80 @@ -118897,8 +119130,8 @@ rule ESET_Apt_Windows_TA410_X4_Hash_Fct : FILE date = "2020-10-09" modified = "2022-04-27" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/ta410/ta410.yar#L151-L187" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/ta410/ta410.yar#L151-L187" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "3b2d44cb7685a99e9aeb08f886f6876d43ee99d1e52e40705c3fa97ce3bfa9a0" score = 75 quality = 80 @@ -118932,8 +119165,8 @@ rule ESET_Apt_Windows_TA410_Lookback_Decryption : FILE date = "2021-10-12" modified = "2022-04-27" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/ta410/ta410.yar#L189-L254" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/ta410/ta410.yar#L189-L254" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "016dca6be654fcd193acc481e6a998efbb77e7ebd09b26614422be1136dd02c0" score = 75 quality = 80 @@ -119009,8 +119242,8 @@ rule ESET_Apt_Windows_TA410_Lookback_Loader : FILE date = "2021-10-12" modified = "2022-04-27" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/ta410/ta410.yar#L256-L309" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/ta410/ta410.yar#L256-L309" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "98390dd664227ad747e5572771d12e7ebd2475d26db27e85508347ac6f44f3bf" score = 75 quality = 80 @@ -119074,8 +119307,8 @@ rule ESET_Apt_Windows_TA410_Lookback_Strings : FILE date = "2021-10-12" modified = "2022-04-27" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/ta410/ta410.yar#L311-L331" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/ta410/ta410.yar#L311-L331" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "d17ed604e3691c20fe489f95197b7b802ec951ed13d538fa6643449485b326b2" score = 75 quality = 80 @@ -119105,8 +119338,8 @@ rule ESET_Apt_Windows_TA410_Lookback_HTTP : FILE date = "2021-10-12" modified = "2022-04-27" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/ta410/ta410.yar#L333-L349" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/ta410/ta410.yar#L333-L349" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "0e777f56136cd11d62abdf4f120410d5fe9cd522cfc06afbf085414a96279bf7" score = 75 quality = 80 @@ -119132,8 +119365,8 @@ rule ESET_Apt_Windows_TA410_Lookback_Magic : FILE date = "2021-10-12" modified = "2022-04-27" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/ta410/ta410.yar#L351-L377" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/ta410/ta410.yar#L351-L377" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "442a08a77fd2db03e507c0d5a32b17ab4e5936a209f7af23ef3c33a4b9f3d0d5" score = 75 quality = 80 @@ -119169,8 +119402,8 @@ rule ESET_Apt_Windows_TA410_Flowcloud_Loader_Strings : FILE date = "2021-10-12" modified = "2022-04-27" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/ta410/ta410.yar#L379-L415" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/ta410/ta410.yar#L379-L415" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "3c90723e009ffe2603910566ac52a324256676ee3ff128d94427681010e10e8b" score = 75 quality = 78 @@ -119213,11 +119446,11 @@ rule ESET_Apt_Windows_TA410_Flowcloud_Header_Decryption : FILE description = "Matches the function used to decrypt resources headers in TA410 FlowCloud" author = "ESET Research" id = "403c1845-bc25-5a49-8553-8a0be18d6970" - date = "2024-01-30" + date = "2024-01-07" modified = "2022-04-27" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/ta410/ta410.yar#L417-L496" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/ta410/ta410.yar#L417-L496" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "74b6c42bf2de159b2b0a15637e6bd94069367e3000c887714d6e3b50aa3646be" score = 75 quality = 80 @@ -119273,8 +119506,8 @@ rule ESET_Apt_Windows_TA410_Flowcloud_Dll_Hijacking_Strings : FILE date = "2021-10-12" modified = "2022-04-27" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/ta410/ta410.yar#L498-L517" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/ta410/ta410.yar#L498-L517" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "e8082d4216364a12ba395f772b5caed94b3068d26a2b3a97ef711d61a82f65b3" score = 75 quality = 80 @@ -119304,8 +119537,8 @@ rule ESET_Apt_Windows_TA410_Flowcloud_Malicious_Dll_Antianalysis : FILE date = "2021-10-12" modified = "2022-04-27" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/ta410/ta410.yar#L519-L552" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/ta410/ta410.yar#L519-L552" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "8f14352118d32a43c17f70bd753acc48bd314965f10ab97818e8a434bbda96d9" score = 75 quality = 80 @@ -119339,8 +119572,8 @@ rule ESET_Apt_Windows_TA410_Flowcloud_Pdb : FILE date = "2021-10-12" modified = "2022-04-27" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/ta410/ta410.yar#L554-L567" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/ta410/ta410.yar#L554-L567" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "ff95ab0f8e68efe612a6e0d70cebd8bf815d6b5e3877c098ac0761382dc310d6" score = 75 quality = 80 @@ -119362,8 +119595,8 @@ rule ESET_Apt_Windows_TA410_Flowcloud_Shellcode_Decryption : FILE date = "2021-10-12" modified = "2022-04-27" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/ta410/ta410.yar#L569-L615" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/ta410/ta410.yar#L569-L615" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "939ffe6a41c957aa5d6c012484b2deab49a5e71a4b7e203a41c180f872803921" score = 75 quality = 80 @@ -119403,8 +119636,8 @@ rule ESET_Apt_Windows_TA410_Flowcloud_Fcclient_Strings : FILE date = "2021-10-12" modified = "2022-04-27" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/ta410/ta410.yar#L617-L639" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/ta410/ta410.yar#L617-L639" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "c05b7031a5aec1bcf29eca06c010c402edeb24a093a2043dbc21781dff22c7fe" score = 75 quality = 80 @@ -119436,8 +119669,8 @@ rule ESET_Apt_Windows_TA410_Flowcloud_Fcclientdll_Strings : FILE date = "2021-10-12" modified = "2022-04-27" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/ta410/ta410.yar#L641-L669" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/ta410/ta410.yar#L641-L669" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "3a93f58cf14b57a96157077ec14aa6fb181e3da80f4ba46c0379a58b67c08a0e" score = 75 quality = 80 @@ -119475,8 +119708,8 @@ rule ESET_Apt_Windows_TA410_Rootkit_Strings : FILE date = "2021-10-12" modified = "2022-04-27" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/ta410/ta410.yar#L671-L697" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/ta410/ta410.yar#L671-L697" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "1d3ad63508c5e4bca32b9a44b738cb4a7384ccfa5704ce329260adb342ea4e60" score = 75 quality = 80 @@ -119512,8 +119745,8 @@ rule ESET_Apt_Windows_TA410_Flowcloud_V5_Resources : FILE date = "2021-10-12" modified = "2022-04-27" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/ta410/ta410.yar#L699-L720" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/ta410/ta410.yar#L699-L720" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "58f75dda53c6d4b3d88f464c452d855ac6dc88add5f4fba2641f52e7a1ae00ed" score = 75 quality = 80 @@ -119535,8 +119768,8 @@ rule ESET_Apt_Windows_TA410_Flowcloud_V4_Resources : FILE date = "2021-10-12" modified = "2022-04-27" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/ta410/ta410.yar#L722-L741" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/ta410/ta410.yar#L722-L741" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "7b475cfddb5f995f7e8e3293b8e6ae59a9e36143998bc444499b5dce467f8e9d" score = 75 quality = 80 @@ -119556,8 +119789,8 @@ rule ESET_Potao date = "2015-07-29" modified = "2015-07-30" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/potao/PotaoNew.yara#L96-L108" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/potao/PotaoNew.yara#L96-L108" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "c68addb14f7c22cec0c4d58bfffd373b2e3eb5c53a5b65532c84574e073fcbba" score = 75 quality = 80 @@ -119579,8 +119812,8 @@ rule ESET_Kobalos date = "2020-11-02" modified = "2021-02-01" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/kobalos/kobalos.yar#L32-L56" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/kobalos/kobalos.yar#L32-L56" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "9161d22f9fbb1700dc3121e32104240e34512cb280aaf950aec61513f89061ef" score = 75 quality = 80 @@ -119611,8 +119844,8 @@ rule ESET_Kobalos_Ssh_Credential_Stealer date = "2020-11-02" modified = "2021-02-01" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/kobalos/kobalos.yar#L58-L73" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/kobalos/kobalos.yar#L58-L73" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "be238f5c2cc976a5638584a8c0fc580f2076735aadfe374e8d4162ba723bce10" score = 75 quality = 80 @@ -119635,8 +119868,8 @@ rule ESET_Keydnap_Downloader date = "2016-07-06" modified = "2016-07-06" reference = "http://www.welivesecurity.com/2016/07/06/new-osxkeydnap-malware-is-hungry-for-credentials" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/keydnap/keydnap.yar#L33-L49" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/keydnap/keydnap.yar#L33-L49" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "71c8885193a92fa9c71055c37e629a54d50070cf6820b9216a824ecc4db2ce3c" score = 75 quality = 80 @@ -119660,8 +119893,8 @@ rule ESET_Keydnap_Backdoor_Packer date = "2016-07-06" modified = "2016-07-06" reference = "http://www.welivesecurity.com/2016/07/06/new-osxkeydnap-malware-is-hungry-for-credentials" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/keydnap/keydnap.yar#L51-L67" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/keydnap/keydnap.yar#L51-L67" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "b1740bf38376be81d3b42306c2ce81f578c0b5c9db804f063836bf98f57ed147" score = 75 quality = 80 @@ -119685,8 +119918,8 @@ rule ESET_Keydnap_Backdoor date = "2016-07-06" modified = "2016-07-06" reference = "http://www.welivesecurity.com/2016/07/06/new-osxkeydnap-malware-is-hungry-for-credentials" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/keydnap/keydnap.yar#L69-L86" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/keydnap/keydnap.yar#L69-L86" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "fa209577a562ef9088d3ad3df3fbc0edda96f09d19177842f0ddea42c658f530" score = 75 quality = 80 @@ -119712,8 +119945,8 @@ rule ESET_Mozi_Killswitch : FILE date = "2023-09-29" modified = "2023-10-31" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/mozi/mozi.yar#L32-L51" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/mozi/mozi.yar#L32-L51" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "90eaed2f7f5595b145b2678a46ef6179082192215369fa9235024b0ce1574a49" score = 75 quality = 80 @@ -119739,8 +119972,8 @@ rule ESET_Mumblehard_Packer date = "2015-04-07" modified = "2015-05-01" reference = "http://www.welivesecurity.com" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/mumblehard/mumblehard_packer.yar#L32-L47" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/mumblehard/mumblehard_packer.yar#L32-L47" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "a04f50a7054c4ce8ad9be4e7f3373ad4f36eb9443e223601974e852c25603f5f" score = 75 quality = 80 @@ -119766,8 +119999,8 @@ rule ESET_Sparklinggoblin_Chacha20Loader_Richheader date = "2021-03-30" modified = "2021-08-26" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/sparklinggoblin/SparklingGoblin.yar#L33-L57" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/sparklinggoblin/SparklingGoblin.yar#L33-L57" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" hash = "09ffe37a54bc4ebebd8d56098e4c76232f35d821" hash = "29b147b76bb0d9e09f7297487cb972e6a2905586" hash = "33f2c3de2457b758fc5824a2b253ad7c7c2e9e37" @@ -119795,8 +120028,8 @@ rule ESET_Sparklinggoblin_Chacha20 : FILE date = "2021-05-20" modified = "2021-08-26" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/sparklinggoblin/SparklingGoblin.yar#L59-L368" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/sparklinggoblin/SparklingGoblin.yar#L59-L368" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" hash = "2edbea43f5c40c867e5b6bbd93cc972525df598b" hash = "b6d245d3d49b06645c0578804064ce0c072cbe0f" hash = "8be6d5f040d0085c62b1459afc627707b0de89cf" @@ -120108,8 +120341,8 @@ rule ESET_Sparklinggoblin_Etweventwrite date = "2021-05-20" modified = "2021-08-26" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/sparklinggoblin/SparklingGoblin.yar#L370-L463" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/sparklinggoblin/SparklingGoblin.yar#L370-L463" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" hash = "2edbea43f5c40c867e5b6bbd93cc972525df598b" hash = "b6d245d3d49b06645c0578804064ce0c072cbe0f" hash = "8be6d5f040d0085c62b1459afc627707b0de89cf" @@ -120206,8 +120439,8 @@ rule ESET_Sparklinggoblin_Mutex date = "2021-05-20" modified = "2021-08-26" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/sparklinggoblin/SparklingGoblin.yar#L465-L489" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/sparklinggoblin/SparklingGoblin.yar#L465-L489" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" hash = "2edbea43f5c40c867e5b6bbd93cc972525df598b" hash = "b6d245d3d49b06645c0578804064ce0c072cbe0f" hash = "8be6d5f040d0085c62b1459afc627707b0de89cf" @@ -120236,8 +120469,8 @@ rule ESET_Linux_Rakos date = "2016-12-13" modified = "2016-12-19" reference = "http://www.welivesecurity.com/2016/12/20/new-linuxrakos-threat-devices-servers-ssh-scan/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/rakos/rakos.yar#L33-L53" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/rakos/rakos.yar#L33-L53" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "79a02ada56bf75c5f178b58822eb905977cace3483453ea8cf4dfc32f6b6c30d" score = 75 quality = 80 @@ -120264,8 +120497,8 @@ rule ESET_Moose_1 date = "2015-04-21" modified = "2016-11-01" reference = "https://github.com/eset/malware-ioc/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/moose/linux-moose.yar#L41-L76" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/moose/linux-moose.yar#L41-L76" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "8bedac80a1f754ce56294ba9786b62a002aacd074f756724401efc61def127e6" score = 75 quality = 30 @@ -120309,8 +120542,8 @@ rule ESET_Moose_2 date = "2016-10-02" modified = "2016-11-01" reference = "http://www.welivesecurity.com/2016/11/02/linuxmoose-still-breathing/" - source_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/moose/linux-moose.yar#L78-L110" - license_url = "https://github.com/eset/malware-ioc/blob/3d18f6fe36ff39eddc204258096d65263da89de0/LICENSE" + source_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/moose/linux-moose.yar#L78-L110" + license_url = "https://github.com/eset/malware-ioc/blob/16506cf3a507e0efb3296ce5be1fa0d92c5d876c/LICENSE" logic_hash = "3f50d2d81d4c27e44d93804adcf93971017767ed0e020447cdb343931c2fbc43" score = 75 quality = 80 @@ -120347,7 +120580,7 @@ rule ESET_Moose_2 * YARA Rule Set * Repository Name: FireEye-RT * Repository: https://github.com/mandiant/red_team_tool_countermeasures/ - * Retrieval Date: 2024-06-30 + * Retrieval Date: 2024-07-07 * Git Commit: 3561b71724dbfa3e2bb78106aaa2d7f8b892c43b * Number of Rules: 168 * Skipped: 0 (age), 4 (quality), 0 (score), 0 (importance) @@ -125083,7 +125316,7 @@ rule FIREEYE_RT_Hacktool_MSIL_GETDOMAINPASSWORDPOLICY_1 : FILE * YARA Rule Set * Repository Name: GCTI * Repository: https://github.com/chronicle/GCTI - * Retrieval Date: 2024-06-30 + * Retrieval Date: 2024-07-07 * Git Commit: 1c5fd42b1895098527fde00c2d9757edf6b303bb * Number of Rules: 90 * Skipped: 0 (age), 1 (quality), 0 (score), 0 (importance) @@ -128300,7 +128533,7 @@ rule GCTI_Sliver_Implant_32Bit * YARA Rule Set * Repository Name: Malpedia * Repository: https://github.com/malpedia/signator-rules/ - * Retrieval Date: 2024-06-30 + * Retrieval Date: 2024-07-07 * Git Commit: fbacfc09b84d53d410385e66a8e56f25016c588a * Number of Rules: 1382 * Skipped: 0 (age), 15 (quality), 0 (score), 0 (importance) @@ -185778,7 +186011,7 @@ rule MALPEDIA_Win_Getmail_Auto : FILE * YARA Rule Set * Repository Name: Trellix ARC * Repository: https://github.com/advanced-threat-research/Yara-Rules/ - * Retrieval Date: 2024-06-30 + * Retrieval Date: 2024-07-07 * Git Commit: fc51a3fe3b450838614a5a5aa327c6bd8689cbb2 * Number of Rules: 162 * Skipped: 0 (age), 5 (quality), 0 (score), 0 (importance) @@ -188641,7 +188874,7 @@ rule TRELLIX_ARC_Sodinokobi : RANSOMWARE description = "This rule detect Sodinokobi Ransomware in memory in old samples and perhaps future." author = "McAfee ATR team" id = "dd05ce31-9699-50a9-944c-5883340791af" - date = "2024-06-01" + date = "2024-07-01" modified = "2020-08-14" reference = "https://github.com/advanced-threat-research/Yara-Rules/" source_url = "https://github.com/advanced-threat-research/Yara-Rules//blob/fc51a3fe3b450838614a5a5aa327c6bd8689cbb2/ransomware/RANSOM_Sodinokibi.yar#L33-L54" @@ -189388,7 +189621,7 @@ rule TRELLIX_ARC_Cryptonar_Ransomware : RANSOMWARE FILE description = "Rule to detect CryptoNar Ransomware" author = "Marc Rivero | McAfee ATR Team" id = "0911250f-fc1f-58bc-ac09-d77d2a2ed3ce" - date = "2024-06-01" + date = "2024-07-01" modified = "2020-08-14" reference = "https://www.bleepingcomputer.com/news/security/cryptonar-ransomware-discovered-and-quickly-decrypted/" source_url = "https://github.com/advanced-threat-research/Yara-Rules//blob/fc51a3fe3b450838614a5a5aa327c6bd8689cbb2/ransomware/RANSOM_CryptoNar.yar#L1-L36" @@ -189632,7 +189865,7 @@ rule TRELLIX_ARC_Badrabbit_Ransomware : RANSOMWARE FILE description = "Rule to detect Bad Rabbit Ransomware" author = "Marc Rivero | McAfee ATR Team" id = "d6e78c14-0913-5eed-be15-a6d1a8cd1a8d" - date = "2024-06-01" + date = "2024-07-01" modified = "2020-08-14" reference = "https://securelist.com/bad-rabbit-ransomware/82851/" source_url = "https://github.com/advanced-threat-research/Yara-Rules//blob/fc51a3fe3b450838614a5a5aa327c6bd8689cbb2/ransomware/RANSOM_BadRabbit.yar#L49-L101" @@ -189972,7 +190205,7 @@ rule TRELLIX_ARC_Megacortex_Signed : RANSOMWARE FILE description = "Rule to detect MegaCortex samples digitally signed" author = "Marc Rivero | McAfee ATR Team" id = "78a74e30-4de0-5e63-8ca5-31251c296f98" - date = "2024-06-01" + date = "2024-07-01" modified = "2020-08-14" reference = "https://blog.malwarebytes.com/detections/ransom-megacortex/" source_url = "https://github.com/advanced-threat-research/Yara-Rules//blob/fc51a3fe3b450838614a5a5aa327c6bd8689cbb2/ransomware/RANSOM_MegaCortex.yar#L3-L26" @@ -190270,7 +190503,7 @@ rule TRELLIX_ARC_Ransom_Black_Kingdom : RANSOMWARE FILE description = "Rule to detect Black Kingdom ransomware that is spread using the latest Exchange vulns" author = "McAfee ATR" id = "c38e6dbf-7fb9-52f0-acd0-f824647b6041" - date = "2024-06-01" + date = "2024-07-01" modified = "2021-04-06" reference = "https://github.com/advanced-threat-research/Yara-Rules/" source_url = "https://github.com/advanced-threat-research/Yara-Rules//blob/fc51a3fe3b450838614a5a5aa327c6bd8689cbb2/ransomware/ransom_BlackKingDom.yar#L3-L49" @@ -190586,7 +190819,7 @@ rule TRELLIX_ARC_Malw_Eicar : EICAR description = "Rule to detect the EICAR pattern" author = "Marc Rivero | McAfee ATR Team" id = "16307b03-7fab-5d68-ad3b-0efcea952fcf" - date = "2024-06-01" + date = "2024-07-01" modified = "2020-08-14" reference = "https://www.eicar.org/" source_url = "https://github.com/advanced-threat-research/Yara-Rules//blob/fc51a3fe3b450838614a5a5aa327c6bd8689cbb2/malware/MALW_Eicar.yar#L1-L22" @@ -190693,7 +190926,7 @@ rule TRELLIX_ARC_Nionspy : FILEINFECTOR FILE description = "Triggers on old and new variants of W32/NionSpy file infector" author = "Trellix ARC Team" id = "86051ef8-a18b-553c-b06c-490f8d6df5cf" - date = "2024-06-01" + date = "2024-07-01" modified = "2020-08-14" reference = "https://blogs.mcafee.com/mcafee-labs/taking-a-close-look-at-data-stealing-nionspy-file-infector" source_url = "https://github.com/advanced-threat-research/Yara-Rules//blob/fc51a3fe3b450838614a5a5aa327c6bd8689cbb2/malware/MALW_NionSpy.yar#L1-L25" @@ -190935,7 +191168,7 @@ rule TRELLIX_ARC_Rietspoof_Loader : RANSOMWARE FILE description = "Rule to detect the Rietspoof loader" author = "Marc Rivero | McAfee ATR Team" id = "f306e381-e2ae-528e-937b-aced72356d77" - date = "2024-06-01" + date = "2024-07-01" modified = "2020-08-14" reference = "https://blog.avast.com/rietspoof-malware-increases-activity" source_url = "https://github.com/advanced-threat-research/Yara-Rules//blob/fc51a3fe3b450838614a5a5aa327c6bd8689cbb2/malware/MALW_rietspoof_loader.yar#L1-L22" @@ -191304,7 +191537,7 @@ rule TRELLIX_ARC_Shifu : FINANCIAL description = "No description has been set in the source file - Trellix ARC" author = "McAfee Labs" id = "81e9ad25-1df0-5196-be8b-1d1d5d8e4387" - date = "2024-06-01" + date = "2024-07-01" modified = "2020-08-14" reference = "https://blogs.mcafee.com/mcafee-labs/japanese-banking-trojan-shifu-combines-malware-tools/" source_url = "https://github.com/advanced-threat-research/Yara-Rules//blob/fc51a3fe3b450838614a5a5aa327c6bd8689cbb2/malware/MALW_Shifu.yar#L1-L24" @@ -191458,7 +191691,7 @@ rule TRELLIX_ARC_Msworldexploit_Builder_Doc : MALDOC FILE description = "Rule to detect RTF/Docs files created by MsWordExploit Builder" author = "Marc Rivero | McAfee ATR Team" id = "6c4c091b-5fce-583a-bc17-31830251892c" - date = "2024-06-01" + date = "2024-07-01" modified = "2020-08-14" reference = "https://github.com/advanced-threat-research/Yara-Rules/" source_url = "https://github.com/advanced-threat-research/Yara-Rules//blob/fc51a3fe3b450838614a5a5aa327c6bd8689cbb2/malware/MALW_MsWordExploit_DOC.yar#L1-L24" @@ -191549,7 +191782,7 @@ rule TRELLIX_ARC_Rovnix_Downloader : DOWNLOADER description = "Rovnix downloader with sinkhole checks" author = "Intel Security" id = "d51f8f73-7a3a-5ccf-9122-86061b5399f1" - date = "2024-06-01" + date = "2024-07-01" modified = "2020-08-14" reference = "https://blogs.mcafee.com/mcafee-labs/rovnix-downloader-sinkhole-time-checks/" source_url = "https://github.com/advanced-threat-research/Yara-Rules//blob/fc51a3fe3b450838614a5a5aa327c6bd8689cbb2/malware/MALW_Rovnix.yar#L1-L38" @@ -191695,7 +191928,7 @@ rule TRELLIX_ARC_Trojan_Coinminer : FILE * YARA Rule Set * Repository Name: Arkbird SOLG * Repository: https://github.com/StrangerealIntel/DailyIOC - * Retrieval Date: 2024-06-30 + * Retrieval Date: 2024-07-07 * Git Commit: a873ff1298c43705e9c67286f3014f4300dd04f7 * Number of Rules: 214 * Skipped: 0 (age), 10 (quality), 0 (score), 0 (importance) @@ -198798,7 +199031,7 @@ rule ARKBIRD_SOLG_MAL_Stealer_Cookie_July_2020_1 : FILE * YARA Rule Set * Repository Name: Telekom Security * Repository: https://github.com/telekom-security/malware_analysis/ - * Retrieval Date: 2024-06-30 + * Retrieval Date: 2024-07-07 * Git Commit: bf832d97e8fd292ec5e095e35bde992a6462e71c * Number of Rules: 12 * Skipped: 0 (age), 5 (quality), 0 (score), 0 (importance) @@ -199166,7 +199399,7 @@ rule TELEKOM_SECURITY_Cn_Utf8_Windows_Terminal : CAPABILITY HACKTOOL * YARA Rule Set * Repository Name: Volexity * Repository: https://github.com/volexity/threat-intel - * Retrieval Date: 2024-06-30 + * Retrieval Date: 2024-07-07 * Git Commit: cb213e6d64022494a2ae7a9e65dfbf254a99b144 * Number of Rules: 82 * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance) @@ -201888,7 +202121,7 @@ rule VOLEXITY_Hacktool_Golang_Reversessh_Fahrj : FILE MEMORY * YARA Rule Set * Repository Name: JPCERTCC * Repository: https://github.com/JPCERTCC/MalConfScan/ - * Retrieval Date: 2024-06-30 + * Retrieval Date: 2024-07-07 * Git Commit: 19ec0d145535a6a4cfd37c0960114f455a8c343e * Number of Rules: 30 * Skipped: 0 (age), 4 (quality), 0 (score), 0 (importance) @@ -202732,7 +202965,7 @@ rule JPCERTCC_Elf_Wellmess : FILE * YARA Rule Set * Repository Name: SecuInfra * Repository: https://github.com/SIFalcon/Detection - * Retrieval Date: 2024-06-30 + * Retrieval Date: 2024-07-07 * Git Commit: 2d7c66d7d16c7541bf2a9a83a7a6d334364a26fd * Number of Rules: 45 * Skipped: 0 (age), 11 (quality), 0 (score), 0 (importance) @@ -204047,7 +204280,7 @@ rule SECUINFRA_MAL_Redline_Certificate_Geforce : FILE * YARA Rule Set * Repository Name: RussianPanda * Repository: https://github.com/RussianPanda95/Yara-Rules - * Retrieval Date: 2024-06-30 + * Retrieval Date: 2024-07-07 * Git Commit: c65f3c62711bf141e4eb926ffe3a9880e5331974 * Number of Rules: 71 * Skipped: 0 (age), 1 (quality), 0 (score), 0 (importance) @@ -205922,7 +206155,7 @@ rule RUSSIANPANDA_Bandit_Stealer : FILE * YARA Rule Set * Repository Name: Check Point * Repository: https://github.com/mikesxrs/Open-Source-YARA-rules - * Retrieval Date: 2024-06-30 + * Retrieval Date: 2024-07-07 * Git Commit: ec0056f767db98bf6d5fd63877ad51fb54d350e9 * Number of Rules: 4 * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance) @@ -206136,7 +206369,7 @@ rule CHECK_POINT_Injector_ZZ_Dotrunpex : FILE * YARA Rule Set * Repository Name: Dragon Threat Labs * Repository: https://github.com/mikesxrs/Open-Source-YARA-rules - * Retrieval Date: 2024-06-30 + * Retrieval Date: 2024-07-07 * Git Commit: ec0056f767db98bf6d5fd63877ad51fb54d350e9 * Number of Rules: 7 * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance) @@ -206339,7 +206572,7 @@ rule DRAGON_THREAT_LABS_Apt_Win_Mocelpa * YARA Rule Set * Repository Name: Microsoft * Repository: https://github.com/mikesxrs/Open-Source-YARA-rules - * Retrieval Date: 2024-06-30 + * Retrieval Date: 2024-07-07 * Git Commit: ec0056f767db98bf6d5fd63877ad51fb54d350e9 * Number of Rules: 21 * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance) @@ -206943,7 +207176,7 @@ rule MICROSOFT_Devilstongue_Hijackdll : FILE * YARA Rule Set * Repository Name: NCSC * Repository: https://github.com/mikesxrs/Open-Source-YARA-rules - * Retrieval Date: 2024-06-30 + * Retrieval Date: 2024-07-07 * Git Commit: ec0056f767db98bf6d5fd63877ad51fb54d350e9 * Number of Rules: 17 * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance) @@ -207414,7 +207647,7 @@ rule NCSC_Sparrowdoor_Sleep_Routine * YARA Rule Set * Repository Name: Dr4k0nia * Repository: https://github.com/dr4k0nia/yara-rules - * Retrieval Date: 2024-06-30 + * Retrieval Date: 2024-07-07 * Git Commit: 4b10f9b79a4cfb3ec9cb5675f32cc7ee6885fbd8 * Number of Rules: 5 * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance) @@ -207595,7 +207828,7 @@ rule DR4K0NIA_MAL_MSIL_NET_Typhonlogger_Jul23 : FILE * YARA Rule Set * Repository Name: EmbeeResearch * Repository: https://github.com/embee-research/Yara-detection-rules/ - * Retrieval Date: 2024-06-30 + * Retrieval Date: 2024-07-07 * Git Commit: ac56d6f6fd2a30c8cb6e5c0455d6519210a8b0f4 * Number of Rules: 39 * Skipped: 0 (age), 8 (quality), 0 (score), 0 (importance) @@ -208688,7 +208921,7 @@ rule EMBEERESEARCH_Win_Gracewire_Loader_Dec_2022 : FILE * YARA Rule Set * Repository Name: AvastTI * Repository: https://github.com/avast/ioc - * Retrieval Date: 2024-06-30 + * Retrieval Date: 2024-07-07 * Git Commit: 19245ea6066a04f15e0859899546f1378ef578cb * Number of Rules: 33 * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance) @@ -209551,7 +209784,7 @@ rule AVASTTI_Manjusaka_Payload_Mz * YARA Rule Set * Repository Name: SBousseaden * Repository: https://github.com/sbousseaden/YaraHunts/ - * Retrieval Date: 2024-06-30 + * Retrieval Date: 2024-07-07 * Git Commit: 71b27a2a7c57c2aa1877a11d8933167794e2b4fb * Number of Rules: 36 * Skipped: 0 (age), 4 (quality), 0 (score), 0 (importance) @@ -210628,7 +210861,7 @@ rule SBOUSSEADEN_Hunt_Evtmutehook_Memory * YARA Rule Set * Repository Name: Elceef * Repository: https://github.com/elceef/yara-rulz - * Retrieval Date: 2024-06-30 + * Retrieval Date: 2024-07-07 * Git Commit: 05834717d1464d5efce8ad9d688ff7b53886a0bb * Number of Rules: 17 * Skipped: 0 (age), 1 (quality), 0 (score), 0 (importance) @@ -211134,7 +211367,7 @@ rule ELCEEF_EICAR_Encrypted_ZIP * YARA Rule Set * Repository Name: GodModeRules * Repository: https://github.com/Neo23x0/god-mode-rules/ - * Retrieval Date: 2024-06-30 + * Retrieval Date: 2024-07-07 * Git Commit: c6de81ded89d2727bec9e0f6ed490f6c8ab380f2 * Number of Rules: 1 * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance) @@ -211405,7 +211638,7 @@ rule GODMODERULES_IDDQD_God_Mode_Rule * YARA Rule Set * Repository Name: Cod3nym * Repository: https://github.com/cod3nym/detection-rules/ - * Retrieval Date: 2024-06-30 + * Retrieval Date: 2024-07-07 * Git Commit: ad485bff0ce30afb56e367b7f2b76fea81e78fc9 * Number of Rules: 13 * Skipped: 0 (age), 1 (quality), 0 (score), 0 (importance) @@ -211864,9 +212097,9 @@ rule COD3NYM_MAL_NET_Limecrypter_Runpe_Jan24 : FILE * YARA Rule Set * Repository Name: craiu * Repository: https://github.com/craiu/yararules - * Retrieval Date: 2024-06-30 - * Git Commit: 68bc7e129467d2c027f06918f28c3196e5c684a1 - * Number of Rules: 10 + * Retrieval Date: 2024-07-07 + * Git Commit: 524091303c1b0066e1f469a34a9ac485491ba58e + * Number of Rules: 12 * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance) * * @@ -212557,8 +212790,8 @@ rule CRAIU_Crime_Noabot : FILE date = "2024-01-11" modified = "2024-01-11" reference = "https://www.akamai.com/blog/security-research/mirai-based-noabot-crypto-mining" - source_url = "https://github.com/craiu/yararules/blob/68bc7e129467d2c027f06918f28c3196e5c684a1/files/crime_noabot.yara#L2-L57" - license_url = "https://github.com/craiu/yararules/blob/68bc7e129467d2c027f06918f28c3196e5c684a1/LICENSE" + source_url = "https://github.com/craiu/yararules/blob/524091303c1b0066e1f469a34a9ac485491ba58e/files/crime_noabot.yara#L2-L57" + license_url = "https://github.com/craiu/yararules/blob/524091303c1b0066e1f469a34a9ac485491ba58e/LICENSE" hash = "1603202a9115b83224233697f2ca1d36fef60113b94a73a15afed79a459aacc3" hash = "16a28951acfe78b81046bfedb0b489efb4c9d3d1d3b8475c39b93cd5105dc866" hash = "3da983ef3580a4b1b3b041cd991019b900f7995791c0acb32035ac5706085a63" @@ -212599,8 +212832,8 @@ rule CRAIU_Crime_Chaos_Ransomware_Gen : FILE date = "2024-05-27" modified = "2024-05-28" reference = "https://blog.sonicwall.com/en-us/2024/05/politically-charged-ransomware-weaponized-as-a-file-destroyer/" - source_url = "https://github.com/craiu/yararules/blob/68bc7e129467d2c027f06918f28c3196e5c684a1/files/crime_chaos_ransomware.yara#L2-L39" - license_url = "https://github.com/craiu/yararules/blob/68bc7e129467d2c027f06918f28c3196e5c684a1/LICENSE" + source_url = "https://github.com/craiu/yararules/blob/524091303c1b0066e1f469a34a9ac485491ba58e/files/crime_chaos_ransomware.yara#L2-L39" + license_url = "https://github.com/craiu/yararules/blob/524091303c1b0066e1f469a34a9ac485491ba58e/LICENSE" hash = "524a898e18999ceac864dbac5b85fa2f14392e389b3c32f77d58e2a89cdf01c4" logic_hash = "7d2e1c9178d5bf360cebc90056bbdae6a11729b1b3c5e963c522a29fd7ba7a3e" score = 75 @@ -212626,6 +212859,36 @@ rule CRAIU_Crime_Chaos_Ransomware_Gen : FILE condition: ( filesize <9MB) and ( uint16(0)==0x5a4d) and ((3 of them )) } +rule CRAIU_Crime_Lockbit3_Ransomware : FILE +{ + meta: + description = "Generic LockBit detection, also catches the version used in attacks in Indonesia." + author = "Costin G. Raiu, TLPBLACK, craiu@noh.ro" + id = "167788a4-a610-5770-9f51-aa4cc4d3d350" + date = "2024-07-03" + modified = "2024-07-03" + reference = "https://www.bleepingcomputer.com/news/security/meet-brain-cipher-the-new-ransomware-behind-indonesia-data-center-attack/" + source_url = "https://github.com/craiu/yararules/blob/524091303c1b0066e1f469a34a9ac485491ba58e/files/crime_lockbit3_ransomware.yara#L2-L32" + license_url = "https://github.com/craiu/yararules/blob/524091303c1b0066e1f469a34a9ac485491ba58e/LICENSE" + hash = "eb82946fa0de261e92f8f60aa878c9fef9ebb34fdababa66995403b110118b12" + hash = "6e07da23603fbe5b26755df5b8fec19cadf1f7001b1558ea4f12e20271263417" + logic_hash = "84efb899315379d85a03959359f89fbcb97cbb6477f1ec439380a4d15fed4f53" + score = 75 + quality = 85 + tags = "FILE" + version = "1.1" + + strings: + $a1 = {C3 8BFF53 51 6A0158 0FA2F7C1000000400F95C0 84C074090FC7F0 0FC7F2 59 5B C3 } + $a2 = {C3 6A0758 33C90FA2F7C3000004000F95C0 84C074090FC7F8 0FC7FA 59 5B C3 } + $a3 = {C3 0F31 8BC8 C1C90D 0F31 8BD0 C1C20D 8BC1 59 5B C3 } + $a4 = {55 8BEC 51 52 56 33C0 8B550C 8B7508 AC 33C9 B930000000 8D0C4D01000000 02F1 2AF1 33C9 B906000000 8D0C4D01000000 D3CA 03D0 90 85C0} + $a5 = {E9 ?? ?? ?? ?? 6683F841 720C 6683F846 7706 6683E837 EB26 6683F861 720C 6683F866 7706 6683E857 EB14 6683F830 720C 6683F839 7706 6683E830 EB} + $a6 = {5D 8BC3 5F 5E 5B 5D C20C00 90 55 8BEC 53 56 57 33C0 8B5D14 33C9 33D2 8B750C 8B7D08 85F6 } + + condition: + ( filesize <1MB) and ( uint16(0)==0x5a4d) and (2 of them ) +} rule CRAIU_Apt_ZZ_Orangeworm_Kwampirs_Dropperandmainpayload : KWAMPIRS { meta: @@ -212635,8 +212898,8 @@ rule CRAIU_Apt_ZZ_Orangeworm_Kwampirs_Dropperandmainpayload : KWAMPIRS date = "2018-04-23" modified = "2020-03-31" reference = "https://www.symantec.com/blogs/threat-intelligence/orangeworm-targets-healthcare-us-europe-asia" - source_url = "https://github.com/craiu/yararules/blob/68bc7e129467d2c027f06918f28c3196e5c684a1/files/apt_zz_orangeworm.yara#L2-L80" - license_url = "https://github.com/craiu/yararules/blob/68bc7e129467d2c027f06918f28c3196e5c684a1/LICENSE" + source_url = "https://github.com/craiu/yararules/blob/524091303c1b0066e1f469a34a9ac485491ba58e/files/apt_zz_orangeworm.yara#L2-L80" + license_url = "https://github.com/craiu/yararules/blob/524091303c1b0066e1f469a34a9ac485491ba58e/LICENSE" logic_hash = "40e197f4278a2d14e8fe1359676558319e86728f7e61ddf612bcc894c311d53a" score = 75 quality = 85 @@ -212712,8 +212975,8 @@ rule CRAIU_Apt_ZZ_Orangeworm_Kwampirs_Shamoon_Code : FILE date = "2020-01-14" modified = "2020-03-31" reference = "https://assets.documentcloud.org/documents/6821582/FLASH-CP-000118-MW-Downgraded-Version.pdf" - source_url = "https://github.com/craiu/yararules/blob/68bc7e129467d2c027f06918f28c3196e5c684a1/files/apt_zz_orangeworm.yara#L85-L105" - license_url = "https://github.com/craiu/yararules/blob/68bc7e129467d2c027f06918f28c3196e5c684a1/LICENSE" + source_url = "https://github.com/craiu/yararules/blob/524091303c1b0066e1f469a34a9ac485491ba58e/files/apt_zz_orangeworm.yara#L85-L105" + license_url = "https://github.com/craiu/yararules/blob/524091303c1b0066e1f469a34a9ac485491ba58e/LICENSE" logic_hash = "5ab949280be87d242ad2843dee001eee5a338e266ef52da55883f7c77e66cf5b" score = 75 quality = 85 @@ -212739,8 +213002,8 @@ rule CRAIU_Apt_ZZ_Orangeworm_Kwampirs_Installer : FILE date = "2020-01-14" modified = "2020-03-31" reference = "https://assets.documentcloud.org/documents/6821582/FLASH-CP-000118-MW-Downgraded-Version.pdf" - source_url = "https://github.com/craiu/yararules/blob/68bc7e129467d2c027f06918f28c3196e5c684a1/files/apt_zz_orangeworm.yara#L109-L127" - license_url = "https://github.com/craiu/yararules/blob/68bc7e129467d2c027f06918f28c3196e5c684a1/LICENSE" + source_url = "https://github.com/craiu/yararules/blob/524091303c1b0066e1f469a34a9ac485491ba58e/files/apt_zz_orangeworm.yara#L109-L127" + license_url = "https://github.com/craiu/yararules/blob/524091303c1b0066e1f469a34a9ac485491ba58e/LICENSE" logic_hash = "ac9c3ba7188cbbe736ff81b41086fdc874ac24ae83d3cec390907f8edd0a0ce5" score = 75 quality = 85 @@ -212764,8 +213027,8 @@ rule CRAIU_Apt_ZZ_Orangeworm_Kwampirs_Implant : FILE date = "2020-01-14" modified = "2020-03-31" reference = "https://assets.documentcloud.org/documents/6821582/FLASH-CP-000118-MW-Downgraded-Version.pdf" - source_url = "https://github.com/craiu/yararules/blob/68bc7e129467d2c027f06918f28c3196e5c684a1/files/apt_zz_orangeworm.yara#L130-L177" - license_url = "https://github.com/craiu/yararules/blob/68bc7e129467d2c027f06918f28c3196e5c684a1/LICENSE" + source_url = "https://github.com/craiu/yararules/blob/524091303c1b0066e1f469a34a9ac485491ba58e/files/apt_zz_orangeworm.yara#L130-L177" + license_url = "https://github.com/craiu/yararules/blob/524091303c1b0066e1f469a34a9ac485491ba58e/LICENSE" logic_hash = "a9559c17c802c6060799d0a1ee96d68bd521475dd12ff6040a74874cabe3a9a9" score = 75 quality = 85 @@ -212819,8 +213082,8 @@ rule CRAIU_Apt_ZZ_Orangeworm_Kwampirs_Shamoon : FILE date = "2020-01-14" modified = "2020-03-31" reference = "https://assets.documentcloud.org/documents/6821582/FLASH-CP-000118-MW-Downgraded-Version.pdf" - source_url = "https://github.com/craiu/yararules/blob/68bc7e129467d2c027f06918f28c3196e5c684a1/files/apt_zz_orangeworm.yara#L200-L221" - license_url = "https://github.com/craiu/yararules/blob/68bc7e129467d2c027f06918f28c3196e5c684a1/LICENSE" + source_url = "https://github.com/craiu/yararules/blob/524091303c1b0066e1f469a34a9ac485491ba58e/files/apt_zz_orangeworm.yara#L200-L221" + license_url = "https://github.com/craiu/yararules/blob/524091303c1b0066e1f469a34a9ac485491ba58e/LICENSE" logic_hash = "43f352c3db016d2831d11a13ae6c0baf440fa464560090e00432780df6a8982d" score = 75 quality = 60 @@ -212846,8 +213109,8 @@ rule CRAIU_Susp_Ios_Shutdown date = "2023-12-28" modified = "2024-03-05" reference = "https://securelist.com/shutdown-log-lightweight-ios-malware-detection-method/111734/" - source_url = "https://github.com/craiu/yararules/blob/68bc7e129467d2c027f06918f28c3196e5c684a1/files/susp_ios_shutdown.yara#L2-L25" - license_url = "https://github.com/craiu/yararules/blob/68bc7e129467d2c027f06918f28c3196e5c684a1/LICENSE" + source_url = "https://github.com/craiu/yararules/blob/524091303c1b0066e1f469a34a9ac485491ba58e/files/susp_ios_shutdown.yara#L2-L25" + license_url = "https://github.com/craiu/yararules/blob/524091303c1b0066e1f469a34a9ac485491ba58e/LICENSE" logic_hash = "936101f2dddb73f6dda41be47d775199c458aa4fecdcf348ed479da620343ea1" score = 65 quality = 85 @@ -212864,6 +213127,44 @@ rule CRAIU_Susp_Ios_Shutdown condition: ($c1 at 0) and $a1 and ( any of ($b*)) } +rule CRAIU_Exploit_CVE_2024_6387 : CVE_2024_6387 FILE +{ + meta: + description = "Strings from CVE-2024-6387 exploit PoC by zgzhang." + author = "Costin G. Raiu, TLPBLACK, craiu@noh.ro" + id = "6ac63016-864d-57af-bb36-3115a0a91021" + date = "2024-07-02" + modified = "2024-07-03" + reference = "https://github.com/zgzhang/cve-2024-6387-poc/tree/main" + source_url = "https://github.com/craiu/yararules/blob/524091303c1b0066e1f469a34a9ac485491ba58e/files/exploit_cve_2024_6387.yara#L2-L38" + license_url = "https://github.com/craiu/yararules/blob/524091303c1b0066e1f469a34a9ac485491ba58e/LICENSE" + hash = "62b06a6c30a0c891c2246ff87c0ad9ae03d2123601ba5331d6348c43b38d185e" + logic_hash = "d43a77c2690b5e01639590bc31fa64fa36b1da5efd3cc0761be7369ce80e4253" + score = 75 + quality = 85 + tags = "CVE-2024-6387, FILE" + version = "1.0" + + strings: + $a0 = "Attempting exploitation with glibc base: 0x%lx" ascii wide fullword + $a1 = "Attempt %d of 20000" ascii wide fullword + $a2 = "Failed to establish connection, attempt %d" ascii wide fullword + $a3 = "SSH handshake failed, attempt %d" ascii wide fullword + $a4 = "Possible exploitation success on attempt %d with glibc base 0x%lx!" ascii wide fullword + $a5 = "Received SSH version: %s" ascii wide fullword + $a6 = "Connection closed while receiving SSH version" ascii wide fullword + $a7 = "Received KEX_INIT (%zd bytes)" ascii wide fullword + $a8 = "Connection closed while receiving KEX_INIT" ascii wide fullword + $a9 = "Estimated parsing time: %.6f seconds" ascii wide fullword + $a10 = "Received response after exploit attempt (%zd bytes)" ascii wide fullword + $a11 = "Possible hit on 'large' race window" ascii wide fullword + $a12 = "Connection closed by server - possible successful exploitation" ascii wide fullword + $a13 = "No immediate response from server - possible successful exploitation" ascii wide fullword + $a14 = "Attempt %d of 10000" ascii wide fullword + + condition: + ( filesize <5MB) and ( uint32be(0)==0x7F454C46) and (4 of ($a*)) +} rule CRAIU_Unk_Liblzma_Backdoor : FILE { meta: @@ -212873,8 +213174,8 @@ rule CRAIU_Unk_Liblzma_Backdoor : FILE date = "2024-03-30" modified = "2024-03-30" reference = "https://seclists.org/oss-sec/2024/q1/268" - source_url = "https://github.com/craiu/yararules/blob/68bc7e129467d2c027f06918f28c3196e5c684a1/files/unk_liblzma_backdoor.yara#L1-L30" - license_url = "https://github.com/craiu/yararules/blob/68bc7e129467d2c027f06918f28c3196e5c684a1/LICENSE" + source_url = "https://github.com/craiu/yararules/blob/524091303c1b0066e1f469a34a9ac485491ba58e/files/unk_liblzma_backdoor.yara#L1-L30" + license_url = "https://github.com/craiu/yararules/blob/524091303c1b0066e1f469a34a9ac485491ba58e/LICENSE" hash = "8fa641c454c3e0f76de73b7cc3446096b9c8b9d33d406d38b8ac76090b0344fd" hash = "319feb5a9cddd81955d915b5632b4a5f8f9080281fb46e2f6d69d53f693c23ae" hash = "b418bfd34aa246b2e7b5cb5d263a640e5d080810f767370c4d2c24662a274963" @@ -212901,8 +213202,8 @@ rule CRAIU_Unk_Liblzma_Encstrings : FILE date = "2024-03-30" modified = "2024-03-30" reference = "https://gist.github.com/q3k/af3d93b6a1f399de28fe194add452d01" - source_url = "https://github.com/craiu/yararules/blob/68bc7e129467d2c027f06918f28c3196e5c684a1/files/unk_liblzma_backdoor.yara#L32-L70" - license_url = "https://github.com/craiu/yararules/blob/68bc7e129467d2c027f06918f28c3196e5c684a1/LICENSE" + source_url = "https://github.com/craiu/yararules/blob/524091303c1b0066e1f469a34a9ac485491ba58e/files/unk_liblzma_backdoor.yara#L32-L70" + license_url = "https://github.com/craiu/yararules/blob/524091303c1b0066e1f469a34a9ac485491ba58e/LICENSE" logic_hash = "99f5c82f941bb5c1f908209e108f9f80a835ad84157a383faa0dde502486dbd3" score = 75 quality = 85 @@ -212936,7 +213237,7 @@ rule CRAIU_Unk_Liblzma_Encstrings : FILE * YARA Rule Set * Repository Name: DitekSHen * Repository: https://github.com/ditekshen/detection - * Retrieval Date: 2024-06-30 + * Retrieval Date: 2024-07-07 * Git Commit: 2ddbbe14eea1f342bca2cfd09a643a40ae2fcaf6 * Number of Rules: 1420 * Skipped: 0 (age), 121 (quality), 0 (score), 0 (importance) @@ -232276,8 +232577,8 @@ rule DITEKSHEN_INDICATOR_KB_CERT_5Ef27Fc51Ee80B30430947C9967Db440 : FILE condition: uint16(0)==0x5a4d and for any i in (0..pe.number_of_signatures) : (pe.signatures[i].subject contains "AMCERT,LLC" and pe.signatures[i].serial=="5e:f2:7f:c5:1e:e8:0b:30:43:09:47:c9:96:7d:b4:40") } -import "time" import "pe" +import "time" rule DITEKSHEN_INDICATOR_SUSPICIOUS_Reflectiveloader : FILE { @@ -232303,8 +232604,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_Reflectiveloader : FILE condition: uint16(0)==0x5a4d and (1 of them or (pe.exports("ReflectiveLoader@4") or pe.exports("_ReflectiveLoader@4") or pe.exports("ReflectiveLoader"))) } -import "time" import "pe" +import "time" rule DITEKSHEN_INDICATOR_SUSPICIOUS_IMG_Embedded_Archive : FILE { @@ -232341,8 +232642,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_IMG_Embedded_Archive : FILE condition: ( uint32(0)==0xe0ffd8ff or uint32(0)==0x474e5089 or uint16(0)==0x4d42) and 1 of them } -import "time" import "pe" +import "time" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Uacbypass_Eventviewer : FILE { @@ -232368,8 +232669,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Uacbypass_Eventviewer : FILE condition: uint16(0)==0x5a4d and all of them } -import "time" import "pe" +import "time" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Uacbypass_Cleanmgr : FILE { @@ -232395,8 +232696,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Uacbypass_Cleanmgr : FILE condition: uint16(0)==0x5a4d and all of them } -import "time" import "pe" +import "time" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Enable_Officemacro : FILE { @@ -232429,8 +232730,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Enable_Officemacro : FILE condition: uint16(0)==0x5a4d and (2 of ($s*) or 2 of ($h*) or 2 of ($d*)) } -import "time" import "pe" +import "time" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Disable_Officeprotectedview : FILE { @@ -232463,8 +232764,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Disable_Officeprotectedview : FILE condition: uint16(0)==0x5a4d and (2 of ($s*) or 2 of ($h*) or 2 of ($d*)) } -import "time" import "pe" +import "time" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Sandboxproductid : FILE { @@ -232500,8 +232801,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Sandboxproductid : FILE condition: uint16(0)==0x5a4d and 2 of them } -import "time" import "pe" +import "time" rule DITEKSHEN_INDICATOR_SUSPICIOUS_AHK_Downloader : FILE { @@ -232530,8 +232831,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_AHK_Downloader : FILE condition: uint16(0)==0x5a4d and (1 of ($d*) and 1 of ($s*)) } -import "time" import "pe" +import "time" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Uacbypass_CMSTPCOM : T1218 FILE { @@ -232560,8 +232861,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Uacbypass_CMSTPCOM : T1218 FILE condition: uint16(0)==0x5a4d and (1 of ($guid*) and 1 of ($s*)) } -import "time" import "pe" +import "time" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_References_Confidential_Data_Store : FILE { @@ -232592,8 +232893,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_References_Confidential_Data_Store : FIL condition: uint16(0)==0x5a4d and 3 of them } -import "time" import "pe" +import "time" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Referenfces_File_Transfer_Clients : FILE { @@ -232664,8 +232965,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Referenfces_File_Transfer_Clients : FILE condition: uint16(0)==0x5a4d and 6 of them } -import "time" import "pe" +import "time" rule DITEKSHEN_INDICATOR_SUSPICIOUS_Usndeletejournal : FILE { @@ -232698,8 +232999,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_Usndeletejournal : FILE condition: uint16(0)==0x5a4d and ( not any of ($ne*) and ((1 of ($cmd*) and 1 of ($s*)) or 1 of ($s*))) } -import "time" import "pe" +import "time" rule DITEKSHEN_INDICATOR_SUSPICIOUS_Geninfostealer : FILE { @@ -232743,8 +233044,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_Geninfostealer : FILE condition: uint16(0)==0x5a4d and ((2 of ($f*) and 2 of ($b*) and 1 of ($s*) and 3 of ($a*)) or (14 of them )) } -import "time" import "pe" +import "time" rule DITEKSHEN_INDICATOR_SUSPICIOUS_PWSH_Asciiencoding_Pattern : FILE { @@ -232775,8 +233076,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_PWSH_Asciiencoding_Pattern : FILE condition: 1 of ($enc*) and 4 of ($s*) and filesize <2500KB } -import "time" import "pe" +import "time" rule DITEKSHEN_INDICATOR_SUSPICIOUS_WMIC_Downloader : FILE { @@ -232804,8 +233105,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_WMIC_Downloader : FILE condition: ( uint16(0)==0x004c or uint16(0)==0x5a4d) and 1 of them } -import "time" import "pe" +import "time" rule DITEKSHEN_INDICATOR_SUSPICIOUS_AMSI_Bypass : FILE { @@ -232835,8 +233136,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_AMSI_Bypass : FILE condition: 5 of them and filesize <2000KB } -import "time" import "pe" +import "time" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_PE_Resourcetuner : FILE { @@ -232861,8 +233162,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_PE_Resourcetuner : FILE condition: uint16(0)==0x5a4d and all of them } -import "time" import "pe" +import "time" rule DITEKSHEN_INDICATOR_SUSPICIOUS_References_Sectools_B64Encoded : FILE { @@ -232923,8 +233224,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_References_Sectools_B64Encoded : FILE condition: uint16(0)==0x5a4d and 4 of them } -import "time" import "pe" +import "time" rule DITEKSHEN_INDICATOR_SUSPICIOUS_References_Sandbox_Artifacts : FILE { @@ -232974,8 +233275,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_References_Sandbox_Artifacts : FILE condition: uint16(0)==0x5a4d and 3 of them } -import "time" import "pe" +import "time" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Embedded_Gzip_B64Encoded_File : FILE { @@ -233001,8 +233302,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Embedded_Gzip_B64Encoded_File : FILE condition: uint16(0)==0x5a4d and 1 of them } -import "time" import "pe" +import "time" rule DITEKSHEN_INDICATOR_SUSPICIOUS_PWSH_Passwordcredential_Retrievepassword { @@ -233029,8 +233330,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_PWSH_Passwordcredential_Retrievepassword condition: $namespace and 1 of ($method*) } -import "time" import "pe" +import "time" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Uacbypass_Envvarscheduledtasks { @@ -233058,8 +233359,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Uacbypass_Envvarscheduledtasks condition: all of them } -import "time" import "pe" +import "time" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Uacbypass_Fodhelper { @@ -233087,8 +233388,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Uacbypass_Fodhelper condition: all of them } -import "time" import "pe" +import "time" rule DITEKSHEN_INDICATOR_SUSPICIOUS_Finger_Download_Pattern { @@ -233115,8 +233416,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_Finger_Download_Pattern condition: not any of ($ne*) and any of ($pat*) } -import "time" import "pe" +import "time" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Uacbypass_CMSTPCMD : FILE { @@ -233146,8 +233447,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Uacbypass_CMSTPCMD : FILE condition: uint16(0)==0x5a4d and 3 of them } -import "time" import "pe" +import "time" rule DITEKSHEN_INDICATOR_SUSPICIOUS_JS_WMI_Execquery { @@ -233176,8 +233477,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_JS_WMI_Execquery condition: ($ex and all of ($s*)) } -import "time" import "pe" +import "time" rule DITEKSHEN_INDICATOR_SUSPICIOUS_XML_Liverpool_Downlaoder_Userconfig : FILE { @@ -233203,8 +233504,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_XML_Liverpool_Downlaoder_Userconfig : FILE condition: uint32(0)==0x6d783f3c and all of them } -import "time" import "pe" +import "time" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_B64_Encoded_Useragent : FILE { @@ -233230,8 +233531,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_B64_Encoded_Useragent : FILE condition: uint16(0)==0x5a4d and any of them } -import "time" import "pe" +import "time" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Winddefender_Antiemaulation : FILE { @@ -233257,8 +233558,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Winddefender_Antiemaulation : FILE condition: uint16(0)==0x5a4d and all of them } -import "time" import "pe" +import "time" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Attrib : FILE { @@ -233283,8 +233584,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Attrib : FILE condition: uint16(0)==0x5a4d and any of them } -import "time" import "pe" +import "time" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Clearmytracksbyprocess : FILE { @@ -233309,8 +233610,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Clearmytracksbyprocess : FILE condition: uint16(0)==0x5a4d and any of them } -import "time" import "pe" +import "time" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Dotnetprochook : FILE { @@ -233338,8 +233639,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Dotnetprochook : FILE condition: uint16(0)==0x5a4d and all of them } -import "time" import "pe" +import "time" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Telegramchatbot : FILE { @@ -233371,8 +233672,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Telegramchatbot : FILE condition: uint16(0)==0x5a4d and (2 of ($s*) or (2 of ($p*) and 1 of ($s*))) } -import "time" import "pe" +import "time" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_B64_Artifacts : FILE { @@ -233400,8 +233701,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_B64_Artifacts : FILE condition: uint16(0)==0x5a4d and 2 of them } -import "time" import "pe" +import "time" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Discordurl : FILE { @@ -233433,8 +233734,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Discordurl : FILE condition: uint16(0)==0x5a4d and any of them } -import "time" import "pe" +import "time" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Regkeycomb_Disablewindefender : FILE { @@ -233473,8 +233774,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Regkeycomb_Disablewindefender : FILE condition: uint16(0)==0x5a4d and (1 of ($r*) and 1 of ($k*)) } -import "time" import "pe" +import "time" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Regkeycomb_Iexecutecommandcom : FILE { @@ -233505,8 +233806,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Regkeycomb_Iexecutecommandcom : FILE condition: uint16(0)==0x5a4d and ((1 of ($r*) and 1 of ($k*)) or ( all of ($s*))) } -import "time" import "pe" +import "time" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_WMI_Enumeratevideodevice : FILE { @@ -233537,8 +233838,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_WMI_Enumeratevideodevice : FILE condition: uint16(0)==0x5a4d and ((1 of ($q*) and 1 of ($d*)) or 3 of ($d*)) } -import "time" import "pe" +import "time" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Dcratby : FILE { @@ -233563,8 +233864,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Dcratby : FILE condition: uint16(0)==0x5a4d and all of them } -import "time" import "pe" +import "time" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Anti_Winjail : FILE { @@ -233589,8 +233890,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Anti_Winjail : FILE condition: uint16(0)==0x5a4d and all of them } -import "time" import "pe" +import "time" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Anti_Oldcopypaste : FILE { @@ -233626,8 +233927,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Anti_Oldcopypaste : FILE condition: uint16(0)==0x5a4d and (3 of ($s*) or all of ($v*)) } -import "time" import "pe" +import "time" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Go_Golazagne : FILE { @@ -233653,8 +233954,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Go_Golazagne : FILE condition: uint16(0)==0x5a4d and all of them } -import "time" import "pe" +import "time" rule DITEKSHEN_INDICATOR_SUSPICIOUS_CSPROJ : FILE { @@ -233683,8 +233984,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_CSPROJ : FILE condition: uint32(0)==0x6f72503c and ( all of ($s*) and 2 of ($x*)) } -import "time" import "pe" +import "time" rule DITEKSHEN_INDICATOR_SUSPICIOUS_Sandbox_Evasion_Filescomb : FILE { @@ -233718,8 +234019,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_Sandbox_Evasion_Filescomb : FILE condition: uint16(0)==0x5a4d and 6 of them } -import "time" import "pe" +import "time" rule DITEKSHEN_INDICATOR_SUSPICIOUS_VM_Evasion_Virtdrvcomb : FILE { @@ -233775,8 +234076,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_VM_Evasion_Virtdrvcomb : FILE condition: uint16(0)==0x5a4d and ((2 of ($p*) and (2 of ($vb*) or 2 of ($vp*) or 2 of ($vw*))) or (2 of ($vb*) and (2 of ($p*) or 2 of ($vp*) or 2 of ($vw*))) or (2 of ($vp*) and (2 of ($p*) or 2 of ($vb*) or 2 of ($vw*))) or (2 of ($vw*) and (2 of ($p*) or 2 of ($vb*) or 2 of ($vp*)))) } -import "time" import "pe" +import "time" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Nonewindowsua : FILE { @@ -233817,8 +234118,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Nonewindowsua : FILE condition: uint16(0)==0x5a4d and 1 of them } -import "time" import "pe" +import "time" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Toomanywindowsua : FILE { @@ -233859,8 +234160,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Toomanywindowsua : FILE condition: uint16(0)==0x5a4d and 5 of them } -import "time" import "pe" +import "time" rule DITEKSHEN_INDICATOR_SUSPICIOUS_VM_Evasion_Macaddrcomb : FILE { @@ -233892,8 +234193,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_VM_Evasion_Macaddrcomb : FILE condition: uint16(0)==0x5a4d and 3 of them } -import "time" import "pe" +import "time" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Discord_Regex : FILE { @@ -233918,8 +234219,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Discord_Regex : FILE condition: ( uint16(0)==0x5a4d and all of them ) or all of them } -import "time" import "pe" +import "time" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_References_VPN : FILE { @@ -233950,8 +234251,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_References_VPN : FILE condition: uint16(0)==0x5a4d and 3 of them } -import "time" import "pe" +import "time" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Vaultschemaguid : FILE { @@ -233983,8 +234284,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Vaultschemaguid : FILE condition: uint16(0)==0x5a4d and 4 of them } -import "time" import "pe" +import "time" rule DITEKSHEN_INDICATOR_SUSPICIOUS_Antivm_UNK01 : FILE { @@ -234023,8 +234324,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_Antivm_UNK01 : FILE condition: uint16(0)==0x5a4d and all of them } -import "time" import "pe" +import "time" rule DITEKSHEN_INDICATOR_SUSPICIOUS_Antivm_WMIC : FILE { @@ -234051,8 +234352,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_Antivm_WMIC : FILE condition: uint16(0)==0x5a4d and 2 of them } -import "time" import "pe" +import "time" rule DITEKSHEN_INDICATOR_SUSPICIOUS_Enablesmbv1 : FILE { @@ -234077,8 +234378,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_Enablesmbv1 : FILE condition: uint16(0)==0x5a4d and 1 of them } -import "time" import "pe" +import "time" rule DITEKSHEN_INDICATOR_SUSPICIOUS_Enablenetworkdiscovery : FILE { @@ -234104,8 +234405,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_Enablenetworkdiscovery : FILE condition: uint16(0)==0x5a4d and all of them } -import "time" import "pe" +import "time" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_References_Authapps : FILE { @@ -234131,8 +234432,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_References_Authapps : FILE condition: uint16(0)==0x5a4d and all of them } -import "time" import "pe" +import "time" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Undocumented_Winapi_Kerberos : FILE { @@ -234159,8 +234460,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Undocumented_Winapi_Kerberos : FILE condition: uint16(0)==0x5a4d and all of ($kdc*) } -import "time" import "pe" +import "time" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_NKN_BCP2P : FILE { @@ -234193,8 +234494,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_NKN_BCP2P : FILE condition: uint16(0)==0x5a4d and (1 of ($x*) or all of ($s*)) } -import "time" import "pe" +import "time" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_References_Passwordmanagers : FILE { @@ -234222,8 +234523,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_References_Passwordmanagers : FILE condition: uint16(0)==0x5a4d and 3 of them } -import "time" import "pe" +import "time" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Wirelessnetreccon : FILE { @@ -234250,8 +234551,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Wirelessnetreccon : FILE condition: uint16(0)==0x5a4d and all of them } -import "time" import "pe" +import "time" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_References_Gitconfdata : FILE { @@ -234280,8 +234581,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_References_Gitconfdata : FILE condition: uint16(0)==0x5a4d and 4 of them } -import "time" import "pe" +import "time" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Reversed : FILE { @@ -234306,8 +234607,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Reversed : FILE condition: uint16( filesize -0x2)==0x4d5a and $s1 } -import "time" import "pe" +import "time" rule DITEKSHEN_INDICATOR_SUSPICOUS_EXE_UNC_Regex : FILE { @@ -234353,8 +234654,8 @@ rule DITEKSHEN_INDICATOR_SUSPICOUS_EXE_UNC_Regex : FILE condition: uint16(0)==0x5a4d and 6 of them } -import "time" import "pe" +import "time" rule DITEKSHEN_INDICATOR_SUSPICIOUS_Deleterecentitems : FILE { @@ -234382,8 +234683,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_Deleterecentitems : FILE condition: uint16(0)==0x5a4d and 2 of them } -import "time" import "pe" +import "time" rule DITEKSHEN_INDICATOR_SUSPICIOUS_Deletewindefenderquarantinefiles : FILE { @@ -234414,8 +234715,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_Deletewindefenderquarantinefiles : FILE condition: uint16(0)==0x5a4d and (2 of ($s*) or (1 of ($r*) and 2 of ($p*))) } -import "time" import "pe" +import "time" rule DITEKSHEN_INDICATOR_SUSPICIOUS_Deleteshimcache : FILE { @@ -234443,8 +234744,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_Deleteshimcache : FILE condition: uint16(0)==0x5a4d and (1 of ($s*) or all of ($m*)) } -import "time" import "pe" +import "time" rule DITEKSHEN_INDICATOR_SUSPICIOUS_Shredfilesteps : FILE { @@ -234474,8 +234775,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_Shredfilesteps : FILE condition: uint16(0)==0x5a4d and all of them } -import "time" import "pe" +import "time" rule DITEKSHEN_INDICATOR_SUSPICIOUS_PWS_Capturescreenshot { @@ -234504,8 +234805,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_PWS_Capturescreenshot condition: $encoder and (1 of ($capture*) and ($access or $save)) } -import "time" import "pe" +import "time" rule DITEKSHEN_INDICATOR_SUSPICIOUS_PWS_Capturebrowserplugins { @@ -234535,8 +234836,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_PWS_Capturebrowserplugins condition: 2 of ($s*) and 2 of ($o*) } -import "time" import "pe" +import "time" rule DITEKSHEN_INDICATOR_SUSPICIOUS_IMG_Embedded_B64_EXE : FILE { @@ -234570,8 +234871,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_IMG_Embedded_B64_EXE : FILE condition: ( uint32(0)==0xd8ff or uint32(0)==0x474e5089 or uint16(0)==0x4d42) and ((2 of ($m*)) or (1 of ($h*))) } -import "time" import "pe" +import "time" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Transfersh_URL : FILE { @@ -234596,8 +234897,8 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_Transfersh_URL : FILE condition: uint16(0)==0x5a4d and 1 of them } -import "time" import "pe" +import "time" rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_References_Publicserviceinterface : FILE { @@ -254059,7 +254360,7 @@ rule DITEKSHEN_INDICATOR_RTF_Remotetemplate : CVE_2017_11882 FILE * YARA Rule Set * Repository Name: WithSecureLabs * Repository: https://github.com/WithSecureLabs/iocs - * Retrieval Date: 2024-06-30 + * Retrieval Date: 2024-07-07 * Git Commit: 29adc4b6c2c2850f0f385aec77ab6fc0d7a8f20c * Number of Rules: 5 * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance) @@ -254314,7 +254615,7 @@ rule WITHSECURELABS_SILKLOADER * YARA Rule Set * Repository Name: HarfangLab * Repository: https://github.com/HarfangLab/iocs - * Retrieval Date: 2024-06-30 + * Retrieval Date: 2024-07-07 * Git Commit: 911b0f27d123986b25ad00cc0e7d94a52435cb15 * Number of Rules: 14 * Skipped: 0 (age), 1 (quality), 0 (score), 0 (importance) @@ -254767,7 +255068,7 @@ rule HARFANGLAB_Donut_Shellcode : FILE * YARA Rule Set * Repository Name: Signature Base * Repository: https://github.com/Neo23x0/signature-base - * Retrieval Date: 2024-06-30 + * Retrieval Date: 2024-07-07 * Git Commit: 6b8e2a00e5aafcfcfc767f3f53ae986cf81f968a * Number of Rules: 4550 * Skipped: 0 (age), 11 (quality), 4 (score), 0 (importance) @@ -334026,7 +334327,7 @@ rule SIGNATURE_BASE_WEBSHELL_ASP_Nano : FILE hash = "28cfcfe28419a399c606bf96505bc68d6fe05624dba18306993f9fe0d398fbe1" logic_hash = "1b969e098a0b2c86ceba9cbb7f31770ba04f1a4c225716ea27d7e4e4177c90c4" score = 75 - quality = -417 + quality = -367 tags = "FILE" license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE" importance = 70 @@ -371663,7 +371964,7 @@ rule SIGNATURE_BASE_TA17_293A_Energetic_Bear_Api_Hashing_Tool : FILE description = "Energetic Bear API Hashing Tool" author = "CERT RE Team" id = "4e58800a-9618-5d8b-954c-e843be6002c2" - date = "2024-02-29" + date = "2024-02-07" modified = "2023-12-05" reference = "https://github.com/Neo23x0/signature-base" source_url = "https://github.com/Neo23x0/signature-base/blob/6b8e2a00e5aafcfcfc767f3f53ae986cf81f968a/yara/apt_ta17_293A.yar#L77-L93"